On TXT-enabled vPro client devices (e.g. Dell 7040) that have been tested with
OpenXT, Xen and OpenEmbedded measured launch [1], if you use the hardware power
switch to perform a non-graceful shutdown of an operating system that was
booted with TXT, the following will occur:
(a) User presses hardware power button to turn on the device.
(b) Device powers on for a few seconds, then powers back off (TXT reset).
(c) User presses hardware power button to turn on the device.
(d) Device powers on normally, OS successfully completes measured launch.
Your issue sounds like a device-specific OEM BIOS defect, have you tried
contacting the OEM? Does it happen on servers from a different OEM? Which CPU
generation?
If there is interest in collaborating on OE/Yocto layers for TXT, TPM,
SecureBoot, we can arrange a conference call or ELC BoF.
Rich
[1]
https://openxt.atlassian.net/wiki/spaces/DC/pages/81035265/Measured+Launch+SRTM+and+DRTM
> On Feb 22, 2018, at 15:54, Nasim, Kam <kam.na...@windriver.com> wrote:
>
> Hi folks,
>
> We’ve been trying to integrate Tboot in our Boot sequence and have it working
> fine for the most part. We specify a default ANY Launch Control Policy (LCP)
> as main intention is to capture boot measurements in TPM PCRs and not really
> enforce a boot halt action.
>
> I noticed that when I power cycle the node or any other kind of non-graceful
> restart, it stops at the Boot menu with the following Error:
>
> Message
> An issue is observed in the previous invocation of TXT SINIT Authenticated
> Code Module (ACM) because the TXT information stored in the TPM chip may be
> corrupted.
> Detailed Description
> An issue in observed in the previous invocation of TXT SINIT Authenticated
> Code Module (ACM) because the TXT information stored in the TPM chip may be
> corrupted.
> Recommended Response Action
> Do one of the following: 1) Update the BIOS firmware. 2) Go to System Setup >
> System Security page, click the "Clear" option under TPM command. Restart the
> system, go to System Setup > System Security page, click the "Activate"
> option under TPM command, and then enable TXT.
>
>
> I am able to continue past this but was wondering if there is any way to
> disable this. We don’t want to be manually doing this for all of our servers
> after a Power Cycle event.
>
> Have others seen this? Is this a form of corruption in the ACM? How do I
> flush that state on a power cycle?
>
>
> Thanks,
> Kam
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> tboot-devel mailing list
> tboot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tboot-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
