On Thu, 2020-04-02 at 17:25 +0300, Timo Lindfors wrote: > Hi, > > On Thu, 2 Apr 2020, Lukasz Hawrylko wrote: > > There is a bug in TBOOT that may results in overlapping loaded SINITs by > > TBOOT's logs. That problem occurs when you load multiple SINITs in GRUB > > and in most cases the last one will be corrupted. That's why, when TBOOT > > executes GETSEC[SENTER] CPU fails on SINIT integrity check and resets > > platform. > > > > The workaround for that issue is to have only one SINIT in grub.cfg, so > > in your scenario you should remove all SINITs except 6th_gen from /boot > > and recreate grub.cfg > > Is the bug report perhaps available somewhere? I'd very much like to fix this > as it > is causing many support issues since for example > https://fedoraproject.org/wiki/Tboot > > suggests > > "You may download all of the ACM modules into /boot and list them all as > modules in your grub.conf. tboot will pick the right module for your > platform. " > > I can't change that wiki page as edits are currently not allowed even if I > create an account. > > -Timo >
Hi Timo Unfortunately, this bug is not reported anywhere. In real life scenarios I don't see any benefits of loading multiple SINITs. In most cases you have one SINIT that is dedicated to the platform. I am not sure if that issue can be fixed without moving TBOOT log memory pool somewhere else and that change will brake other tools. It will be better to change documentation that only one SINIT can be loaded. I will check who is the owner of TBOOT page in Fedora's wiki. Thanks, Lukasz _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
