error code 0xc0001c41

error code 0xc0001c41

Hi,

I'm getting txt error code 0xc0001c41 with rebooting the system afterwards.

I did the setup according to various material i studied on the web.
I also already had some chats within the tboot forum, w/o any progress.
Seems there's a similar setup (mentioned in the mailing list) with the same issue.
I guess there's a chance issue is not related to my setup

According to SINIT_Errors.pdf error indicates "Invalid TPM NV index"
Guess the error is raise from within SINIT.

Thanks for your suggestion in advance,
Dieter

 

Mainboard - Intel S1200RPL

CPU - XEON E3-1265L
TPM - AXXTPME5
Boot - BIOS (i.e. no EFI, EFI boot shows identical behavior)
Distribution - Ubuntu 14.04 w/ tboot 1.8 (same w/ pretty new tboot 1.8.1)
SINIT - 4th_gen_i5_i7_SINIT_75.BIN (same w/ BIOS buildin SINIT)

Attached below how the TPM is set up and the tboot dump.

+ tpm_takeownership -z
Enter owner password:
Confirm password:
+ tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password
Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b)

Command DefIndex failed:
TSS API failed
+ tpmnv_defindex -i owner -s 0x36 -p password
Haven't input permission value, use default value 0x2

Successfully defined index 0x40000001 as permission 0x2, data size is 54
+ tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password

Successfully defined index 0x20000001 as permission 0x2, data size is 512
+ rm -r tmp
+ mkdir tmp
+ cd tmp
+ lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz lcp_crtpolelt
+ --create --type mle --ctrl 0x00 --minver 0 --out tboot_mle.elt
+ tboot_hash lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt
+ lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol
+ --data owner_list.data list_unsig.lst lcp_writepol -i owner -f
+ owner_list.pol -p password

Successfully write policy into index 0x40000001
+ cp owner_list.data /boot
+ tb_polgen --create --type nonfatal tcb.pol
+ tb_polgen --add --num 0 --pcr 18 --hash image --cmdline 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image /boot/vmlinuz-3.13.0-24-generic tcb.pol
+ tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image
+ /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i 0x20000001
+ -f tcb.pol -p password

Successfully write policy into index 0x20000001

TBOOT: ******************* TBOOT *******************
TBOOT: 2014-01-30 12:00 +0800 1.8.0
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009bc00 (1)
TBOOT: 000000000009bc00 - 00000000000a0000 (2)
TBOOT: 00000000000e0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000bbdc7000 (1)
TBOOT: 00000000bbdc7000 - 00000000be782000 (2)
TBOOT: 00000000be782000 - 00000000be788000 (4)
TBOOT: 00000000be788000 - 00000000be8be000 (2)
TBOOT: 00000000be8be000 - 00000000be8c2000 (4)
TBOOT: 00000000be8c2000 - 00000000be8e3000 (2)
TBOOT: 00000000be8e3000 - 00000000be8e4000 (4)
TBOOT: 00000000be8e4000 - 00000000be905000 (2)
TBOOT: 00000000be905000 - 00000000be915000 (4)
TBOOT: 00000000be915000 - 00000000be925000 (2)
TBOOT: 00000000be925000 - 00000000beb2f000 (4)
TBOOT: 00000000beb2f000 - 00000000bebf0000 (3)
TBOOT: 00000000bebf0000 - 00000000bec00000 (1)
TBOOT: 00000000bec00000 - 00000000c0000000 (2)
TBOOT: 00000000f8000000 - 00000000fc000000 (2)
TBOOT: 00000000fec00000 - 00000000fec01000 (2)
TBOOT: 00000000fed19000 - 00000000fed1a000 (2)
TBOOT: 00000000fed1c000 - 00000000fed20000 (2)
TBOOT: 00000000fee00000 - 00000000fee01000 (2)
TBOOT: 00000000ff400000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000440000000 (1)
TBOOT: TPM: TPM Family 0x3
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
TBOOT: Wrong timeout B, fallback to 2000
TBOOT: Wrong timeout C, fallback to 75000
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 2
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: 18
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 f6 46 51 ca da
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 8f 74 18 0f 60
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0xc0001c41
TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0xc
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xbef20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xbef20008, 0x56):
TBOOT: version: 4
TBOOT: bios_sinit_size: 0xce40 (52800)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xfff7d000
TBOOT: CR0 and EFLAGS OK
TBOOT: supports preserving machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
last boot has error.
TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this platform...
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1
TBOOT: processor family/model/stepping: 0x306c3
TBOOT: platform id: 0x4000000000000
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: 3 ACM processor id entries:
TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: SINIT matches platform
TBOOT: TXT.SINIT.BASE: 0xbef00000
TBOOT: TXT.SINIT.SIZE: 0x20000 (131072)
TBOOT: BIOS has already loaded an SINIT module
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: 3 ACM processor id entries:
TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: BIOS-provided SINIT is older: date=20130612
TBOOT: copied SINIT (size=ce40) to 0xbef00000
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: subtype: 0x0
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_id: 0xb002
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20130712
TBOOT: size*4: 0xce40 (52800)
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:000062dc
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 4
TBOOT: length: 0x2c (44)
TBOOT: chipset_id_list: 0x4ec
TBOOT: os_sinit_data_ver: 0x6
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x0000002e
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 1
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: acm_ver: 75
TBOOT: chipset list:
TBOOT: count: 1
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xb002
TBOOT: revision_id: 0x1
TBOOT: extended_id: 0x0
TBOOT: processor list:
TBOOT: count: 3
TBOOT: entry 0:
TBOOT: fms: 0x306c0
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 1:
TBOOT: fms: 0x40660
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 2:
TBOOT: fms: 0x40650
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: file addresses:
TBOOT: &_start=0x804000
TBOOT: &_end=0xac6460
TBOOT: &_mle_start=0x804000
TBOOT: &_mle_end=0x834000
TBOOT: &_post_launch_entry=0x804010
TBOOT: &_txt_wakeup=0x8041f0
TBOOT: &g_mle_hdr=0x81b5a0
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
{0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000010
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=4000
TBOOT: mle_end_off=34000
TBOOT: capabilities: 0x00000027
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: MLE start=804000, end=834000, size=30000
TBOOT: ptab_size=3000, ptab_base=0x801000
TBOOT: TXT.HEAP.BASE: 0xbef20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xbef20008, 0x56):
TBOOT: version: 4
TBOOT: bios_sinit_size: 0xce40 (52800)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xfff7d000
TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000
TBOOT: no LCP module found
TBOOT: os_sinit_data (@0xbef3517e, 0x7c):
TBOOT: version: 6
TBOOT: flags: 0
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x30000 (196608)
TBOOT: mle_hdr_base: 0x175a0
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xbbc00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x340000000
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: ext_data_elts[]:
TBOOT: EVENT_LOG_POINTER:
TBOOT: size: 16
TBOOT: elog_addr: 0xbef30176
TBOOT: Event Log Container:
TBOOT: Signature: TXT Event Container
TBOOT: ContainerVer: 1.0
TBOOT: PCREventVer: 1.0
TBOOT: Size: 20480
TBOOT: EventsOffset: [48,48)
TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, num_pages=13
TBOOT: executing GETSEC[SENTER]...

15 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

You are using an SINIT file for a core i5/ core i7 CPU.  You need one of the Server SINIT files, however I do not see an SINIT file that looks like it would work with your CPU. I am asking the TXT engineers about this.

Here is the repository of SINIT files: https://software.intel.com/en-us/articles/intel-trusted-execution-techno...

 

 

 

There are a couple things to look at:  The Xeon E3-1265L uses the Ivy Bridge 3rd_gen_i5_i7_SINIT_67.BIN and you are using the 4th gen bin file.  If changing that doesn't work here are some more things to look at:

  1. Please provide the created policy files, since tboot 1.8.0 has bug in lcptools.
  2. Use tboot 1.8.1 lcptools or simply remove the owner index to verify whether it is caused by the wrong lcp policy. (wrong lcp policy procuded by tboot 1.8.0 should lead to a error code 0xC0001D01(Wrong LCP data integrity).
  3. Is there a BIOS update from your vendor? 

Could you check whether your processor e3-1265L is a v2 or v3?  (and similarly  check on the board there should be a v#- most  RPL were s1200v3RPL. And could you please tell me how you chose which SINIT version to run? 
I'm also trying to confirm the SINIT bin version. Will update here when confirmed.

UPDATE/CORRECTION:  AXXTPME3 922115 is apparently the required TPM for the v3 boards/single XEON processor..

Recap of latest info:  
 -  CORRECTION: This was later corrected to AXXTPMe3 #922115, not 912429)
- if there's any chance that an 'earlier than 67 bin' was ever used, you need to run the revocation tool to remove earlier version (RACM at https://software.intel.com/protected-download/267276/183305) and bring up to post 67 version.(as in BIOS 02.01.0002/4
 - Use Bios 02.01.0004, but be sure you had loaded 02.01.0002 before loading 0004. 
- try reprovisioning
- the 4th gen i5/i7 error codes are the ones to use. 
Please attach log if you still receive the 0xc0001c41 (or any other) error.

Also - please let us know if you ever had this S1200 TPM/TXT running without error.

 

 

The invalid index often means that one of the critical indexes wasn't setup by the OEM and you have to do it. Look at tpmnv_defindex.

....JW

 

try tpmnv_getcap - it will spout all the indexes that have been defined - I think the one I was missing was 0x20000001. It looks like that's what your error code is saying as well - I have a different processor and my codes are different so try the index, but disregard the message about the incorrect driver parameter.

....JW

Yes I saw that - the size I have in the policy files is 256 - did you have 512 in yours?

I doubt that's the problem - after around 4 weeks of running around i have only moved forward by running the utilities - I think in this case it was readpol - in a debugger and watching what was setting it off. So when it trys to get info from an index you can see which onee.

The other method is putting printks in tboot. - that (should) cause the trusted boot to fail (since tboot is modified) but you should be able to get far enough to see which index it's complaining about - all that happens before GETSEC[SENTER]

....JW

CORRECTION
The TPM that has been tested with the Intel(R) S1200v3RP board with the above listed processor v3 (HSW) is the second version of the AXXTPMe3 (MM#922115;  TA#G20697-003 or higher -00x;  PBA# G12756-104 or later -00#). 
This version was announced by Intel in PCN 111453 and 113080
Note:   (Earlier posts by me have also been corrected above to avoid confusing anyone reading this thread once archived)

The latest BIOS for the board contains the correct SINIT binary.

Deiter - I never said that tboot was causing the reboot - but there is, at least in your first post, a clear indication that there's a missing index. Which could / would cause the SENTER leaf to fail. So which index is missing, well step 1. is , which ones are defined for your platform - #tpmnv_getcap

....JW

 

Hi Dieter,
Working to see where you can get a 104. Will email you privately.

Hi Colleen,

Can you email me as well?  I'm having the exact same problem as Dieter.

Hi I.A.

I don't have your email address in this thread.....Can you tell me what system and what processor you have  (include any v#s in the names please).

Board support owner has confirmed that documentation will be updated to show the later version of AXXTPMe3. MM# 922115

Supplies of AXXTPME3/922115 are being replenished with shipments going out this week (mid July 2014).  Please recheck with suppliers in the next week. 

Update - #922115 is confirmed to fix this issue on the S1200v3RP board.

Hi Dieter, 

The only thought would be reset thru BIOS and if you can't get into that (they system wasn't set up so you could use a console remoted in was it?  
I need to ask you to try taking this through Intel Customer Support for Server Boards to get you into the BIOS. I believe the phone number for Germany is 069 9509 6099, or check the Intel.com web site under contact support. 

Leave a Comment

Please sign in to add a comment. Not a member? Join today