On Wed, 2020-04-08 at 18:34 +0300, Timo Lindfors wrote: > On Wed, 8 Apr 2020, Lukasz Hawrylko wrote: > > TBOOT has an algorithm that checks if SINIT matches platform. I can't > > tell you right now what is wrong here, I need some logs. Please run it > > once again, than after reboot, can you launch Linux without TBOOT and > > run 'txt-stat' tool that is in TBOOT's repo in 'utils' folder? What I > > need is a value of ERRORCODE field. > > > > If you can connect serial port and dump serial logs too that will be > > awesome. Dell's docking station has RS232 connector and TBOOT's logs are > > printed there (tested on my laptop). > > $ txt-stat > Intel(r) TXT Configuration Registers: > STS: 0x00000012 > senter_done: FALSE > sexit_done: TRUE > mem_config_lock: FALSE > private_open: FALSE > locality_1_open: FALSE > locality_2_open: FALSE > ESTS: 0x00 > txt_reset: FALSE > E2STS: 0x0000000000000008 > secrets: FALSE > ERRORCODE: 0xc0003c11 > DIDVID: 0x00000001b0068086 > vendor_id: 0x8086 > device_id: 0xb006 > revision_id: 0x1 > FSBIF: 0xffffffffffffffff > QPIIF: 0x000000009d003000 > SINIT.BASE: 0xaced0000 > SINIT.SIZE: 327680B (0x50000) > HEAP.BASE: 0xacf20000 > HEAP.SIZE: 917504B (0xe0000) > DPR: 0x00000000ad000041 > lock: TRUE > top: 0xad000000 > size: 4MB (4194304B) > PUBLIC.KEY: > 2d [REDACTED] > 77 [REDACTED] > *********************************************************** > TXT measured launch: FALSE > secrets flag set: FALSE > *********************************************************** > unable to find TBOOT log >
I had a discussion with people responsible for SINITs for that platform and here is how the situation looks like: * 6th_gen_i5_i7_SINIT_71 is a SkyLake SINIT that was released together with SKL platforms * 6th_7th_gen_i5_i7-SINIT_74 is a KabyLake SINIT that is newer and is backward compatible with SKL platforms As KBL SINIT works with both SKL and KBL platforms, the old one, compatible only with SKL, is not longer supported and may not work with newer versions of SKL bioses. Recommendation is to use the KBL SINIT for both KBL and SKL systems. To avoid possible confusion in the future, old, not longer supported SINIT, will be removed from download site. After that, there will be only one binary available - 6th_7th_gen_i5_i7-SINIT_74 (that works with both SKL and KBL platforms). Please do not use 6th_gen_i5_i7_SINIT_71. Thank you for finding that issue. Lukasz _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
