Re: [tboot-devel] TXT SINIT ACM failure on power-cycling node

Fri, 23 Feb 2018 10:04:20 -0800 

If those messages were from the platform itself, it is better to follow the 
instructions to restart the system, as the BIOS detected something wrong with 
the platform to do a TXT boot.

No modifications are needed from TXT SINIT, TPM, tboot for this situation.

This issue is vendor specific, just try to avoid non-graceful powercycle.

Hope this helps...

-Ning

From: Nasim, Kam [mailto:kam.na...@windriver.com]
Sent: Thursday, February 22, 2018 12:54 PM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] TXT SINIT ACM failure on power-cycling node

Hi folks,

We've been trying to integrate Tboot in our Boot sequence and have it working 
fine for the most part. We specify a default ANY Launch Control Policy (LCP) as 
main intention is to capture boot measurements in TPM PCRs and not really 
enforce a boot halt action.

I noticed that when I power cycle the node or any other kind of non-graceful 
restart, it stops at the Boot menu with the following Error:

Message
An issue is observed in the previous invocation of TXT SINIT Authenticated Code 
Module (ACM) because the TXT information stored in the TPM chip may be 
corrupted.
Detailed Description
An issue in observed in the previous invocation of TXT SINIT Authenticated Code 
Module (ACM) because the TXT information stored in the TPM chip may be 
corrupted.
Recommended Response Action
Do one of the following: 1) Update the BIOS firmware. 2) Go to System Setup > 
System Security page, click the "Clear" option under TPM command. Restart the 
system, go to System Setup > System Security page, click the "Activate" option 
under TPM command, and then enable TXT.


I am able to continue past this but was wondering if there is any way to 
disable this. We don't want to be manually doing this for all of our servers 
after a Power Cycle event.

Have others seen this? Is this a form of corruption in the ACM? How do I flush 
that state on a power cycle?


Thanks,
Kam

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to