Thank you folks for your responses.
Yes it appears to be an issue with the specific version of Firmware and BIOS on
our Dell PowerEdge R430s. We did a similar test on an HP 800G3 and it was fine.
Will reach out to OEM if they have specific updates to address these. If
anybody is aware of a specific BIOS update from Dell that addresses this then I
could get that a try
Regards,
Kam
From: Rich Persaud [mailto:pers...@gmail.com]
Sent: Monday, February 26, 2018 5:22 PM
To: Jan Schermer
Cc: Nasim, Kam; Ashfield, Bruce; tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] TXT SINIT ACM failure on power-cycling node
These are very likely to be OEM BIOS bugs - if you escalate to your server OEM,
they can create fixes. We started testing TXT on enterprise clients almost 10
years ago. It took a while for OEMs (Dell, Lenovo, HP) to roll out TXT fixes,
but they all did eventually. Server and workstation TXT may need a similar
test-fix-test cycle.
OEMs sometimes don't have an easy way to repro TXT issues, which is why the
industry needs an open-source test suite for SRTM and DRTM. Now that Windows
10 is adding DRTM features, OEM testing of TXT will hopefully improve. Each
separate customer report will help TXT fixes to be prioritized, especially when
the issue is easy to repro.
Rich
On Feb 26, 2018, at 16:59, Jan Schermer
<j...@schermer.cz<mailto:j...@schermer.cz>> wrote:
My HP z240 workstation occassionaly refuses to boot at all if I yank out the
power cable while in TXT mode.
Solution: leave power disconnected for >5 minutes, then reset BIOS (yes,
really).
I had similiar issues with Lenovo system.
I don’t think OEMs test anything...
Jan
On 26 Feb 2018, at 22:52, Rich Persaud
<pers...@gmail.com<mailto:pers...@gmail.com>> wrote:
On TXT-enabled vPro client devices (e.g. Dell 7040) that have been tested with
OpenXT, Xen and OpenEmbedded measured launch [1], if you use the hardware power
switch to perform a non-graceful shutdown of an operating system that was
booted with TXT, the following will occur:
(a) User presses hardware power button to turn on the device.
(b) Device powers on for a few seconds, then powers back off (TXT reset).
(c) User presses hardware power button to turn on the device.
(d) Device powers on normally, OS successfully completes measured launch.
Your issue sounds like a device-specific OEM BIOS defect, have you tried
contacting the OEM? Does it happen on servers from a different OEM? Which CPU
generation?
If there is interest in collaborating on OE/Yocto layers for TXT, TPM,
SecureBoot, we can arrange a conference call or ELC BoF.
Rich
[1]
https://openxt.atlassian.net/wiki/spaces/DC/pages/81035265/Measured+Launch+SRTM+and+DRTM
On Feb 22, 2018, at 15:54, Nasim, Kam
<kam.na...@windriver.com<mailto:kam.na...@windriver.com>> wrote:
Hi folks,
We’ve been trying to integrate Tboot in our Boot sequence and have it working
fine for the most part. We specify a default ANY Launch Control Policy (LCP) as
main intention is to capture boot measurements in TPM PCRs and not really
enforce a boot halt action.
I noticed that when I power cycle the node or any other kind of non-graceful
restart, it stops at the Boot menu with the following Error:
Message
An issue is observed in the previous invocation of TXT SINIT Authenticated Code
Module (ACM) because the TXT information stored in the TPM chip may be
corrupted.
Detailed Description
An issue in observed in the previous invocation of TXT SINIT Authenticated Code
Module (ACM) because the TXT information stored in the TPM chip may be
corrupted.
Recommended Response Action
Do one of the following: 1) Update the BIOS firmware. 2) Go to System Setup >
System Security page, click the "Clear" option under TPM command. Restart the
system, go to System Setup > System Security page, click the "Activate" option
under TPM command, and then enable TXT.
I am able to continue past this but was wondering if there is any way to
disable this. We don’t want to be manually doing this for all of our servers
after a Power Cycle event.
Have others seen this? Is this a form of corruption in the ACM? How do I flush
that state on a power cycle?
Thanks,
Kam
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>!
http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net<mailto:tboot-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/tboot-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>!
http://sdm.link/slashdot_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net<mailto:tboot-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/tboot-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
