My HP z240 workstation occassionaly refuses to boot at all if I yank out the
power cable while in TXT mode.
Solution: leave power disconnected for >5 minutes, then reset BIOS (yes,
really).
I had similiar issues with Lenovo system.
I don’t think OEMs test anything...
Jan
> On 26 Feb 2018, at 22:52, Rich Persaud <pers...@gmail.com> wrote:
>
> On TXT-enabled vPro client devices (e.g. Dell 7040) that have been tested
> with OpenXT, Xen and OpenEmbedded measured launch [1], if you use the
> hardware power switch to perform a non-graceful shutdown of an operating
> system that was booted with TXT, the following will occur:
>
> (a) User presses hardware power button to turn on the device.
> (b) Device powers on for a few seconds, then powers back off (TXT reset).
> (c) User presses hardware power button to turn on the device.
> (d) Device powers on normally, OS successfully completes measured launch.
>
> Your issue sounds like a device-specific OEM BIOS defect, have you tried
> contacting the OEM? Does it happen on servers from a different OEM? Which CPU
> generation?
>
> If there is interest in collaborating on OE/Yocto layers for TXT, TPM,
> SecureBoot, we can arrange a conference call or ELC BoF.
>
> Rich
>
> [1]
> https://openxt.atlassian.net/wiki/spaces/DC/pages/81035265/Measured+Launch+SRTM+and+DRTM
>
> <https://openxt.atlassian.net/wiki/spaces/DC/pages/81035265/Measured+Launch+SRTM+and+DRTM>
>
>
> On Feb 22, 2018, at 15:54, Nasim, Kam <kam.na...@windriver.com
> <mailto:kam.na...@windriver.com>> wrote:
>
>> Hi folks,
>>
>> We’ve been trying to integrate Tboot in our Boot sequence and have it
>> working fine for the most part. We specify a default ANY Launch Control
>> Policy (LCP) as main intention is to capture boot measurements in TPM PCRs
>> and not really enforce a boot halt action.
>>
>> I noticed that when I power cycle the node or any other kind of non-graceful
>> restart, it stops at the Boot menu with the following Error:
>>
>> Message
>> An issue is observed in the previous invocation of TXT SINIT Authenticated
>> Code Module (ACM) because the TXT information stored in the TPM chip may be
>> corrupted.
>> Detailed Description
>> An issue in observed in the previous invocation of TXT SINIT Authenticated
>> Code Module (ACM) because the TXT information stored in the TPM chip may be
>> corrupted.
>> <>Recommended Response Action
>> Do one of the following: 1) Update the BIOS firmware. 2) Go to System Setup
>> > System Security page, click the "Clear" option under TPM command. Restart
>> the system, go to System Setup > System Security page, click the "Activate"
>> option under TPM command, and then enable TXT.
>>
>>
>> I am able to continue past this but was wondering if there is any way to
>> disable this. We don’t want to be manually doing this for all of our servers
>> after a Power Cycle event.
>>
>> Have others seen this? Is this a form of corruption in the ACM? How do I
>> flush that state on a power cycle?
>>
>>
>> Thanks,
>> Kam
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org <http://slashdot.org/>!
>> http://sdm.link/slashdot
>> <http://sdm.link/slashdot>_______________________________________________
>> tboot-devel mailing list
>> tboot-devel@lists.sourceforge.net <mailto:tboot-devel@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>> <https://lists.sourceforge.net/lists/listinfo/tboot-devel>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org <http://slashdot.org/>!
> http://sdm.link/slashdot_______________________________________________
> <http://sdm.link/slashdot_______________________________________________>
> tboot-devel mailing list
> tboot-devel@lists.sourceforge.net <mailto:tboot-devel@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/tboot-devel
> <https://lists.sourceforge.net/lists/listinfo/tboot-devel>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
