I have been trying to implement trusted boot feature in our server and testing it with the tools Intel provides (ServerTXTINFO, getsec64, and Serversecret).
But I am getting bunch of errors. txt-stat in my red hat terminal shows that secret and secret flag set = False but TXT Measured launch = True.
When I run getsec64.efi tool in EFI shell, I get error that System is already in TXT environment run getsec64 -l sexit
and when I run getsec64 -l sexit, I get GETSEC leaf or SMCTRL leaf unavailable.
I have searched everywhere in BIOS but couldn't find any related option.
I have generated platform log file using serverTXTinfo which is attached. It has errors about GETSEC capabilities showing that Intel TXT-capable chipset bit is 0 (Which I suppose, should be set) and heap memory is not allocated.
I can't really understand these error. Any help will be highly appreciated.
TBOOT installation process is followed from
BIOS configuration: TPM, Intel TXT (LT-Sx), VT-d and VMX are enabled.
OS: Red Hat Enterprise Linux 6.5
we have Intel Server board E5- 2658 with Mayan City Haswell EP based system with RC115 BIOS installed, it has QS Haswell CPU’s and B1 Wellsburg.