Custom TXT: Errorcode 0xC0000481

Custom TXT: Errorcode 0xC0000481

Hello,

just a shortish question because I am a little baffled right now. I am programming a new MLE to be used with Intel TXT. We want to launch this within a running Linux (64Bit) - this should be perfectly possible afaik. I got most of it working, TXT is working (tboot would successfully boot on previous tests!), but now I get this error whenever I execute GETSEC[SENTER]: 0xC0000481.

Decoding this tells me: it is valid (was 0 when getsec was executed), it is from the ACM, the class is 8 and the error 1. This is something like "Interrupt occured" - no further infos in the pdf with the error-code. So.. I don't know how to debug this further. Also, interrupts? Shouldn't does be disabled anyway (intel SDM about SMX tells so).

The ACM is in fact running, I had other errors before (about mtrrs and tpm), so this at least is certain and because the error-code is indeed directly from the acm, it should be happening while it is still running and not in my MLE (which is very short right now, it does "1: jmp 1b"). But what exactly is happening, can someone from Intel maybe tell some reasons why this could be happening? I have no other tools to debug this on hardware-level, so this is pretty much an dead birth if I can't get more infos on this.

My system: Q87T with an Intel i7 4770S.

ACM: 4th Gen. i5 i7 version 75

I am currently running this with a linux kernel that is NOT SMP (did it with SMP, same result; but this way all other processors should be halted anyway). My code follows the manual closely (only details are different, like I save the status right before the getsec, and not at the beginning like in the manual). I tried it with interrupts disabled and enabled before executing ACM - no difference. The kernel gets started with interrupt-remapping on but intel_iommu off (is this ok?).

Looking forward for help :=)

 

best regards,- Benjamin

6 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

I believe your reading of the error code is correct, but could you please attach the whole log and the BIOS version you are using?  Thanks.

Cita:

Colleen Culbertson (Intel) escribió:

I believe your reading of the error code is correct, but could you please attach the whole log?  Thanks.

Hej Colleen, what log do you mean? Like I said, this is not tBoot, but rather a new developed TXT-launcher with a custom MLE (this will be part of a hypervisor that can be started from within Linux). I mean, I do have logs of the stuff I do in my launcher, but those are probably not what you want. Unless I am mistaken, the ACM itself does not keep any logs others than the error-code.

I can try to give you all the infos that you need, if you need something specific, or redo my tboot-setup which would work on the same machine previously (can only do that after the weekend though) - but that would probably also not really help in this situation.

Would really would help me is information in what state the ACM is when this error happens or what it could try that cause this error (since the Intel SDM about SMX clearly states, that all IRQ-sources are disabled before entering the ACM). Unless I know that, I can hardly debug this in my software.

Edit: Sry, i forgot the bios:

This is a "ASUS UEFI Bios, Version 0216 x64, Build 10/16/2013, ME version 9.0.10.1372"

Confirmed that SINIT runs with interrupts disabled and never uses INT N instruction. So it appears to be a CPU exception.  Three things to change/try.
1. Upgrade to the latest BIOS for the motherboard.  
2. Turn on iommu (required for VTd which is required for TXT). 
3. If you're using X2APIC mode, try switching to xAPIC instead. 

.  

Cita:

Colleen Culbertson (Intel) escribió:

Confirmed that SINIT runs with interrupts disabled and never uses INT N instruction. So it appears to be a CPU exception.  Three things to change/try.
1. Upgrade to the latest BIOS for the motherboard.  
2. Turn on iommu (required for VTd which is required for TXT). 
3. If you're using X2APIC mode, try switching to xAPIC instead. 

Hej Colleen,

updating the BIOS didn't solve the problem, but disabling interrupt-remapping in linux did; this also disables the use of x2apic in linux. I also could finally start my code/finish the txt boot. So, this works now.

I still would like to know the reason, why it didn't work with x2apix/irq-remapping enabled. I read the TXT SDM and the SMX SDM and didn't encounter these conditions once. I only read that VT-d dma remapping has to be disabled - which was the case. I would be really nice to know that this is in fact the expected behaviour - then I also have to check this before launching txt.

Thx thus far :).

 

- Ben

Will reply to you email.

Leave a Comment

Please sign in to add a comment. Not a member? Join today