Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AEM boot option causes hard reboot/partial shutdown #2155

Open
andrewdavidwong opened this issue Jul 5, 2016 · 43 comments
Open

AEM boot option causes hard reboot/partial shutdown #2155

andrewdavidwong opened this issue Jul 5, 2016 · 43 comments

Comments

@andrewdavidwong
Copy link
Member

@andrewdavidwong andrewdavidwong commented Jul 5, 2016

Qubes OS version (e.g., R3.1):

R3.1, R3.2-rc1

Full discussion thread

Brief Problem Description:

Everything goes smoothly with the AEM installation up to step 5 (reboot and select the "AEM Qubes" GRUB option). I select that option (or allow it to be auto-selected, or select the one in the "advanced" submenu). It gets about 4 lines in (up to "loading initial ramdisk"), then the laptop appears to do a hard reboot/partial shutdown. Instead of a normal reboot with the BIOS and normal boot process, the screen is blank, but the system retains power. (Power button is lit and keyboard backlight brightness can be changed.)

More precisely, here are the physical symptoms, in order:

  1. Screen goes blank.
  2. Screen and keyboard backlight both flash briefly, then go blank again.
  3. Faint "pop" sound (sounds power-related).
  4. Fan dies down.
  5. Screen and keyboard backlight are dark, but Fn (function) key and power button LED are lit.
  6. Pressing keyboard backlight combination (Fn + space) toggles backlight brightness. All other keys/combinations are unresponsive.
  7. Briefly holding down power button completely shuts down the laptop (~1 second; much faster than usual).
@tasket
Copy link

@tasket tasket commented Jul 13, 2016

For the record, I've tried various kernels including 4.1 and 4.2 copied from R3.1. Those copied kernels can boot past the AEM target and there is no reset. This suggests that a kernel 4.2 released for R3.2 could be a solution to the problem.
Kernel 4.4.14-10 from the testing repo in combination with tboot still causes system resets.

@marmarek marmarek added this to the Release 3.2 milestone Jul 13, 2016
@tasket
Copy link

@tasket tasket commented Jul 13, 2016

Per my thread post:
I am able to get 4.4.* to boot now! The trick was to add min_ram=0x2000000 to the tboot options.

But now I cannot get AEM to seal the secret. Nothing at all about AEM is displayed during startup, even though rd.antievilmaid is on the kernel options line.

@andrewdavidwong Can you try the min_ram option? You only need to add min_ram=0x2000000 to the multiboot tboot line in grub.

@rustybird
Copy link

@rustybird rustybird commented Jul 13, 2016

But now I cannot get AEM to seal the secret. Nothing at all about AEM is displayed during startup, even though rd.antievilmaid is on the kernel options line.

I think this might be fixed by QubesOS/qubes-core-admin-linux@fe6846d (which hasn't been released in a new package version yet)

@rustybird
Copy link

@rustybird rustybird commented Jul 13, 2016

@ttasket:

Sorry, forgot to say: You could try sudo systemctl enable anti-evil-maid-seal in dom0.

@tasket
Copy link

@tasket tasket commented Jul 14, 2016

@rustybird Thanks, but that service is already enabled. Status shows it ran with failure code:

$ sudo systemctl status anti-evil-maid-unseal
● anti-evil-maid-unseal.service - Anti Evil Maid unsealing
   Loaded: loaded (/usr/lib/systemd/system/anti-evil-maid-unseal.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2016-07-13 20:55:54 EDT; 33min ago
 Main PID: 455 (code=exited, status=1/FAILURE)

Jul 13 20:55:53 dom0 systemd[1]: Starting Anti Evil Maid unsealing...
Jul 13 20:55:53 dom0 anti-evil-maid-unseal[455]: anti-evil-maid-unseal: Mounting the aem device...
Jul 13 20:55:53 dom0 anti-evil-maid-unseal[455]: anti-evil-maid-unseal: Initializing TPM...
Jul 13 20:55:53 dom0 anti-evil-maid-unseal[455]: tcsd_changer_identify: identifying TPM
Jul 13 20:55:54 dom0 anti-evil-maid-unseal[455]: install: invalid user 'tss'
Jul 13 20:55:54 dom0 systemd[1]: anti-evil-maid-unseal.service: Main process exited, code=exited, status=1/FAILURE
Jul 13 20:55:54 dom0 systemd[1]: Failed to start Anti Evil Maid unsealing.
Jul 13 20:55:54 dom0 systemd[1]: anti-evil-maid-unseal.service: Unit entered failed state.
Jul 13 20:55:54 dom0 systemd[1]: anti-evil-maid-unseal.service: Failed with result 'exit-code'.
@marmarek
Copy link
Member

@marmarek marmarek commented Jul 14, 2016

This is already fixed by HW42. Just building&uploading fixed package (v3.0.3).

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

@tasket
Copy link

@tasket tasket commented Jul 14, 2016

AEM now works again on my system. The keys were to update to anti-evil-maid 3.0.3 from the testing repo so it would seal, and adding the min_ram parameter to tboot so the system doesn't crash/restart with 4.4 kernels.

@marmarek
Copy link
Member

@marmarek marmarek commented Jul 15, 2016

I wonder whether min_ram should be added by default. Does it have any negative side effects?

@tasket
Copy link

@tasket tasket commented Jul 15, 2016

That would be a good question for upstream. I've CC'd gang.wei@intel.com with no response so far; I'd like to post it to the tboot mailing list after others ( @andrewdavidwong , Todd Lasman) try it out. ML might say its better to upgrade tboot.

I started a fresh thread in qubes-users... https://groups.google.com/d/msgid/qubes-users/25ec3d4f-17cb-32a9-01b9-8a30c0150fe4%40openmailbox.org

@ghost
Copy link

@ghost ghost commented Aug 3, 2016

that is platform specific, try different vendors platforms to see if this issue can be seen on all the platforms

@andrewdavidwong
Copy link
Member Author

@andrewdavidwong andrewdavidwong commented Aug 4, 2016

Todd confirmed that the min_ram fix worked for him. Do you still need me to test it, @ttasket?

@andrewdavidwong
Copy link
Member Author

@andrewdavidwong andrewdavidwong commented Aug 6, 2016

@ttasket: I've now tested this. Unfortunately, there is no change on my end. I tested with anti-evil-maid-3.0.4-1.fc20.x86_64 and added min_ram=0x2000000 to the tboot options as instructed. The system still fails to boot in the same way.

@tasket
Copy link

@tasket tasket commented Aug 6, 2016

@andrewdavidwong My AEM version is 3.0.4-1.fc23 not fc20. If you're still running Qubes 3.1 you may want to upgrade to 3.2 rc2; that's what I'm using.

tboot-devel thread here: https://sourceforge.net/p/tboot/mailman/tboot-devel/thread/005196f3-3afd-eca1-787b-841e3953b39f%40openmailbox.org/#msg35257679

Newer versions of tboot do work with Linux 4.4, at least Ubuntu's.

@marmarek Are there any specific guidelines for compiling and installing tboot for Qubes?

@marmarek
Copy link
Member

@marmarek marmarek commented Aug 6, 2016

@marmarek Are there any specific guidelines for compiling and installing tboot for Qubes?

Look at fedora package - especially spec file. It should just work to
bump the version there and provide it new tarball.

As you've probably seen, I'm looking for a way to get somehow verified
sources, as there are multiple red flags with those on sf.net.
Then we may include it aem repository as just another package (until
newer version land in Fedora).

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

@andrewdavidwong
Copy link
Member Author

@andrewdavidwong andrewdavidwong commented Aug 7, 2016

@ttasket: Ok, I'll try again after I install 3.2* on this laptop.

@tasket
Copy link

@tasket tasket commented Sep 2, 2016

@marmarek We got a signed copy of tboot 1.9.4 from ning.sun@intel.com (see inbox). Do you want to package it for Qubes and test, or test it first?

@chris-hacker-news
Copy link

@chris-hacker-news chris-hacker-news commented Oct 1, 2016

I had the same issue with TBOOT causing a reboot after GETSEC[SENTER]...

I am using Qubes R3.2, anti-evil-maid 3.0.4 and have a 6th gen i7 SINIT file.
I can confirm that this is an issue with an outdated TBOOT kernel.

You can manually upgrade it via Ubuntu: https://launchpad.net/ubuntu/yakkety/amd64/tboot/1.9.4-0ubuntu1

just unpack it from there and drop the "tboot.gz" and "tboot-syms" into your boot folder. Would be nice to have this by default or AT LEAST have a huge troubleshooter box over AEM which tells you to take this step manually for the time being. Searching for this issue is a freakin nightmare (and it was just one issue in a long list of avoidable problems) to be honest and in total I probably spent two full days on getting AEM to work just because the install process is so fundamentally broken and badly documented.

But in my opinion Anti Evil Maid on an SD card is pretty much necessary for running a system like Qubes OS, and some work should be done to make AEM more seamless. Qubes without AEM is terribly unsafe. This is why I think the whole process needs urgent streamlining.

So many points of failure:

  1. Forgot to encrypt the volume group instead of each volume? You're fucked, but you won't know until AEM refuses to boot two hours later.
  2. Selected EFI install? You're fucked yet again, but you won't know until AEM refuses to boot two hours later.
  3. Forgot to fetch your latest TBOOT on your own? Well go figure, because unless you have some cool Google foo it's going to be a nightmare to debug this issue where the PC goes blank without any debug output or log...
  4. Just don't get me started about the whole TPM and debugging it's refusal to let the owner own it... IMHO a TPM is a freakin schizophrenic child and your job is to cure it without a PhD degree in psychology.
@tasket
Copy link

@tasket tasket commented Oct 1, 2016

Thanks for the input @oldblob666 ...

I did look for tboot in debian and couldn't find it... assumed incorrectly that Ubuntu didn't have it either.

Of course, verifying the Ubuntu tboot package with their distro key is recommended before using it as a replacement for the fedora tboot.

But in my opinion Anti Evil Maid on an SD card is pretty much necessary for running a system like Qubes OS, and some work should be done to make AEM more seamless. Qubes without AEM is terribly unsafe. This is why I think the whole process needs urgent streamlining.

Agreed. I think what many Qubes users lose sight of is that AEM isn't just a mitigation for physical attacks. It could also warn you if a remote attack somehow got to your firmware. So, yes, the AEM type of protection or warning system should be considered necessary for security in general.

@andrewdavidwong : Numbers 1) and 2) should be made into their own issues... these are essentially bugs addressable directly by Qubes. Though, I'll add that AEM has already streamlined somewhat over the years (re-sealing is now automatic, for instance).

As for tboot version, I think the assumption so far is that AEM is an 'extra' feature and its OK to defer to Fedora's decisions about updating it. But Qubes can address that, too, by supplying updated version directly.

TPM unfortunately is idiosyncratic with insufficient documentation of the ownership flow or the significance/mechanics of physical presence. The AEM documentation might be a good place to shed light on that topic, though one would expect the computer's documentation to supply the right info.

@chris-hacker-news
Copy link

@chris-hacker-news chris-hacker-news commented Oct 1, 2016

@tasket Thanks for your answer :).

  1. AEM seems to be neither able to use SRK or no SRK. Depending on which you chose, something will fail. My solution to that was to simply use no SRK and append "-z" to the "tpm_unsealdata" line in the file "/usr/lib/dracut/modules.d/90anti-evil-maid/anti-evil-maid-unseal" and get rid of the SRK piping instead. Less than ideal I think.

  2. For "anti-evil-maid-seal", "$LABEL_SUFFIX" is set to "/run/anti-evil-maid/suffix", which does not exist. I changed it to "LABEL=$LABEL_PREFIX".

You can verify correct unseal operation by using:

tpm_unsealdata -z -i "/boot/aem/tpms/%some-long-hex-name%/aem/secret.txt.sealed"

It should print the secret you just sealed with "anti-evil-maid-seal".

THIS should also be part of the README, because rebooting over SD card is painfully slow + the normal reboot time and lack of debugging facilities... This is a nice and simple test you can perform to predict the outcome of the next reboot ^^.

@chris-hacker-news
Copy link

@chris-hacker-news chris-hacker-news commented Oct 1, 2016

FINALLY I got it to work, see my updated comment above!

I may try to fix the scripts for supporting SRK & Owner Key at some later date but right now I am really so done with all this low level boot stuff that I will probably not look at a PC for a few days and rather just tend to my pretty iPad, which just works ^^.

@tasket
Copy link

@tasket tasket commented Oct 4, 2016

@nsun1 : Using the tboot 1.9.4 that I compiled doesn't seem to help. If I remove the min_ram parameter, the system restarts much like before.

With min_ram, the system unseals the secret and boots normally-- but wake from suspend no longer works. When its suspended and I press the power button, the HD light flashes like it normally does, but the screen never powers on. The power button keeps pulsing as if the system were still asleep, but after a minute the CPU fan starts running fast.

@chris-hacker-news : Does tboot 1.9.4 allow your system to sleep and wake up?

@ghost
Copy link

@ghost ghost commented Oct 4, 2016

It looks like your machine needs min_ram parameter, so far we cannot tell if S3 was failed. One way is to collect from your serial port during S3 transition to identify this issue root cause.
Tboot 1.9.4 allows the S3 sleep and wake up, we usually test it with this command in linux “rtcwake -u -s 10 -m mem”

Do you have chance to get another vPro brand PC or laptop to run tboot on it, like HP, Dell all have this kind of machines?

-ning

From: tasket [mailto:notifications@github.com]
Sent: Tuesday, October 04, 2016 8:23 AM
To: QubesOS/qubes-issues qubes-issues@noreply.github.com
Cc: Sun, Ning ning.sun@intel.com; Mention mention@noreply.github.com
Subject: Re: [QubesOS/qubes-issues] AEM boot option causes hard reboot/partial shutdown (#2155)

@nsun1https://github.com/nsun1 : Using the tboot 1.9.4 that I compiled doesn't seem to help. If I remove the min_ram parameter, the system restarts much like before.

With min_ram, the system unseals the secret and boots normally-- but wake from suspend no longer works. When its suspended and I press the power button, the HD light flashes like it normally does, but the screen never powers on. The power button keeps pulsing as if the system were still asleep, but after a minute the CPU fan starts running fast.

@chris-hacker-newshttps://github.com/chris-hacker-news : Does tboot 1.9.4 allow your system to sleep and wake up?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/2155#issuecomment-251421235, or mute the threadhttps://github.com/notifications/unsubscribe-auth/APgji3V91zh2ijYGevzOpydC13n1D0fqks5qwm9ngaJpZM4JFmD4.

@tasket
Copy link

@tasket tasket commented Oct 5, 2016

@nsun1 : AFAIK there are no recent Thinkpad models with rs232 ports or with docks bearing them. The other computers here are AMD or otherwise don't have TXT.

I get the same behavior using the rtcwake command. Is there a log file that might be recording info during the wake attempt?

@ghost
Copy link

@ghost ghost commented Oct 5, 2016

I am using the HP EliteDesk 800 and Dell T430 server for tboot dev.
When tboot got control returned from S3, tboot log will have all the print out afterwards, attached is an example from my HP EliteDesk.

From: tasket [mailto:notifications@github.com]
Sent: Wednesday, October 05, 2016 6:49 AM
To: QubesOS/qubes-issues qubes-issues@noreply.github.com
Cc: Sun, Ning ning.sun@intel.com; Mention mention@noreply.github.com
Subject: Re: [QubesOS/qubes-issues] AEM boot option causes hard reboot/partial shutdown (#2155)

@nsun1https://github.com/nsun1 : AFAIK there are no recent Thinkpad models with rs232 ports or with docks bearing them. The other computers here are AMD or otherwise don't have TXT.

I get the same behavior using the rtcwake command. Is there a log file that might be recording info during the wake attempt?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/2155#issuecomment-251679923, or mute the threadhttps://github.com/notifications/unsubscribe-auth/APgjiwmUXX72aQqQlTN9VYEa7exDLoSeks5qw6rogaJpZM4JFmD4.

Intel(r) TXT Configuration Registers:
STS: 0x000180b1
senter_done: TRUE
sexit_done: FALSE
mem_config_lock: FALSE
private_open: TRUE
locality_1_open: TRUE
locality_2_open: TRUE
ESTS: 0x00
txt_reset: FALSE
E2STS: 0x0000000000000006
secrets: TRUE
ERRORCODE: 0x00000000
DIDVID: 0x00000001b0068086
vendor_id: 0x8086
device_id: 0xb006
revision_id: 0x1
FSBIF: 0xffffffffffffffff
QPIIF: 0x000000009d003000
SINIT.BASE: 0xb9ed0000
SINIT.SIZE: 327680B (0x50000)
HEAP.BASE: 0xb9f20000
HEAP.SIZE: 917504B (0xe0000)
DPR: 0x00000000ba000041
lock: TRUE
top: 0xba000000
size: 4MB (4194304B)
PUBLIC.KEY:
2d 67 dd d7 5e f9 33 92 66 a5 6f 27 18 95 55 ae
77 a2 b0 de 77 42 22 e5 de 24 8d be b8 e3 3d d7


 TXT measured launch: TRUE
 secrets flag set: TRUE

TBOOT log:
max_size=32706
zip_count=1
zip_pos[0] = 0
zip_size[0] = 12160
curr_pos=31485
buf:
TBOOT: *** TBOOT *******************
TBOOT: 2016-09-28 18:59 -0700 462:9b3461d87049
TBOOT: *********************************************
TBOOT: command line: logging=serial,memory,vga
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 0000000000058000 (1)
TBOOT: 0000000000058000 - 0000000000059000 (2)
TBOOT: 0000000000059000 - 000000000009e000 (1)
TBOOT: 000000000009e000 - 000000000009f000 (2)
TBOOT: 000000000009f000 - 00000000000a0000 (1)
TBOOT: 00000000000a0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000b8cfb000 (1)
TBOOT: 00000000b8cfb000 - 00000000b91fb000 (20)
TBOOT: 00000000b91fb000 - 00000000b987f000 (2)
TBOOT: 00000000b987f000 - 00000000b994b000 (4)
TBOOT: 00000000b994b000 - 00000000b994c000 (2)
TBOOT: 00000000b994c000 - 00000000b9a7f000 (4)
TBOOT: 00000000b9a7f000 - 00000000b9aff000 (3)
TBOOT: 00000000b9aff000 - 00000000b9b00000 (1)
TBOOT: 00000000b9b00000 - 00000000be800000 (2)
TBOOT: 00000000f80fa000 - 00000000f80fb000 (2)
TBOOT: 00000000f80fd000 - 00000000f80fe000 (2)
TBOOT: 00000000fe000000 - 00000000fe011000 (2)
TBOOT: 00000000fed20000 - 00000000fed80000 (2)
TBOOT: 0000000100000000 - 000000033f800000 (1)
TBOOT: TPM: FIFO_INF Locality 0 is open
TBOOT: TPM: discrete TPM2.0 Family 0x1
TBOOT: ACM header length plus scratch size overflows
TBOOT: TPM: supported bank count = 2
TBOOT: TPM: bank alg = 00000004
TBOOT: TPM: bank alg = 0000000b
TBOOT: TPM: supported alg count = 00000002
TBOOT: 00000004
TBOOT: 0000000B
TBOOT: TPM:CreatePrimary creating hierarchy handle = 40000007
TBOOT: TPM:CreatePrimary created object handle = 80000000
TBOOT: TPM attribute:
TBOOT: extend policy: 2
TBOOT: current alg id: 0x4
TBOOT: timeout values: A: 750, B: 2000, C: 75000, D: 750
TBOOT: checking if module is an SINIT for this platform...
TBOOT: ACM info_table version mismatch (6)
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xb006, revision: 0x1
TBOOT: processor family/model/stepping: 0x506e3
TBOOT: platform id: 0x4000000000000
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb006, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: 2 ACM processor id entries:
TBOOT: fms: 0x406e0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: fms: 0x506e0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: SINIT matches platform
TBOOT: TXT.SINIT.BASE: 0xb9ed0000
TBOOT: TXT.SINIT.SIZE: 0x50000 (327680)
TBOOT: copied SINIT (size=20000) to 0xb9ed0000
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: subtype: 0x0
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_id: 0xb006
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20150713
TBOOT: size_4: 0x20000 (131072)
TBOOT: txt_svn: 0x00000000
TBOOT: se_svn: 0x00000002
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:0000df27
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 6
TBOOT: length: 0x30 (48)
TBOOT: chipset_id_list: 0x4f0
TBOOT: os_sinit_data_ver: 0x7
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x0000016e
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 1
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 1
TBOOT: max_phy_addr: 1
TBOOT: acm_ver: 71
TBOOT: chipset list:
TBOOT: count: 1
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xb006
TBOOT: revision_id: 0x1
TBOOT: extended_id: 0x0
TBOOT: processor list:
TBOOT: count: 2
TBOOT: entry 0:
TBOOT: fms: 0x406e0
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 1:
TBOOT: fms: 0x506e0
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: TPM info list:
TBOOT: TPM capability:
TBOOT: ext_policy: 0x3
TBOOT: tpm_family : 0x3
TBOOT: tpm_nv_index_set : 0x0
TBOOT: alg count: 6
TBOOT: alg_id: 0x4
TBOOT: alg_id: 0xb
TBOOT: alg_id: 0xc
TBOOT: alg_id: 0xd
TBOOT: alg_id: 0x14
TBOOT: alg_id: 0x18
TBOOT: SGX:verify_IA32_se_svn_status is called
TBOOT: SGX is enabled, cpuid.ebx:0x29c6fbf
TBOOT: Comparing se_svn with ACM Header se_svn
TBOOT: se_svn is equal to ACM se_svn
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01C10131 in TPM NV
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01C10106 in TPM NV
TBOOT: :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[1]:
TBOOT: mod_num: any
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[2]:
TBOOT: mod_num: nv_raw
nv_index: 40000010
TBOOT: pcr: 22
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: TPM: write NV 01c10132, offset 00000000, 00000004 bytes, return value = 0000018B
TBOOT: Error: write TPM error: 0x18b.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xb9f20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: unsupported BIOS data version (6)
TBOOT: bios_data (@0xb9f20008, 0x56):
TBOOT: version: 6
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x200000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xffe60000
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: CR0 and EFLAGS OK
TBOOT: supports preserving machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
TPM: read NV index 01c10132 from offset 00000000, return value = 0000018B
TBOOT: Error: read TPM error: 0x18b.
TBOOT: last boot has no error.
TBOOT: file addresses:
TBOOT: &_start=0x804000
TBOOT: &_end=0xb54a60
TBOOT: &_mle_start=0x804000
TBOOT: &_mle_end=0x839000
TBOOT: &_post_launch_entry=0x804010
TBOOT: &txt_wakeup=0x804200
TBOOT: &g_mle_hdr=0x81e4e0
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
{0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000010
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=4000
TBOOT: mle_end_off=39000
TBOOT: capabilities: 0x00000027
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: MLE start=0x804000, end=0x839000, size=0x35000
TBOOT: ptab_size=3000, ptab_base=0x801000
TBOOT: TXT.HEAP.BASE: 0xb9f20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: unsupported BIOS data version (6)
TBOOT: bios_data (@0xb9f20008, 0x56):
TBOOT: version: 6
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x200000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xffe60000
TBOOT: discarding RAM above reserved regions: 0xb9aff000 - 0xb9b00000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xb8cfb000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x33f800000
TBOOT: no LCP module found
TBOOT: os_sinit_data (@0xb9f3517e, 0x90):
TBOOT: version: 7
TBOOT: flags: 1
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x35000 (217088)
TBOOT: mle_hdr_base: 0x1a4e0
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xb8c00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x23f800000
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: ext_data_elts[]:
TBOOT: EVENT_LOG_PTR:
TBOOT: size: 36
TBOOT: count: 1
TBOOT: Log Descrption:
TBOOT: Alg: 4
TBOOT: Size: 4096
TBOOT: EventsOffset: [0,0]
TBOOT: No Event Log.
TBOOT: setting MTRRs for acmod: base=0xb9ed0000, size=0x20000, num_pages=32
TBOOT: The maximum allowed MTRR range size=16 Pages
TBOOT: executing GETSEC[SENTER]...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: *
* TBOOT *******************
TBOOT: 2016-09-28 18:59 -0700 462:9b3461d87049
TBOOT: *********************************************
TBOOT: command line: logging=serial,memory,vga
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: SINIT ACM successfully returned...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 0000000000058000 (1)
TBOOT: 0000000000058000 - 0000000000059000 (2)
TBOOT: 0000000000059000 - 000000000009e000 (1)
TBOOT: 000000000009e000 - 000000000009f000 (2)
TBOOT: 000000000009f000 - 00000000000a0000 (1)
TBOOT: 00000000000a0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000b8cfb000 (1)
TBOOT: 00000000b8cfb000 - 00000000b91fb000 (20)
TBOOT: 00000000b91fb000 - 00000000b987f000 (2)
TBOOT: 00000000b987f000 - 00000000b994b000 (4)
TBOOT: 00000000b994b000 - 00000000b994c000 (2)
TBOOT: 00000000b994c000 - 00000000b9a7f000 (4)
TBOOT: 00000000b9a7f000 - 00000000b9aff000 (3)
TBOOT: 00000000b9aff000 - 00000000b9b00000 (1)
TBOOT: 00000000b9b00000 - 00000000be800000 (2)
TBOOT: 00000000f80fa000 - 00000000f80fb000 (2)
TBOOT: 00000000f80fd000 - 00000000f80fe000 (2)
TBOOT: 00000000fe000000 - 00000000fe011000 (2)
TBOOT: 00000000fed20000 - 00000000fed80000 (2)
TBOOT: 0000000100000000 - 000000033f800000 (1)
TBOOT: TPM: FIFO_INF Locality 0 is open
TBOOT: TPM: discrete TPM2.0 Family 0x1
TBOOT: TPM: supported bank count = 2
TBOOT: TPM: bank alg = 00000004
TBOOT: TPM: bank alg = 0000000b
TBOOT: TPM: supported alg count = 00000002
TBOOT: 00000004
TBOOT: 0000000B
TBOOT: TPM attribute:
TBOOT: extend policy: 2
TBOOT: current alg id: 0x4
TBOOT: timeout values: A: 750, B: 2000, C: 75000, D: 750
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01200001 in TPM NV
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01400001 in TPM NV
TBOOT: :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[1]:
TBOOT: mod_num: any
TBOOT: pcr: 17
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[2]:
TBOOT: mod_num: nv_raw
nv_index: 40000010
TBOOT: pcr: 22
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: TPM: write NV 01200002, offset 00000000, 00000004 bytes, return value = 0000018B
TBOOT: Error: write TPM error: 0x18b.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0xc0000001
TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xb9f20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: unsupported BIOS data version (6)
TBOOT: bios_data (@0xb9f20008, 0x56):
TBOOT: version: 6
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x200000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xffe60000
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: Post_launch started ...
TBOOT: measured launch succeeded
TBOOT: TXT.HEAP.BASE: 0xb9f20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: unsupported BIOS data version (6)
TBOOT: bios_data (@0xb9f20008, 0x56):
TBOOT: version: 6
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x200000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xffe60000
TBOOT: os_mle_data (@0xb9f2005e, 0x15120):
TBOOT: version: 3
TBOOT: loader context addr: 0x28000
TBOOT: os_sinit_data (@0xb9f3517e, 0x90):
TBOOT: version: 7
TBOOT: flags: 1
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x35000 (217088)
TBOOT: mle_hdr_base: 0x1a4e0
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xb8c00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x23f800000
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: ext_data_elts[]:
TBOOT: EVENT_LOG_PTR:
TBOOT: size: 36
TBOOT: count: 1
TBOOT: Log Descrption:
TBOOT: Alg: 4
TBOOT: Size: 4096
TBOOT: EventsOffset: [0,801]
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x402
TBOOT: Digest: cd 0c 36 be 55 66 61 da ba 9d 45 2b fc 71 27 d6 d4 c5 44 1e
TBOOT: Data: 36 bytes
22 19 57 30 40 10 86 87 30 26 93 7d 4e b1 a0 19
c2 a4 fd 4b 81 a8 dc fe c7 fb 28 1d 03 3b d4 9d
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 255
TBOOT: Type: 0x401
TBOOT: Digest: 9d 98 66 cf 0b 7c 36 62 39 33 00 00 00 00 00 00 00 00 00 00
TBOOT: Data: 4 bytes
01 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40a
TBOOT: Digest: e0 7a 6a f9 04 73 cf 94 09 dd 52 0b a7 31 db 2c 4b 56 94 18
TBOOT: Data: 32 bytes
00 00 00 00 27 10 15 20 06 b0 00 00 00 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40b
TBOOT: Digest: 90 69 ca 78 e7 45 0a 28 51 73 43 1b 3e 52 c5 c2 52 99 e4 73
TBOOT: Data: 4 bytes
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40c
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68 e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x412
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e 43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40e
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e 43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40f
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68 e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x404
TBOOT: Digest: 7f 36 c1 2d 44 1f be f0 03 3b df 3d 72 bb 2f 36 ba ab 66 26
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x414
TBOOT: Digest: 5d fe a6 ad 59 16 9b 18 1f 5c bc 08 e8 44 55 fa 0e 28 91 61
TBOOT: Data: 95 bytes
01 01 80 00 03 00 0b 62 04 44 08 00 20 ef 9a 26
fc 22 d1 ae 8c ec ff 59 e9 48 1a c1 ec 53 3d be
22 8b ec 6d 17 93 0f 4c b2 cc 5b 97 24 00 68 01
01 80 00 01 00 0b 62 04 2c 04 00 20 b7 5c e1 94
6f 78 df 8b aa 42 69 18 db 09 31 80 17 e6 b3 8d
04 8c 95 4e 05 c2 c4 f3 4b d4 40 60 00 46 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x410
TBOOT: Digest: fe 48 79 5c e3 18 12 ff a8 14 99 7f 46 3e a0 ca 19 eb 33 2c
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40b
TBOOT: Digest: 90 69 ca 78 e7 45 0a 28 51 73 43 1b 3e 52 c5 c2 52 99 e4 73
TBOOT: Data: 4 bytes
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40f
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68 e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40c
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68 e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x413
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e 43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x414
TBOOT: Digest: 5d fe a6 ad 59 16 9b 18 1f 5c bc 08 e8 44 55 fa 0e 28 91 61
TBOOT: Data: 95 bytes
01 01 80 00 03 00 0b 62 04 44 08 00 20 ef 9a 26
fc 22 d1 ae 8c ec ff 59 e9 48 1a c1 ec 53 3d be
22 8b ec 6d 17 93 0f 4c b2 cc 5b 97 24 00 68 01
01 80 00 01 00 0b 62 04 2c 04 00 20 b7 5c e1 94
6f 78 df 8b aa 42 69 18 db 09 31 80 17 e6 b3 8d
04 8c 95 4e 05 c2 c4 f3 4b d4 40 60 00 46 00
TBOOT: sinit_mle_data (@0xb9f3520e, 0x2e4):
TBOOT: version: 9
TBOOT: bios_acm_id:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: edx_senter_flags: 0x00000000
TBOOT: mseg_valid: 0x0
TBOOT: sinit_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: mle_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: stm_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: lcp_policy_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: lcp_policy_control: 0x00000000
TBOOT: rlp_wakeup_addr: 0xb9ed1bb0
TBOOT: num_mdrs: 6
TBOOT: mdrs_off: 0x254
TBOOT: num_vtd_dmars: 168
TBOOT: vtd_dmars_off: 0x1ac
TBOOT: sinit_mdrs:
TBOOT: 0000000000000000 - 00000000000a0000 (GOOD)
TBOOT: 0000000000100000 - 0000000001000000 (GOOD)
TBOOT: 0000000001000000 - 00000000b9c00000 (GOOD)
TBOOT: 0000000100000000 - 000000033f800000 (GOOD)
TBOOT: 00000000ba000000 - 00000000bc000000 (SMRAM NON-OVERLAY)
TBOOT: 00000000f8000000 - 00000000fc000000 (PCIE EXTENDED CONFIG)
TBOOT: proc_scrtm_status: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: unknown element: type: 6, size: 196
TBOOT: unknown element: type: 9, size: 68
TBOOT: CPU supports 39 phys address bits
TBOOT: RSDP (v2, HPQOEM) @ 0x0fbe
TBOOT: acpi_table_ioapic @ 0xb9aed06c, .address = 0xfec00000
TBOOT: acpi_table_mcfg @ 0xb9aec000, .base_address = 0xf8000000
TBOOT: mtrr_def_type: e = 1, fe = 1, type = 6
TBOOT: mtrrs:
TBOOT: base mask type v
TBOOT: 00000000c0000 0000007fc0000 00 01
TBOOT: 00000000bc000 0000007ffc000 00 01
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: discarding RAM above reserved regions: 0xb9aff000 - 0xb9b00000
TBOOT: reserving 0xb8c00000 - 0xb8cfb000, which was truncated for VT-d
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xb8cfb000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x33f800000
TBOOT: MSR for SMM monitor control on BSP is 0x0.
TBOOT: verifying ILP is opt-out or has the same MSEG header with TXT.MSEG.BASE
opt-out
TBOOT: : succeeded.
TBOOT: enabling SMIs on BSP
TBOOT: mle_join.entry_point = 804200
TBOOT: mle_join.seg_sel = 8
TBOOT: mle_join.gdt_base = 805000
TBOOT: mle_join.gdt_limit = 3f
TBOOT: joining RLPs to MLE with MONITOR wakeup
TBOOT: rlp_wakeup_addr = 0xb9ed1bb0
TBOOT: cpu 2 waking up from TXT sleep
TBOOT: waiting for all APs (7) to enter wait-for-sipi...
TBOOT: MSR for SMM monitor control on cpu 2 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 2
: succeeded.
TBOOT: enabling SMIs on cpu 2
TBOOT: .VMXON done for cpu 2
TBOOT:
TBOOT: cpu 6 waking up from TXT sleep
TBOOT: launching mini-guest for cpu 2
TBOOT: MSR for SMM monitor control on cpu 6 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 6
: succeeded.
TBOOT: enabling SMIs on cpu 6
TBOOT: VMXON done for cpu 6
TBOOT: launching mini-guest for cpu 6
TBOOT: cpu 4 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 4 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 4
: succeeded.
TBOOT: enabling SMIs on cpu 4
TBOOT: VMXON done for cpu 4
TBOOT: .cpu 7 waking up from TXT sleep
TBOOT: launching mini-guest for cpu 4
TBOOT: MSR for SMM monitor control on cpu 7 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 7
: succeeded.
TBOOT: enabling SMIs on cpu 7
TBOOT: VMXON done for cpu 7
TBOOT: launching mini-guest for cpu 7
TBOOT: cpu 3 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 3 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 3
: succeeded.
TBOOT: enabling SMIs on cpu 3
TBOOT: VMXON done for cpu 3
TBOOT: .cpu 5 waking up from TXT sleep
TBOOT: launching mini-guest for cpu 3
TBOOT: MSR for SMM monitor control on cpu 5 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 5
: succeeded.
TBOOT: enabling SMIs on cpu 5
TBOOT: VMXON done for cpu 5
TBOOT: launching mini-guest for cpu 5
TBOOT: cpu 1 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 1 is 0x0
TBOOT: .verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 1
. : succeeded.
TBOOT: .enabling SMIs on cpu 1
TBOOT: .VMXON done for cpu 1
TBOOT:
TBOOT: launching mini-guest for cpu 1
TBOOT: all APs in wait-for-sipi
TBOOT: saved IA32_MISC_ENABLE = 0x00850089
TBOOT: set TXT.CMD.SECRETS flag
TBOOT: opened TPM locality 1
TBOOT: DMAR table @ 0xb9ac9000 saved.
TBOOT: got sinit match on module #2
TBOOT: no LCP module found
TBOOT: protecting TXT heap (b9f20000 - b9ffffff) in e820 table
TBOOT: protecting SINIT (b9ed0000 - b9f1ffff) in e820 table
TBOOT: protecting TXT Private Space (fed20000 - fed2ffff) in e820 table
TBOOT: verifying e820 table against SINIT MDRs: verification succeeded.
TBOOT: verifying module 0 of mbi (100000 - 7d653f) in e820 table
(range from 0000000000100000 to 00000000007d6540 is in E820_RAM)
TBOOT: : succeeded.
TBOOT: verifying module 1 of mbi (b55000 - 6ebb9ff) in e820 table
(range from 0000000000b55000 to 0000000006ebba00 is in E820_RAM)
TBOOT: : succeeded.
TBOOT: verifying tboot and its page table (800000 - b54a5f) in e820 table
(range from 0000000000800000 to 0000000000b54a60 is in E820_RAM)
TBOOT: : succeeded.
TBOOT: ELF magic number is not matched, image is not ELF format.
TBOOT: protecting tboot (800000 - b54fff) in e820 table
TBOOT: reserving tboot memory log (60000 - 67fff) in e820 table
TBOOT: adjusted e820 map:
TBOOT: 0000000000000000 - 0000000000058000 (1)
TBOOT: 0000000000058000 - 0000000000059000 (2)
TBOOT: 0000000000059000 - 0000000000060000 (1)
TBOOT: 0000000000060000 - 0000000000068000 (2)
TBOOT: 0000000000068000 - 000000000009e000 (1)
TBOOT: 000000000009e000 - 000000000009f000 (2)
TBOOT: 000000000009f000 - 00000000000a0000 (1)
TBOOT: 00000000000a0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 0000000000800000 (1)
TBOOT: 0000000000800000 - 0000000000b55000 (2)
TBOOT: 0000000000b55000 - 00000000b8c00000 (1)
TBOOT: 00000000b8c00000 - 00000000b8cfb000 (2)
TBOOT: 00000000b8cfb000 - 00000000b91fb000 (20)
TBOOT: 00000000b91fb000 - 00000000b987f000 (2)
TBOOT: 00000000b987f000 - 00000000b994b000 (4)
TBOOT: 00000000b994b000 - 00000000b994c000 (2)
TBOOT: 00000000b994c000 - 00000000b9a7f000 (4)
TBOOT: 00000000b9a7f000 - 00000000b9aff000 (3)
TBOOT: 00000000b9aff000 - 00000000b9b00000 (2)
TBOOT: 00000000b9b00000 - 00000000b9ed0000 (2)
TBOOT: 00000000b9ed0000 - 00000000b9f20000 (2)
TBOOT: 00000000b9f20000 - 00000000ba000000 (2)
TBOOT: 00000000ba000000 - 00000000be800000 (2)
TBOOT: 00000000f80fa000 - 00000000f80fb000 (2)
TBOOT: 00000000f80fd000 - 00000000f80fe000 (2)
TBOOT: 00000000fe000000 - 00000000fe011000 (2)
TBOOT: 00000000fed20000 - 00000000fed30000 (2)
TBOOT: 00000000fed30000 - 00000000fed80000 (2)
TBOOT: 0000000100000000 - 000000033f800000 (1)
TBOOT: verifying policy
TBOOT: verifying module "
root=UUID=b960d645-e37b-4856-b198-b9a978ecb5c2 ro quiet splash intel_iommu=on"...
TBOOT: OK : 4c c9 fb 4b a4 78 5d 79 08 c0 6d 73 4f 50 b3 78 10 cf 07 66
TBOOT: verifying module ""...
TBOOT: OK : 7b 94 2f c0 65 29 08 ef 62 84 8f 61 80 79 be 6b 00 43 f5 cf
TBOOT: all modules are verified
TBOOT: pre_k_s3_state:
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xb8c00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x23f800000
TBOOT: pol_hash: ce 78 8c 7b 47 b2 91 85 b8 8c 3c a0 7d f7 02 e3 a1 e4 60 03
TBOOT: VL measurements:
TBOOT: PCR 17 (alg count 1):
TBOOT: alg 0004: fb b1 b9 ea b0 c9 2a c0 9c 28 14 f5 38 b5 ad 02 af e0 ee af
TBOOT: PCR 18 (alg count 1):
TBOOT: alg 0004: fb b1 b9 ea b0 c9 2a c0 9c 28 14 f5 38 b5 ad 02 af e0 ee af
TBOOT: PCR 17 (alg count 1):
TBOOT: alg 0004: 4c c9 fb 4b a4 78 5d 79 08 c0 6d 73 4f 50 b3 78 10 cf 07 66
TBOOT: PCR 17 (alg count 1):
TBOOT: alg 0004: 7b 94 2f c0 65 29 08 ef 62 84 8f 61 80 79 be 6b 00 43 f5 cf
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x501
TBOOT: Digest: fb b1 b9 ea b0 c9 2a c0 9c 28 14 f5 38 b5 ad 02 af e0 ee af
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x501
TBOOT: Digest: fb b1 b9 ea b0 c9 2a c0 9c 28 14 f5 38 b5 ad 02 af e0 ee af
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x501
TBOOT: Digest: 4c c9 fb 4b a4 78 5d 79 08 c0 6d 73 4f 50 b3 78 10 cf 07 66
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x501
TBOOT: Digest: 7b 94 2f c0 65 29 08 ef 62 84 8f 61 80 79 be 6b 00 43 f5 cf
TBOOT: Data: 0 bytes
TBOOT: requested 0x40 random bytes but only got 0x20
TBOOT: trying one more time to get remaining 0x20 bytes
TBOOT: tboot_shared data:
TBOOT: version: 6
TBOOT: log_addr: 0x00060000
TBOOT: shutdown_entry: 0x008041c0
TBOOT: shutdown_type: 0
TBOOT: tboot_base: 0x00804000
TBOOT: tboot_size: 0x350a60
TBOOT: num_in_wfs: 7
TBOOT: flags: 0x00000000
TBOOT: ap_wake_addr: 0x00000000
TBOOT: ap_wake_trigger: 0
TBOOT: no LCP module found
TBOOT: ELF magic number is not matched, image is not ELF format.
TBOOT: assuming kernel is Linux format
TBOOT: Initrd from 0x79c99000 to 0x7ffffa00
TBOOT: Kernel (protected mode) from 0x1000000 to 0x16d1f40
TBOOT: Kernel (real mode) from 0x69c00 to 0x6e200
TBOOT: Linux cmdline placed in header: root=UUID=b960d645-e37b-4856-b198-b9a978ecb5c2 ro quiet splash intel_i
TBOOT: ommu=on
TBOOT:
TBOOT: transfering control to kernel @0x1000000...
TBOOT: VMXOFF done for cpu 2
TBOOT: cpu 2 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 4
TBOOT: cpu 4 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 6
TBOOT: cpu 6 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 1
TBOOT: cpu 1 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 3
TBOOT: cpu 3 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 5
TBOOT: cpu 5 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 7
TBOOT: cpu 7 waking up, SIPI vector=98000
TBOOT: shutdown(): TB_SHUTDOWN_WFS
TBOOT: VMXON done for cpu 2
TBOOT: launching mini-guest for cpu 2
TBOOT: shutdown(): TB_SHUTDOWN_WFS
TBOOT: VMXON done for cpu 4
TBOOT: launching mini-guest for cpu 4
TBOOT: shutdown(): TB_SHUTDOWN_WFS
TBOOT: VMXON done for cpu 6
TBOOT: launching mini-guest for cpu 6
TBOOT: shutdown(): TB_SHUTDOWN_WFS
TBOOT: VMXON done for cpu 1
TBOOT: launching mini-guest for cpu 1
TBOOT: shutdown(): TB_SHUTDOWN_WFS
TBOOT: VMXON done for cpu 3
TBOOT: launching mini-guest for cpu 3
TBOOT: shutdown(): TB_SHUTDOWN_WFS
TBOOT: VMXON done for cpu 5
TBOOT: launching mini-guest for cpu 5
TBOOT: shutdown(): TB_SHUTDOWN_WFS
TBOOT: VMXON done for cpu 7
TBOOT: wait until all APs ready for txt shutdown
TBOOT: launching mini-guest for cpu 7
TBOOT: DMAR table @ 0xb9ac9000 is still there, skip restore step.
TBOOT: MACing region 0: 0x1000 - 0x58000
TBOOT: MACing region 1: 0x59000 - 0x60000
TBOOT: MACing region 2: 0x68000 - 0x9e000
TBOOT: MACing region 3: 0x9f000 - 0xa0000
TBOOT: MACing region 4: 0x100000 - 0x800000
TBOOT: MACing region 5: 0xb55000 - 0xb8c00000
TBOOT: MACing region 6: 0x100000000 - 0x13f800000
TBOOT: post_k_s3_state:
TBOOT: kernel_s3_resume_vector: 0x981d0
TBOOT: kernel_integ: 3f 7b 18 16 98 4e 88 05
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: cap'ed dynamic PCRs
TBOOT: waiting for APs (7) to exit guests...
TBOOT: .VMXOFF done for cpu 1
TBOOT:
TBOOT: VMXOFF done for cpu 3
TBOOT: VMXOFF done for cpu 2
TBOOT: .VMXOFF done for cpu 4
TBOOT: VMXOFF done for cpu 5
TBOOT: VMXOFF done for cpu 6
TBOOT: VMXOFF done for cpu 7
TBOOT: .
TBOOT: all APs exited guests
TBOOT: secrets flag cleared
TBOOT: memory configuration unlocked
TBOOT: private config space closed
TBOOT: executing GETSEC[SEXIT]...
TBOOT: measured environment torn down
TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_S3
TBOOT: PM1A GAS @ 0x83e020:
TBOOT: space_id: I/O
TBOOT: bit_width: 16
TBOOT: bit_offset: 0
TBOOT: access_width: 2
TBOOT: address: 1804
TBOOT: PM1B GAS @ 0x83e02c:
TBOOT: space_id: I/O
TBOOT: bit_width: 0
TBOOT: bit_offset: 0
TBOOT: access_width: 2
TBOOT: address: 0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: ******************* TBOOT *******************
TBOOT: 2016-09-28 18:59 -0700 462:9b3461d87049
TBOOT: *********************************************
TBOOT: command line: logging=serial,memory,vga
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: Resume from S3...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: TPM: FIFO_INF Locality 0 is open
TBOOT: TPM: discrete TPM2.0 Family 0x1
TBOOT: TPM: supported bank count = 2
TBOOT: TPM: bank alg = 00000004
TBOOT: TPM: bank alg = 0000000b
TBOOT: TPM: supported alg count = 00000002
TBOOT: 00000004
TBOOT: 0000000B
TBOOT: TPM attribute:
TBOOT: extend policy: 2
TBOOT: current alg id: 0x4
TBOOT: timeout values: A: 750, B: 2000, C: 75000, D: 750
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01200001 in TPM NV
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01400001 in TPM NV
TBOOT: :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[1]:
TBOOT: mod_num: any
TBOOT: pcr: 17
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[2]:
TBOOT: mod_num: nv_raw
nv_index: 40000010
TBOOT: pcr: 22
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: TPM: write NV 01200002, offset 00000000, 00000004 bytes, return value = 0000018B
TBOOT: Error: write TPM error: 0x18b.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xb9f20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: unsupported BIOS data version (6)
TBOOT: bios_data (@0xb9f20008, 0x56):
TBOOT: version: 6
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x200000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xffe60000
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: CR0.NE not set
TBOOT: CR0 and EFLAGS OK
TBOOT: supports preserving machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: setting MTRRs for acmod: base=0xb9ed0000, size=0x20000, num_pages=32
TBOOT: The maximum allowed MTRR range size=16 Pages
TBOOT: executing GETSEC[SENTER]...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: ******************* TBOOT *******************
TBOOT: 2016-09-28 18:59 -0700 462:9b3461d87049
TBOOT: *********************************************
TBOOT: command line: logging=serial,memory,vga
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: SINIT ACM successfully returned...
TBOOT: Resume from S3...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: TPM: FIFO_INF Locality 0 is open
TBOOT: TPM: discrete TPM2.0 Family 0x1
TBOOT: TPM: supported bank count = 2
TBOOT: TPM: bank alg = 00000004
TBOOT: TPM: bank alg = 0000000b
TBOOT: TPM: supported alg count = 00000002
TBOOT: 00000004
TBOOT: 0000000B
TBOOT: TPM attribute:
TBOOT: extend policy: 2
TBOOT: current alg id: 0x4
TBOOT: timeout values: A: 750, B: 2000, C: 75000, D: 750
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01200001 in TPM NV
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01400001 in TPM NV
TBOOT: :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[1]:
TBOOT: mod_num: any
TBOOT: pcr: 17
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[2]:
TBOOT: mod_num: nv_raw
nv_index: 40000010
TBOOT: pcr: 22
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: TPM: write NV 01200002, offset 00000000, 00000004 bytes, return value = 0000018B
TBOOT: Error: write TPM error: 0x18b.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0xc0000001
TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xb9f20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: unsupported BIOS data version (6)
TBOOT: bios_data (@0xb9f20008, 0x56):
TBOOT: version: 6
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x200000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xffe60000
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: Post_launch started ...
TBOOT: measured launch succeeded
TBOOT: TXT.HEAP.BASE: 0xb9f20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: unsupported BIOS data version (6)
TBOOT: bios_data (@0xb9f20008, 0x56):
TBOOT: version: 6
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x200000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xffe60000
TBOOT: os_mle_data (@0xb9f2005e, 0x15120):
TBOOT: version: 3
TBOOT: loader context addr: 0x28000
TBOOT: os_sinit_data (@0xb9f3517e, 0x90):
TBOOT: version: 7
TBOOT: flags: 1
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x35000 (217088)
TBOOT: mle_hdr_base: 0x1a4e0
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xb8c00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x23f800000
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: ext_data_elts[]:
TBOOT: EVENT_LOG_PTR:
TBOOT: size: 36
TBOOT: count: 1
TBOOT: Log Descrption:
TBOOT: Alg: 4
TBOOT: Size: 4096
TBOOT: EventsOffset: [0,801]
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x402
TBOOT: Digest: cd 0c 36 be 55 66 61 da ba 9d 45 2b fc 71 27 d6 d4 c5 44 1e
TBOOT: Data: 36 bytes
22 19 57 30 40 10 86 87 30 26 93 7d 4e b1 a0 19
c2 a4 fd 4b 81 a8 dc fe c7 fb 28 1d 03 3b d4 9d
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 255
TBOOT: Type: 0x401
TBOOT: Digest: 9d 98 66 cf 0b 7c 36 62 39 33 00 00 00 00 00 00 00 00 00 00
TBOOT: Data: 4 bytes
01 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40a
TBOOT: Digest: e0 7a 6a f9 04 73 cf 94 09 dd 52 0b a7 31 db 2c 4b 56 94 18
TBOOT: Data: 32 bytes
00 00 00 00 27 10 15 20 06 b0 00 00 00 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40b
TBOOT: Digest: 90 69 ca 78 e7 45 0a 28 51 73 43 1b 3e 52 c5 c2 52 99 e4 73
TBOOT: Data: 4 bytes
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40c
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68 e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x412
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e 43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40e
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e 43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40f
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68 e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x404
TBOOT: Digest: 7f 36 c1 2d 44 1f be f0 03 3b df 3d 72 bb 2f 36 ba ab 66 26
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x414
TBOOT: Digest: 5d fe a6 ad 59 16 9b 18 1f 5c bc 08 e8 44 55 fa 0e 28 91 61
TBOOT: Data: 95 bytes
01 01 80 00 03 00 0b 62 04 44 08 00 20 ef 9a 26
fc 22 d1 ae 8c ec ff 59 e9 48 1a c1 ec 53 3d be
22 8b ec 6d 17 93 0f 4c b2 cc 5b 97 24 00 68 01
01 80 00 01 00 0b 62 04 2c 04 00 20 b7 5c e1 94
6f 78 df 8b aa 42 69 18 db 09 31 80 17 e6 b3 8d
04 8c 95 4e 05 c2 c4 f3 4b d4 40 60 00 46 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x410
TBOOT: Digest: fe 48 79 5c e3 18 12 ff a8 14 99 7f 46 3e a0 ca 19 eb 33 2c
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40b
TBOOT: Digest: 90 69 ca 78 e7 45 0a 28 51 73 43 1b 3e 52 c5 c2 52 99 e4 73
TBOOT: Data: 4 bytes
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40f
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68 e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40c
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68 e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x413
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e 43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x414
TBOOT: Digest: 5d fe a6 ad 59 16 9b 18 1f 5c bc 08 e8 44 55 fa 0e 28 91 61
TBOOT: Data: 95 bytes
01 01 80 00 03 00 0b 62 04 44 08 00 20 ef 9a 26
fc 22 d1 ae 8c ec ff 59 e9 48 1a c1 ec 53 3d be
22 8b ec 6d 17 93 0f 4c b2 cc 5b 97 24 00 68 01
01 80 00 01 00 0b 62 04 2c 04 00 20 b7 5c e1 94
6f 78 df 8b aa 42 69 18 db 09 31 80 17 e6 b3 8d
04 8c 95 4e 05 c2 c4 f3 4b d4 40 60 00 46 00
TBOOT: sinit_mle_data (@0xb9f3520e, 0x2e4):
TBOOT: version: 9
TBOOT: bios_acm_id:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: edx_senter_flags: 0x00000000
TBOOT: mseg_valid: 0x0
TBOOT: sinit_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: mle_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: stm_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: lcp_policy_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: lcp_policy_control: 0x00000000
TBOOT: rlp_wakeup_addr: 0xb9ed1bb0
TBOOT: num_mdrs: 6
TBOOT: mdrs_off: 0x254
TBOOT: num_vtd_dmars: 168
TBOOT: vtd_dmars_off: 0x1ac
TBOOT: sinit_mdrs:
TBOOT: 0000000000000000 - 00000000000a0000 (GOOD)
TBOOT: 0000000000100000 - 0000000001000000 (GOOD)
TBOOT: 0000000001000000 - 00000000b9c00000 (GOOD)
TBOOT: 0000000100000000 - 000000033f800000 (GOOD)
TBOOT: 00000000ba000000 - 00000000bc000000 (SMRAM NON-OVERLAY)
TBOOT: 00000000f8000000 - 00000000fc000000 (PCIE EXTENDED CONFIG)
TBOOT: proc_scrtm_status: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: unknown element: type: 6, size: 196
TBOOT: unknown element: type: 9, size: 68
TBOOT: CPU supports 39 phys address bits
TBOOT: RSDP (v2, HPQOEM) @ 0x0fbe
TBOOT: acpi_table_ioapic @ 0xb9aed06c, .address = 0xfec00000
TBOOT: acpi_table_mcfg @ 0xb9aec000, .base_address = 0xf8000000
TBOOT: mtrr_def_type: e = 1, fe = 1, type = 6
TBOOT: mtrrs:
TBOOT: base mask type v
TBOOT: 00000000c0000 0000007fc0000 00 01
TBOOT: 00000000bc000 0000007ffc000 00 01
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xb8c00000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x33f800000
TBOOT: MSR for SMM monitor control on BSP is 0x0.
TBOOT: verifying ILP is opt-out or has the same MSEG header with TXT.MSEG.BASE
opt-out
TBOOT: : succeeded.
TBOOT: enabling SMIs on BSP
TBOOT: mle_join.entry_point = 804200
TBOOT: mle_join.seg_sel = 8
TBOOT: mle_join.gdt_base = 805000
TBOOT: mle_join.gdt_limit = 3f
TBOOT: joining RLPs to MLE with MONITOR wakeup
TBOOT: rlp_wakeup_addr = 0xb9ed1bb0
TBOOT: cpu 6 waking up from TXT sleep
TBOOT: waiting for all APs (7) to enter wait-for-sipi...
TBOOT: MSR for SMM monitor control on cpu 6 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 6
: succeeded.
TBOOT: enabling SMIs on cpu 6
TBOOT: .VMXON done for cpu 6
TBOOT:
TBOOT: launching mini-guest for cpu 6
TBOOT: cpu 7 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 7 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 7
: succeeded.
TBOOT: enabling SMIs on cpu 7
TBOOT: VMXON done for cpu 7
TBOOT: launching mini-guest for cpu 7
TBOOT: cpu 2 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 2 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 2
: succeeded.
TBOOT: enabling SMIs on cpu 2
TBOOT: VMXON done for cpu 2
TBOOT: .launching mini-guest for cpu 2
TBOOT: cpu 5 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 5 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 5
: succeeded.
TBOOT: enabling SMIs on cpu 5
TBOOT: VMXON done for cpu 5
TBOOT: launching mini-guest for cpu 5
TBOOT: cpu 3 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 3 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 3
: succeeded.
TBOOT: enabling SMIs on cpu 3
TBOOT: VMXON done for cpu 3
TBOOT: .cpu 4 waking up from TXT sleep
TBOOT: launching mini-guest for cpu 3
TBOOT: MSR for SMM monitor control on cpu 4 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 4
: succeeded.
TBOOT: enabling SMIs on cpu 4
TBOOT: VMXON done for cpu 4
TBOOT: launching mini-guest for cpu 4
TBOOT: cpu 1 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 1 is 0x0
TBOOT: .verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 1
. : succeeded.
TBOOT: .enabling SMIs on cpu 1
TBOOT: .VMXON done for cpu 1
TBOOT:
TBOOT: launching mini-guest for cpu 1
TBOOT: all APs in wait-for-sipi
TBOOT: saved IA32_MISC_ENABLE = 0x00850089
TBOOT: set TXT.CMD.SECRETS flag
TBOOT: opened TPM locality 1
TBOOT: DMAR table @ 0xb9ac9000 saved.
TBOOT: No need to hide DMAR table.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: verifying pre_k_s3_state
TBOOT: TPM: Load return value = 00000910
TBOOT: failed to unseal blob
TBOOT: creation or verification of S3 measurements failed.
TBOOT: tboot_shared data:
TBOOT: version: 6
TBOOT: log_addr: 0x00060000
TBOOT: shutdown_entry: 0x008041c0
TBOOT: shutdown_type: 3
TBOOT: tboot_base: 0x00804000
TBOOT: tboot_size: 0x350a60
TBOOT: num_in_wfs: 7
TBOOT: flags: 0x00000000
TBOOT: ap_wake_addr: 0x00000000
TBOOT: ap_wake_trigger: 0
TBOOT: VMXOFF done for cpu 2
TBOOT: cpu 2 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 4
TBOOT: cpu 4 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 6
TBOOT: cpu 6 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 1
TBOOT: cpu 1 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 3
TBOOT: cpu 3 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 5
TBOOT: cpu 5 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 7
TBOOT: cpu 7 waking up, SIPI vector=98000

@tasket
Copy link

@tasket tasket commented Oct 13, 2016

@andrewdavidwong @chris-hacker-news : Is it possible to test tboot 1.9.4 on your systems to see how sleep/wake work? It would be good to have the extra input and get a sense for how common the waking problem is.

@andrewdavidwong
Copy link
Member Author

@andrewdavidwong andrewdavidwong commented Oct 13, 2016

@tasket: Not sure when exactly I'll have time to do this, but I'll try!

@tasket
Copy link

@tasket tasket commented Oct 13, 2016

Thanks Andrew!

@nsun1 : If that log is from a serial port, can I get similar output on the vga display somehow? Unfortunately, the display doesn't seem to turn on when resuming from S3, even if tboot was loaded with the vga logging option. I somewhat doubt an in-memory log would survive a reboot on my system... is this even an option?

@tasket
Copy link

@tasket tasket commented Oct 25, 2016

Update:
I have tried updating to the latest BIOS version and installed xen 4.6.3 without any improvement. Also, switching to Linux 4.4.12 in dom0 has no effect -- System still appears to freeze during resume.

@ghost
Copy link

@ghost ghost commented Oct 25, 2016

Usually, we try linux kernel w/ tboot, and do s3 resume with command: rtcwake –u –s 10 -m mem.

From: tasket [mailto:notifications@github.com]
Sent: Tuesday, October 25, 2016 3:11 PM
To: QubesOS/qubes-issues qubes-issues@noreply.github.com
Cc: Sun, Ning ning.sun@intel.com; Mention mention@noreply.github.com
Subject: Re: [QubesOS/qubes-issues] AEM boot option causes hard reboot/partial shutdown (#2155)

Update:
I have tried updating to the latest BIOS version and installed xen 4.6.3 without any improvement. Also, switching to Linux 4.4.12 in dom0 has no effect -- System still appears to freeze during resume.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/2155#issuecomment-256192230, or mute the threadhttps://github.com/notifications/unsubscribe-auth/APgji1wIQNqn-hzNPPW5_4rklkLra1rnks5q3n5agaJpZM4JFmD4.

@tasket
Copy link

@tasket tasket commented Nov 1, 2016

@nsun1 : The rtcwake command in this case doesn't behave any differently than other methods of going into sleep/wake modes.

If you know of some way to retrieve a boot log from memory then I can try that. However, I'm assuming recent Intel systems scramble RAM after a system reset, making log recovery impossible.

@andrewdavidwong
Copy link
Member Author

@andrewdavidwong andrewdavidwong commented Nov 13, 2016

@tasket: I just re-tested the min_ram option on the latest R3.2 with anti-evil-maid-3.0.4-1.fc23.x86_64. Unfortunately, there's still no change. The system still fails to boot in the same way.

@tasket
Copy link

@tasket tasket commented Nov 14, 2016

@andrewdavidwong Thanks :)

Let us know if you test it also with tboot 1.9.4, which does boot for me; Its available from https://sourceforge.net/projects/tboot/files/tboot/ and IIRC you should have a cc of email from nsun1@intel.com 9/1/2016 with tboot signature. This newer tboot does have an issue where my system can't wake from sleep.

@rustybird
Copy link

@rustybird rustybird commented Nov 26, 2016

@tasket Can you paste the tboot signature into a gist? Maybe that will get more testers.

@cyrinux
Copy link

@cyrinux cyrinux commented Nov 26, 2016

i guys, I would like to try too, I have a t450s and anti-evil-maid doesn't work since my last bios update.
I can't find a rpm for tboot 1.9.4, could you help me?

@tasket
Copy link

@tasket tasket commented Nov 27, 2016

@rustybird @cyrinux : You can download it here...

https://sourceforge.net/projects/tboot/files/tboot/

The signature is attached to this post (unzip it before using it to gpg --verify)
tboot-1.9.4.gpg.zip

@tasket
Copy link

@tasket tasket commented Nov 27, 2016

Forgot to mention that is source code so you will have to use make to create the binary that is placed on the AEM boot volume.

Its also possible to manually download a binary deb package from ubuntu's repository then verify it using the ubuntu keys that can be installed in a debian template.

@rustybird
Copy link

@rustybird rustybird commented Nov 28, 2016

@tasket:

The signature is attached to this post (unzip it before using it to gpg --verify)
tboot-1.9.4.gpg.zip

Thanks!

Do you know if the signing key (which was created on the same day as the signature) is mentioned anywhere online? The keyserver had 4 more keys for his email address:

$ gpg --verify tboot-1.9.4.tar.gz.gpg
gpg: Signature made Thu 01 Sep 2016 01:33:40 AM UTC
gpg:                using RSA key 0x314B1F9A2252E060
gpg: Good signature from "Ning Sun <ning.sun@intel.com>" [unknown]
gpg: WARNING: Using untrusted key!

$ gpg --search-keys ning.sun@intel.com
gpg: searching for "ning.sun@intel.com" from hkp server qdigse2yzvuglcix.onion
(1)     Ning Sun <ning.sun@intel.com>
          2048 bit RSA key 0x314B1F9A2252E060, created: 2016-09-01
(2)     Ning Sun <ning.sun@intel.com>
          2048 bit RSA key 0x2E06527408EB8FF1, created: 2015-04-15
(3)     Ning Sun <ning.sun@intel.com>
          2048 bit RSA key 0x6B6F8FEC54688283, created: 2015-03-06
(4)     NINGSUN <ning.sun@intel.com>
          2048 bit RSA key 0x9D127ACB85C97614, created: 2015-03-06
(5)     Ning Sun <ning.sun@intel.com>
          2048 bit RSA key 0x474191673CD2A023, created: 2015-03-05

(FWIW, the signature's data payload was identical to the tboot-1.9.4.tar.gz I downloaded from one of SourceForge's HTTP mirrors over Tor. Hurray)

@tasket
Copy link

@tasket tasket commented Nov 28, 2016

@rustybird -
@nsun1 can comment about the key that was used (seems to have prefered making a new key for that purpose). I get the impression trusted boot isn't a high priority project for Intel. I don't know what else to make of it.

You might feel better about verifying and unpacking the Ubuntu package instead?

@ghost
Copy link

@ghost ghost commented Nov 28, 2016

@bburky
Copy link

@bburky bburky commented Jan 12, 2017

I had the same crash/reboot after executing GETSEC[SENTER]. I was able to fix it by using the files unpacked from the Ubuntu package.

rtcwake –u –s 10 -m mem seems to crash the computer with or without tboot. This is a desktop, so I don't really care though. The power light does blink like it goes into suspend. But the CPU fan goes full speed and the screen goes blank. Can't wake it. Somehow even the physical reset button didn't work. S3 suspend is enabled in BIOS. Or one time the fan didn't spin, and the reset button did work, but the computer couldn't be woken. "Sleep" works in Windows on this machine.

(Yes, it's a weird computer. I know. Was mostly intended for gaming, decided to pick some specs to allow running Qubes and AEM too though. Need to manage to add a second USB controller for the keyboard somehow though.)

@earque
Copy link

@earque earque commented Mar 11, 2017

I recently experienced this same issue though I'm not sure how. I'm pretty new to linux so my diagnosis skills are limited.

About 3 months ago I installed qubes 3.2 on my x230 thinkpad, no major issues, almost everything works. AEM working fine. I'm not sure what caused the change. Best I can figure is that whenever I saw a dom0 update, I updated (rather carelessly, it turns out), without really testing or even restarting. In fact I almost never shut my machine down below s3 sleep.

About 3 days ago I got tired of waiting for my laptop to become responsive and I hard restarted. The AEM grub option goes into a boot loop, which I think people in this thread are familiar with. After several days of penitent googling and restarts, it turns out that AEM now only works with 1) a well known owner, 2) the min_ram parameter set, 3) tboot 1.9.4 files (blobs?). As of my last restart, none of this was the case.

So there you have it. I have no idea what was updated or why it would cause tboot to stop working.

FWIW, AEM is installed to my boot sector and I haven't tried it on a usb device. It's hard enough to get it working as it is.

Lessons: I need to figure out how to roll back updates with dnf. I need to watch what gets updated, and test, or at least restart, after updating. If my boot sequence were to be tampered with, I'd probably just think it was something I did, and ham-fistedly clear tpm in my attempt to fix it. In fact, I may have just done that. They do tell me my context is high threat, which is why I'm going through this in the first place.

@tasket
Copy link

@tasket tasket commented Mar 13, 2017

@earque It was a Xen or Linux upgrade that triggered the problem for me... wish I could be more specific.

If you are using removable media for the boot volume, you also have to be mindful about which package updates will require that volume to be mounted as /boot (during the update). That includes xen* packages, kernel, tboot, grub and anything that gets included in the initramfs.

@n1m1
Copy link

@n1m1 n1m1 commented Dec 21, 2018

Hi,
I am experiencing the same problem with Qubes 4.0.1 and tboot 1.99 (downloaded and compiled: with the rpm provided by Fedora repo the machine does not even boot) on a Thinkpad X1 Carbon 4th gen (bios updated to the last version).

The AEM setup (2FA with TOTP and usb stick), as described on the README doc, has been pretty straightforward. No problem with the boot/sealing process. However, when put in sleep state, my laptop reboots.

I've tried to add several options to grub.cfg (i.e. min_ram=0x2000000 and, as suggested in tboot doc, intel_iommu=on , iommu=required and the recently introduced save_vtd=true) but, unfortunately, without success. Without solving this problem, it is pretty hard to use AEM on a laptop.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
9 participants
You can’t perform that action at this time.