PCR 7 in TPM 2.0 has always the same value
First of all, I must say that I'm using a VM with an emulated TPM 2.0.
I've created an LUKS2 encrypted partition and configured the TPM 2.0 to unseal the key only if the PCR 7 has a certain value.
For what I've understood so far in the PCR 7 are stored the secure boot policy, so while secure boot is active the sha1=F7... but when is turned if is like sha1=DF...
The problem is that from my first measurement I've switched secure boot on and off a couple of times but the hash is always the same when it is on, sha1=F7....
This is in contrast with what written in "A Practical Guide to TPM 2.0":
PCR new value = Digest of (PCR old value || data to extend)
Is the PCR 7 an outlier about this formula? Or is the fact that I'm using a VM with an emulated TPM 2.0?
