TPM PCR checking will fail if the all characters are 0

The result is passed after install the latest fwupd

$sudo snap install fwupd --edge --classic
...
└─System Firmware:
  │ Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1
  │ Current version: 1543569408
  │ Minimum Version: 1
  │ Vendor: HP (DMI:HP)
  │ GUIDs: 116180f2-105d-4ab2-809e-7fabed71217b
  │ 230c8b18-8d9b-53ec-838b-6cfc0383493a ← main-system-firmware
  │ d4b3b8bf-ba40-574c-8e55-e7dcb89aff07 ← UEFI\RES_{116180F2-105D-4AB2-809E-7FABED71217B}
  │ Device Flags: • Internal device
  │ • Updatable
  │ • System requires external power source
  │ • Needs a reboot after installation
  │ • Cryptographic hash verification is available
  │ • Device is usable for the duration of the update

There are bugs in the fwupd for reconstruct the PCR value on some platforms.
https://github.com/fwupd/fwupd/pull/2394

From the comment#1, tested pass with the new fwupd version.

#2 has linked the correct commit for 1.5.x version, which is already present in Hirsute.
1.4.x and 1.3.x don't have tagged releases with the commit but the commit is present on the stable trees for those releases:

For 1_4_X (groovy):
https://github.com/fwupd/fwupd/commit/a3d85438b70dfb60d410f83d6beab2ed377e924c

For 1_3_x (focal):
https://github.com/fwupd/fwupd/commit/0d091efff1b421929e245aa4e8fcee2387689fe6

for today,

github tag:
 1.4.6 / 1.5.7

ubuntu
 groovy: 1.4.5-1
 hirsute: 1.5.7-2

AI: check if 1.4.5-1 is updated enough or not.
AI: per check git source of 1.4.5, it does not have that patch. It's likely we need to upgrade to 1.4.6. Given so, a debdiff to bring up to 1.4.6 will be needed.
AI: check other requirements and decide if 1.4.6 is enough.

Hello jeremyszu, or anyone else affected,

Accepted fwupd into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.4.7-0~20.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello jeremyszu, or anyone else affected,

Accepted fwupd-signed into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd-signed/1.30.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

[Device]
HP EliteOne 800 G6 27
[BIOS version]
S11 Ver. 02.04.01
[Package version]
fwupd-signed 1.30.1

result:
System Firmware:
│ Device ID: 90990a533de3259eb645e61a64ad25068f6f3c48
│ Current version: 33816832
│ Minimum Version: 1
│ Vendor: HP (DMI:HP)
│ GUID: 510876c2-f1e5-4d9c-8c81-3e002f1b4792
│ Device Flags: • Internal device
│ • Updatable
│ • Requires AC power
│ • Needs a reboot after installation
│ • Cryptographic hash verification is available
│ • Device is usable for the duration of the update

This bug was fixed in the package fwupd - 1.4.7-0~20.10.1

---------------
fwupd (1.4.7-0~20.10.1) groovy; urgency=medium

  * new upstream version (1.4.7)
  * Bug fixes:
    - Check returned volumes before accessing them
    - Correct a Thunderbolt assertion if kernel failed FW read
    - Do not dedupe NVMe devices
    - Do not match all HIDRAW\VEN_06CB devices
    - Don't allow device updates while needing activation
    - Fix adding multiple flags to devices
    - Fix critical warning regression with 'fwupdate -a'
    - Fix probe warning for the Logitech Unifying device
    - Fix the quirk key name for the Lenovo HDMI with power
    - Make TPM more optional
    - Make udisks2 errors more apparent
    - Only set the version format for ESRT entries
    - Remove the Hughski public key
    - Restore recognizing gpg and pkcs7 types still
    - Wait a few ms for the Logitech hardware to settle after detach
  * New features
    - Add support for SBAT. (LP: #1921539)
    - Adds support for Synaptics fingerprinter reader (LP:# 1900935)
  * Fixes TPM PCR0 reading failures if all characters are 0.
    (LP: #1909734)
  * Fixes Synaptics RMI probe causing touchscreen failures
    (LP: #1886912)
  * Backport a patch from upstream 1_4_X branch to fix SBAT character.
  * Backport a patch from upstream 1_4_X branch to fix vendor-id requirement
    error on Dell WD19 (LP: #1921544)

 -- Mario Limonciello <email address hidden> Fri, 26 Mar 2021 13:45:02 -0500

This bug was fixed in the package fwupd-signed - 1.30.1

---------------
fwupd-signed (1.30.1) groovy; urgency=medium

  * Build depend on fwupd 1.4.7-0~20.10.1
    - LP: #1921544
    - LP: #1921539
    - LP: #1909734
    - LP: #1886912
    - LP: #1900935

 -- Mario Limonciello <email address hidden> Fri, 26 Mar 2021 14:04:01 -0500

The verification of the Stable Release Update for fwupd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Now we have fwupd 1.5.11 in the focal-proposed channel, Please kindly test it and update the result here, thank you.

Test on HP machine with fwupd 1.5.11.
Verified pass on focal.

[result]
System Firmware:
│ │ Device ID: 1517a2173378bb70b45d775b788e754b79627b2f
│ │ Current version: 16847872
│ │ Minimum Version: 1
│ │ Vendor: HP (DMI:HP)
│ │ GUIDs: 563e71f8-8344-418c-a722-9b55c56997e5
│ │ 230c8b18-8d9b-53ec-838b-6cfc0383493a
│ │ c3b7206a-ea08-5da4-83c3-5f6405a801ee
│ │ Device Flags: • Internal device
│ │ • Updatable
│ │ • System requires external power source
│ │ • Needs a reboot after installation
│ │ • Cryptographic hash verification is available
│ │ • Device is usable for the duration of the update

focal/fwupd 1.5.11 landed