15.1.49 tpm_fail_fatal

If this variable is set and true (i.e., not set to “0”, “false”, “disable”, or “no”), TPM measurements that fail will be treated as fatal. Otherwise, they will merely be debug-logged and boot will continue.

Call to EFI firmware, like hash_log_extend_event(), can return an unknown error, i.e. due to bug present in firmware. When this variable is set and true (same values as with TPM measurements) this situation will be considered to be fatal and error-logged as “unknown TPM error”. If not set, booting the OS will be enabled.