On Tue, 2020-03-31 at 23:27 +0300, Timo Lindfors wrote: > Hi, > > if I have the following ACM modules in /boot > > 018c4c0bc64cad7c939061e111937849f61af395c9981a03ac4a10083058aa5d > 4th_gen_i5_i7_SINIT_75.BIN > 0848adfea4c9479b1cd096aeda1d4a3afe309dd45ca43a1e8d8b3cf972c9c14f > 6th_7th_gen_i5_i7-SINIT_79.bin > 193fc2b763bae1b1eebaf15452b395fd5153043190eb61dd86e246914ee7d80e > 6th_gen_i5_i7_SINIT_71.BIN > > update-grub generates a configuration file like > > echo 'Loading tboot 1.9.7 ...' > multiboot2 /tboot.gz logging=serial,memory > echo 'Loading Linux... > module2 /vmlinuz... > echo 'Loading initial ramdisk ...' > module2 /initrd.img... > echo 'Loading sinit 4th_gen_i5_i7_SINIT_75.BIN ...' > module2 /4th_gen_i5_i7_SINIT_75.BIN > echo 'Loading sinit 6th_7th_gen_i5_i7-SINIT_79.bin ...' > module2 /6th_7th_gen_i5_i7-SINIT_79.bin > echo 'Loading sinit 6th_gen_i5_i7_SINIT_71.BIN ...' > module2 /6th_gen_i5_i7_SINIT_71.BIN > > Unfortunately if modules are ordered like this the machine will just > reboot after a while. > > The machine boots correctly if I order "6th_gen" to be before > "6th_7th_gen" in the above list. > > I'm not quite sure which part should be fixed here: > > 1) Is this a bug in the file 6th_7th_gen? If yes, should it be somehow > blacklisted and/or documented so that users would avoid it? > > 2) Is this a bug in tboot's logic that tries to pick a matching module? I > could not see anything wrong in the code. > > 3) Should we fix this in the shell script that generates the configuration > file so that it orders the files "correctly"? >
Hi Timo There is a bug in TBOOT that may results in overlapping loaded SINITs by TBOOT's logs. That problem occurs when you load multiple SINITs in GRUB and in most cases the last one will be corrupted. That's why, when TBOOT executes GETSEC[SENTER] CPU fails on SINIT integrity check and resets platform. The workaround for that issue is to have only one SINIT in grub.cfg, so in your scenario you should remove all SINITs except 6th_gen from /boot and recreate grub.cfg Thanks, Lukasz _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
