Hello Nick The TPM Event Log is usually in /sys/kernel/security/tpm0/binary_boot_measurements (at least in Fedora distros) That log is in binary format, following the TCG specification for log events. It can be read in human friendly format with a parser: 1. iml2text https://www.mankier.com/8/iml2text 2. binary_bios_measurement_parser https://github.com/ValdikSS/binary_bios_measurements_parser Both parsers are not 100% complete, but they show very useful information. ---------------------------------------------------------------------- Message: 1 Date: Mon, 15 Jul 2019 15:04:46 -0500 From: Nick Meyer <nimeyer(a)verizonmedia.com&gt; To: tpm2(a)lists.01.org Subject: [tpm2] Read event log in booted Linux Message-ID: <CAO6U=OZu5skEEnBVX2OWA6ue=355jx2Xe8851-SSQxpgySBTGg(a)mail.gmail.com&gt; Content-Type: text/plain; charset="utf-8" Hello all, Is there a way to read the TCG event log in the booted OS on an EFI Linux system? I am trying to confirm some behavior I am seeing between different vendors' implementations and how they are handling ExitBootServices(). Thanks, Nick Meyer Verizon Media