error code 0xc0001c41

error code 0xc0001c41

Hi,

I'm getting txt error code 0xc0001c41 with rebooting the system afterwards.

I did the setup according to various material i studied on the web.
I also already had some chats within the tboot forum, w/o any progress.
Seems there's a similar setup (mentioned in the mailing list) with the same issue.
I guess there's a chance issue is not related to my setup

According to SINIT_Errors.pdf error indicates "Invalid TPM NV index"
Guess the error is raise from within SINIT.

Thanks for your suggestion in advance,
Dieter

 

Mainboard - Intel S1200RPL

CPU - XEON E3-1265L
TPM - AXXTPME5
Boot - BIOS (i.e. no EFI, EFI boot shows identical behavior)
Distribution - Ubuntu 14.04 w/ tboot 1.8 (same w/ pretty new tboot 1.8.1)
SINIT - 4th_gen_i5_i7_SINIT_75.BIN (same w/ BIOS buildin SINIT)

Attached below how the TPM is set up and the tboot dump.

+ tpm_takeownership -z
Enter owner password:
Confirm password:
+ tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password
Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b)

Command DefIndex failed:
TSS API failed
+ tpmnv_defindex -i owner -s 0x36 -p password
Haven't input permission value, use default value 0x2

Successfully defined index 0x40000001 as permission 0x2, data size is 54
+ tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password

Successfully defined index 0x20000001 as permission 0x2, data size is 512
+ rm -r tmp
+ mkdir tmp
+ cd tmp
+ lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz lcp_crtpolelt
+ --create --type mle --ctrl 0x00 --minver 0 --out tboot_mle.elt
+ tboot_hash lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt
+ lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol
+ --data owner_list.data list_unsig.lst lcp_writepol -i owner -f
+ owner_list.pol -p password

Successfully write policy into index 0x40000001
+ cp owner_list.data /boot
+ tb_polgen --create --type nonfatal tcb.pol
+ tb_polgen --add --num 0 --pcr 18 --hash image --cmdline 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image /boot/vmlinuz-3.13.0-24-generic tcb.pol
+ tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image
+ /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i 0x20000001
+ -f tcb.pol -p password

Successfully write policy into index 0x20000001

TBOOT: ******************* TBOOT *******************
TBOOT: 2014-01-30 12:00 +0800 1.8.0
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009bc00 (1)
TBOOT: 000000000009bc00 - 00000000000a0000 (2)
TBOOT: 00000000000e0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000bbdc7000 (1)
TBOOT: 00000000bbdc7000 - 00000000be782000 (2)
TBOOT: 00000000be782000 - 00000000be788000 (4)
TBOOT: 00000000be788000 - 00000000be8be000 (2)
TBOOT: 00000000be8be000 - 00000000be8c2000 (4)
TBOOT: 00000000be8c2000 - 00000000be8e3000 (2)
TBOOT: 00000000be8e3000 - 00000000be8e4000 (4)
TBOOT: 00000000be8e4000 - 00000000be905000 (2)
TBOOT: 00000000be905000 - 00000000be915000 (4)
TBOOT: 00000000be915000 - 00000000be925000 (2)
TBOOT: 00000000be925000 - 00000000beb2f000 (4)
TBOOT: 00000000beb2f000 - 00000000bebf0000 (3)
TBOOT: 00000000bebf0000 - 00000000bec00000 (1)
TBOOT: 00000000bec00000 - 00000000c0000000 (2)
TBOOT: 00000000f8000000 - 00000000fc000000 (2)
TBOOT: 00000000fec00000 - 00000000fec01000 (2)
TBOOT: 00000000fed19000 - 00000000fed1a000 (2)
TBOOT: 00000000fed1c000 - 00000000fed20000 (2)
TBOOT: 00000000fee00000 - 00000000fee01000 (2)
TBOOT: 00000000ff400000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000440000000 (1)
TBOOT: TPM: TPM Family 0x3
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
TBOOT: Wrong timeout B, fallback to 2000
TBOOT: Wrong timeout C, fallback to 75000
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 2
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: 18
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 f6 46 51 ca da
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 8f 74 18 0f 60
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0xc0001c41
TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0xc
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xbef20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xbef20008, 0x56):
TBOOT: version: 4
TBOOT: bios_sinit_size: 0xce40 (52800)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xfff7d000
TBOOT: CR0 and EFLAGS OK
TBOOT: supports preserving machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
last boot has error.
TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this platform...
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1
TBOOT: processor family/model/stepping: 0x306c3
TBOOT: platform id: 0x4000000000000
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: 3 ACM processor id entries:
TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: SINIT matches platform
TBOOT: TXT.SINIT.BASE: 0xbef00000
TBOOT: TXT.SINIT.SIZE: 0x20000 (131072)
TBOOT: BIOS has already loaded an SINIT module
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: 3 ACM processor id entries:
TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: BIOS-provided SINIT is older: date=20130612
TBOOT: copied SINIT (size=ce40) to 0xbef00000
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: subtype: 0x0
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_id: 0xb002
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20130712
TBOOT: size*4: 0xce40 (52800)
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:000062dc
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 4
TBOOT: length: 0x2c (44)
TBOOT: chipset_id_list: 0x4ec
TBOOT: os_sinit_data_ver: 0x6
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x0000002e
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 1
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: acm_ver: 75
TBOOT: chipset list:
TBOOT: count: 1
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xb002
TBOOT: revision_id: 0x1
TBOOT: extended_id: 0x0
TBOOT: processor list:
TBOOT: count: 3
TBOOT: entry 0:
TBOOT: fms: 0x306c0
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 1:
TBOOT: fms: 0x40660
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 2:
TBOOT: fms: 0x40650
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: file addresses:
TBOOT: &_start=0x804000
TBOOT: &_end=0xac6460
TBOOT: &_mle_start=0x804000
TBOOT: &_mle_end=0x834000
TBOOT: &_post_launch_entry=0x804010
TBOOT: &_txt_wakeup=0x8041f0
TBOOT: &g_mle_hdr=0x81b5a0
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
{0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000010
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=4000
TBOOT: mle_end_off=34000
TBOOT: capabilities: 0x00000027
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: MLE start=804000, end=834000, size=30000
TBOOT: ptab_size=3000, ptab_base=0x801000
TBOOT: TXT.HEAP.BASE: 0xbef20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xbef20008, 0x56):
TBOOT: version: 4
TBOOT: bios_sinit_size: 0xce40 (52800)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xfff7d000
TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000
TBOOT: no LCP module found
TBOOT: os_sinit_data (@0xbef3517e, 0x7c):
TBOOT: version: 6
TBOOT: flags: 0
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x30000 (196608)
TBOOT: mle_hdr_base: 0x175a0
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xbbc00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x340000000
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: ext_data_elts[]:
TBOOT: EVENT_LOG_POINTER:
TBOOT: size: 16
TBOOT: elog_addr: 0xbef30176
TBOOT: Event Log Container:
TBOOT: Signature: TXT Event Container
TBOOT: ContainerVer: 1.0
TBOOT: PCREventVer: 1.0
TBOOT: Size: 20480
TBOOT: EventsOffset: [48,48)
TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, num_pages=13
TBOOT: executing GETSEC[SENTER]...

21 post / 0 nuovi
Ultimo contenuto
Per informazioni complete sulle ottimizzazioni del compilatore, consultare l'Avviso sull'ottimizzazione
Ritratto di Gael Hofemeier (Intel)

You are using an SINIT file for a core i5/ core i7 CPU.  You need one of the Server SINIT files, however I do not see an SINIT file that looks like it would work with your CPU. I am asking the TXT engineers about this.

Here is the repository of SINIT files: https://software.intel.com/en-us/articles/intel-trusted-execution-techno...

 

 

Follow me on Twitter: @GaelHof Facebook: https://www.facebook.com/gh.intelblogs
Ritratto di Gael Hofemeier (Intel)

 

There are a couple things to look at:  The Xeon E3-1265L uses the Ivy Bridge 3rd_gen_i5_i7_SINIT_67.BIN and you are using the 4th gen bin file.  If changing that doesn't work here are some more things to look at:

  1. Please provide the created policy files, since tboot 1.8.0 has bug in lcptools.
  2. Use tboot 1.8.1 lcptools or simply remove the owner index to verify whether it is caused by the wrong lcp policy. (wrong lcp policy procuded by tboot 1.8.0 should lead to a error code 0xC0001D01(Wrong LCP data integrity).
  3. Is there a BIOS update from your vendor? 
Follow me on Twitter: @GaelHof Facebook: https://www.facebook.com/gh.intelblogs

Hi Gael,

Good news, seems we are making progress w/in tboot forum!

Story so far:

- According to general Intel documentation I started with AXXTPME3
- Enabling TXT causes early BIOS reboot (long before accessing any boot medium) even with totally cleared TPM
- I got an evidence for that w/in the S1200V3RPL board manual
- There it’s stated TPM type should be AXXTPME5
- I then tried out AXXTPME5
- Given that, enabling TXT succeeds but with mentioned error code
- Only difference between AXXTPME5 and AXXTPME3 seems to be the AUX index size (96 vs. 64)
- And here comes SINIT into picture, SINIT seems to check this size and throws mentioned error in case it’s not 64 (i.e. AXXTPME3)
- From w/in tboot forum I then learned that there are several types of AXXTPME3
- Seems I have 912429 but need 922115
- More insides at https://qdms.intel.com/Portal/SearchPCNDataBase.aspx?mm=912429
- I’m now going to get this TPM type and try this out

Improvements I could think of :
- Correct board manual (AXXTPME5 => AXXTPME3)
- Add TPM details to circumvent that pitfall
- If SINIT just checks the AUX index size
o There shouldn’t be any security concerns removing that check
o Ending up in board compatibility also for AXXTPME5

I let you know further news, once I have the other AXXTPME3.

Thanks a lot for your effort,
Dieter

Could you check whether your processor e3-1265L is a v2 or v3?  (and similarly  check on the board there should be a v#- most  RPL were s1200v3RPL. And could you please tell me how you chose which SINIT version to run? 
I'm also trying to confirm the SINIT bin version. Will update here when confirmed.

UPDATE/CORRECTION:  AXXTPME3 922115 is apparently the required TPM for the v3 boards/single XEON processor..

Recap of latest info:  
 -  CORRECTION: This was later corrected to AXXTPMe3 #922115, not 912429)
- if there's any chance that an 'earlier than 67 bin' was ever used, you need to run the revocation tool to remove earlier version (RACM at https://software.intel.com/protected-download/267276/183305) and bring up to post 67 version.(as in BIOS 02.01.0002/4
 - Use Bios 02.01.0004, but be sure you had loaded 02.01.0002 before loading 0004. 
- try reprovisioning
- the 4th gen i5/i7 error codes are the ones to use. 
Please attach log if you still receive the 0xc0001c41 (or any other) error.

Also - please let us know if you ever had this S1200 TPM/TXT running without error.

 

 

Hi Colleen,

as you might already assume, board and CPU is V3.
I have not managed to get TXT running ever on this board, struggeling quite some time already.

Here's a brief history:
- AXXTPME3 as well as AXXTPME5 with BIOS version before 02.01.0002
   ....
- AXXTPME5 / BIOS version 02.01.0002
     4th_gen_i5_i7_SINIT_75.BIN is newer compared to BIOS build SINIT
     w/ and w/o 4th_gen_i5_i7_SINIT_75.BIN same behaviour, i.e. mentioned error code
- updated BIOS to version 02.01.0004
    now BIOS build in SINIT is newer compared to 4th_gen_i5_i7_SINIT_75.BIN
    removed therefore 4th_gen_i5_i7_SINIT_75.BIN
    still same behaviour, i.e. mentioned error code

What i did now:
- I run the revocation tool via EFI according to "intel-txt-sinit-acm-revocation-tools-guide-rev1-0_2.pdf"
- cleared tpm, enabled it again and set it up completely new, same way as mentioned above

Still i get the same error and system reboots!
Attached below you find the tboot screen logs.

I wonder whether the issue is related to my setup or whether it's a general issue?
I.e. have you got TXT running on S1200V3RPL with AXXTPME5?

Is there a chance to get more insides about the invalid index?
I mean, information i got from tboot forum (AUX index size) sounds quite reasonable ...

Thanks a lot for your effort,
Dieter

TBOOT: ******************* TBOOT *******************
TBOOT:    2014-05-16 12:00 +0800 1.8.1
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT:  0000000000000000 - 000000000009bc00  (1)
TBOOT:  000000000009bc00 - 00000000000a0000  (2)
TBOOT:  00000000000e0000 - 0000000000100000  (2)
TBOOT:  0000000000100000 - 00000000abdc7000  (1)
TBOOT:  00000000abdc7000 - 00000000ae785000  (2)
TBOOT:  00000000ae785000 - 00000000ae78d000  (4)
TBOOT:  00000000ae78d000 - 00000000ae8c1000  (2)
TBOOT:  00000000ae8c1000 - 00000000ae8c4000  (4)
TBOOT:  00000000ae8c4000 - 00000000ae8e5000  (2)
TBOOT:  00000000ae8e5000 - 00000000ae8e6000  (4)
TBOOT:  00000000ae8e6000 - 00000000ae914000  (2)
TBOOT:  00000000ae914000 - 00000000aeb2f000  (4)
TBOOT:  00000000aeb2f000 - 00000000aebed000  (3)
TBOOT:  00000000aebed000 - 00000000aec00000  (1)
TBOOT:  00000000aec00000 - 00000000b0000000  (2)
TBOOT:  00000000f8000000 - 00000000fc000000  (2)
TBOOT:  00000000fec00000 - 00000000fec01000  (2)
TBOOT:  00000000fed19000 - 00000000fed1a000  (2)
TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
TBOOT:  00000000fee00000 - 00000000fee01000  (2)
TBOOT:  00000000ff400000 - 0000000100000000  (2)
TBOOT:  0000000100000000 - 0000000450000000  (1)
TBOOT: TPM: TPM Family 0x0
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
TBOOT: Wrong timeout B, fallback to 2000
TBOOT: Wrong timeout C, fallback to 75000
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT:  :512 bytes read
TBOOT: policy:
TBOOT:   version: 2
TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT:   hash_alg: TB_HALG_SHA1
TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
TBOOT:   num_entries: 2
TBOOT:   policy entry[0]:
TBOOT:           mod_num: 0
TBOOT:           pcr: 18
TBOOT:           hash_type: TB_HTYPE_IMAGE
TBOOT:           num_hashes: 1
TBOOT:           hashes[0]: 9d 8a 26 35 af b4 c7 6e 8f 99 94 00 3b 81 23 4c dc ec 7d dc
TBOOT:   policy entry[1]:
TBOOT:           mod_num: 1
TBOOT:           pcr: 19
TBOOT:           hash_type: TB_HTYPE_IMAGE
TBOOT:           num_hashes: 1
TBOOT:           hashes[0]: 95 1c e5 9c 83 4f 23 70 2e 19 b0 3d 8b 9f a4 3d a4 7f af c4
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0xc0001c41
TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0xc
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xaef20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xaef20008, 0x56):
TBOOT:   version: 4
TBOOT:   bios_sinit_size: 0xce40 (52800)
TBOOT:   lcp_pd_base: 0x0
TBOOT:   lcp_pd_size: 0x0 (0)
TBOOT:   num_logical_procs: 8
TBOOT:   flags: 0x00000000
TBOOT:   ext_data_elts[]:
TBOOT:           BIOS_SPEC_VER:
TBOOT:               major: 0x2
TBOOT:               minor: 0x1
TBOOT:               rev: 0x0
TBOOT:           ACM:
TBOOT:               num_acms: 1
TBOOT:               acm_addrs[0]: 0xfff70000
TBOOT: CR0 and EFLAGS OK
TBOOT: supports preserving machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
        last boot has error.
TBOOT: checking if module /initrd.img-3.13.0-29-generic is an SINIT for this platform...
TBOOT:   ACM size is too small: acmod_size=3f72200, acm_hdr->size*4=c0c0c0c0
TBOOT: no SINIT AC module found
TBOOT: TXT.SINIT.BASE: 0xaeef0000
TBOOT: TXT.SINIT.SIZE: 0x30000 (196608)
TBOOT: BIOS has already loaded an SINIT module
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1
TBOOT: processor family/model/stepping: 0x306c3
TBOOT: platform id: 0x4000000000000
TBOOT:   1 ACM chipset id entries:
TBOOT:       vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT:   3 ACM processor id entries:
TBOOT:       fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: no SINIT provided by bootloader; using BIOS SINIT
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT:   type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT:   subtype: 0x0
TBOOT:   length: 0xa1 (161)
TBOOT:   version: 0
TBOOT:   chipset_id: 0xb002
TBOOT:   flags: 0x0
TBOOT:           pre_production: 0
TBOOT:           debug_signed: 0
TBOOT:   vendor: 0x8086
TBOOT:   date: 0x20130712
TBOOT:   size*4: 0xce40 (52800)
TBOOT:   code_control: 0x0
TBOOT:   entry point: 0x00000008:000062dc
TBOOT:   scratch_size: 0x8f (143)
TBOOT:   info_table:
TBOOT:           uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
                {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT:               ACM_UUID_V3
TBOOT:           chipset_acm_type: 0x1 (SINIT)
TBOOT:           version: 4
TBOOT:           length: 0x2c (44)
TBOOT:           chipset_id_list: 0x4ec
TBOOT:           os_sinit_data_ver: 0x6
TBOOT:           min_mle_hdr_ver: 0x00020000
TBOOT:           capabilities: 0x0000002e
TBOOT:               rlp_wake_getsec: 0
TBOOT:               rlp_wake_monitor: 1
TBOOT:               ecx_pgtbl: 1
TBOOT:               stm: 1
TBOOT:               pcr_map_no_legacy: 0
TBOOT:               pcr_map_da: 1
TBOOT:               platform_type: 0
TBOOT:               max_phy_addr: 0
TBOOT:           acm_ver: 75
TBOOT:   chipset list:
TBOOT:           count: 1
TBOOT:           entry 0:
TBOOT:               flags: 0x1
TBOOT:               vendor_id: 0x8086
TBOOT:               device_id: 0xb002
TBOOT:               revision_id: 0x1
TBOOT:               extended_id: 0x0
TBOOT:   processor list:
TBOOT:           count: 3
TBOOT:           entry 0:
TBOOT:               fms: 0x306c0
TBOOT:               fms_mask: 0xfff3ff0
TBOOT:               platform_id: 0x0
TBOOT:               platform_mask: 0x0
TBOOT:           entry 1:
TBOOT:               fms: 0x40660
TBOOT:               fms_mask: 0xfff3ff0
TBOOT:               platform_id: 0x0
TBOOT:               platform_mask: 0x0
TBOOT:           entry 2:
TBOOT:               fms: 0x40650
TBOOT:               fms_mask: 0xfff3ff0
TBOOT:               platform_id: 0x0
TBOOT:               platform_mask: 0x0
TBOOT: file addresses:
TBOOT:   &_start=0x804000
TBOOT:   &_end=0xac8a40
TBOOT:   &_mle_start=0x804000
TBOOT:   &_mle_end=0x836000
TBOOT:   &_post_launch_entry=0x804010
TBOOT:   &_txt_wakeup=0x8041f0
TBOOT:   &g_mle_hdr=0x81c4a0
TBOOT: MLE header:
TBOOT:   uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
                {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT:   length=34
TBOOT:   version=00020001
TBOOT:   entry_point=00000010
TBOOT:   first_valid_page=00000000
TBOOT:   mle_start_off=4000
TBOOT:   mle_end_off=36000
TBOOT:   capabilities: 0x00000027
TBOOT:       rlp_wake_getsec: 1
TBOOT:       rlp_wake_monitor: 1
TBOOT:       ecx_pgtbl: 1
TBOOT:       stm: 0
TBOOT:       pcr_map_no_legacy: 0
TBOOT:       pcr_map_da: 1
TBOOT:       platform_type: 0
TBOOT:       max_phy_addr: 0
TBOOT: MLE start=804000, end=836000, size=32000
TBOOT: ptab_size=3000, ptab_base=0x801000
TBOOT: TXT.HEAP.BASE: 0xaef20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xaef20008, 0x56):
TBOOT:   version: 4
TBOOT:   bios_sinit_size: 0xce40 (52800)
TBOOT:   lcp_pd_base: 0x0
TBOOT:   lcp_pd_size: 0x0 (0)
TBOOT:   num_logical_procs: 8
TBOOT:   flags: 0x00000000
TBOOT:   ext_data_elts[]:
TBOOT:           BIOS_SPEC_VER:
TBOOT:               major: 0x2
TBOOT:               minor: 0x1
TBOOT:               rev: 0x0
TBOOT:           ACM:
TBOOT:               num_acms: 1
TBOOT:               acm_addrs[0]: 0xfff70000
TBOOT: discarding RAM above reserved regions: 0xaebed000 - 0xaec00000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xabdc7000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x450000000
TBOOT: no LCP module found
TBOOT: os_sinit_data (@0xaef3517e, 0x7c):
TBOOT:   version: 6
TBOOT:   flags: 0
TBOOT:   mle_ptab: 0x801000
TBOOT:   mle_size: 0x32000 (204800)
TBOOT:   mle_hdr_base: 0x184a0
TBOOT:   vtd_pmr_lo_base: 0x0
TBOOT:   vtd_pmr_lo_size: 0xabc00000
TBOOT:   vtd_pmr_hi_base: 0x100000000
TBOOT:   vtd_pmr_hi_size: 0x350000000
TBOOT:   lcp_po_base: 0x0
TBOOT:   lcp_po_size: 0x0 (0)
TBOOT:   capabilities: 0x00000002
TBOOT:       rlp_wake_getsec: 0
TBOOT:       rlp_wake_monitor: 1
TBOOT:       ecx_pgtbl: 0
TBOOT:       stm: 0
TBOOT:       pcr_map_no_legacy: 0
TBOOT:       pcr_map_da: 0
TBOOT:       platform_type: 0
TBOOT:       max_phy_addr: 0
TBOOT:   efi_rsdt_ptr: 0x0
TBOOT:   ext_data_elts[]:
TBOOT:           EVENT_LOG_POINTER:
TBOOT:                 size: 16
TBOOT:            elog_addr: 0xaef30176
TBOOT:                   Event Log Container:
TBOOT:                       Signature: TXT Event Container
TBOOT:                    ContainerVer: 1.0
TBOOT:                     PCREventVer: 1.0
TBOOT:                            Size: 20480
TBOOT:                    EventsOffset: [48,48)
TBOOT: setting MTRRs for acmod: base=0xaeef0000, size=0xce40, num_pages=13
TBOOT: executing GETSEC[SENTER]...

 

The invalid index often means that one of the critical indexes wasn't setup by the OEM and you have to do it. Look at tpmnv_defindex.

....JW

 

Hi John,

Question is, which index is the one BIOS buildin SINIT is rejecting?
"tpmnv_defindex" is just the cmd line tool defining those.
Please have a look at the top of this thread which indexes i setup and which are available in general.

From the beginning i used "4th gen i5/i7" SINIT related material decoding the error, same Colleen suggested above.
Which one are you referring to?

Best regards,
Dieter

try tpmnv_getcap - it will spout all the indexes that have been defined - I think the one I was missing was 0x20000001. It looks like that's what your error code is saying as well - I have a different processor and my codes are different so try the index, but disregard the message about the incorrect driver parameter.

....JW

Hi John,

at the top of this thread, you'll find the debugging output of a bash script i executed.
Here's a snippet:

+ tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password
Successfully defined index 0x20000001 as permission 0x2, data size is 512

Best regards,
Dieter

Yes I saw that - the size I have in the policy files is 256 - did you have 512 in yours?

I doubt that's the problem - after around 4 weeks of running around i have only moved forward by running the utilities - I think in this case it was readpol - in a debugger and watching what was setting it off. So when it trys to get info from an index you can see which onee.

The other method is putting printks in tboot. - that (should) cause the trusted boot to fail (since tboot is modified) but you should be able to get far enough to see which index it's complaining about - all that happens before GETSEC[SENTER]

....JW

Hi John,

i doubt that tboot is causing the reboot and that all happens before GETSEC[SENTER].
Last tboot printout before reboot is "TBOOT: executing GETSEC[SENTER]..."
To me, that clearly looks like SINIT is causing the reboot.

Do you have some insides on the questions i raised above?

I wonder whether the issue is related to my setup or whether it's a general issue?
I.e. have you got TXT running on S1200V3RPL with AXXTPME5?

I mean, there are indications from tboot forum that new AXXTPME3 (922115) works.
Related to this forum, it seems AXXTPME5 is the correct one to use and 922115 isn't out yet.
Might be helpfull to know whether the issue is really related to my setup or rather a general one.

Best regards,
Dieter

CORRECTION
The TPM that has been tested with the Intel(R) S1200v3RP board with the above listed processor v3 (HSW) is the second version of the AXXTPMe3 (MM#922115;  TA#G20697-003 or higher -00x;  PBA# G12756-104 or later -00#). 
This version was announced by Intel in PCN 111453 and 113080
Note:   (Earlier posts by me have also been corrected above to avoid confusing anyone reading this thread once archived)

The latest BIOS for the board contains the correct SINIT binary.

Deiter - I never said that tboot was causing the reboot - but there is, at least in your first post, a clear indication that there's a missing index. Which could / would cause the SENTER leaf to fail. So which index is missing, well step 1. is , which ones are defined for your platform - #tpmnv_getcap

....JW

 

Hi Dieter,
Working to see where you can get a 104. Will email you privately.

Hi Colleen,

Can you email me as well?  I'm having the exact same problem as Dieter.

Hi I.A.

I don't have your email address in this thread.....Can you tell me what system and what processor you have  (include any v#s in the names please).

Board support owner has confirmed that documentation will be updated to show the later version of AXXTPMe3. MM# 922115

Supplies of AXXTPME3/922115 are being replenished with shipments going out this week (mid July 2014).  Please recheck with suppliers in the next week. 

Update - #922115 is confirmed to fix this issue on the S1200v3RP board.

Hi Colleen,

sorry for the delay, posting an update to this forum.

Actually i'm facing another issue :-(

First i though i damaged my tpm plugging it in and out.
Then i ordered (that's the reason for the delay) another one (may open a shop meanwhile ;-)

What i did (same applies to both TPM now - "new" version TPM AXXTPME3 922115):

1) I applied following settings:

tpm_takeownership -z
tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password
tpmnv_defindex -i owner -s 0x36 -p password
tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password

2) Then i did a secure boot.
With the first TPM secure boot succeeded successfully, with the second TPM secure boot got stuck loading initial ramdisk (reason might be a different one as i updated kernel in between)

3) Further boots are not possible with either TPM. Graphic card is not getting initialized by the BIOS at all, therefore i can't access BIOS settings!
TPM when plugged in (with above settings applied) seems to act as a "don't start machine" switch.

I'm a bit lost, as there's no way to clear the TPMs.
Thought about uCode update, but latest BIOS version is applied (S1200RP.86B.02.01.0004)
Came across uCode because of sensor message "CATERR reports it has been asserted Critical 0x0002"
I'm not sure whether sensor message is related to TPM issue.

Thanks for any hint,
Dieter

Hi Dieter, 

The only thought would be reset thru BIOS and if you can't get into that (they system wasn't set up so you could use a console remoted in was it?  
I need to ask you to try taking this through Intel Customer Support for Server Boards to get you into the BIOS. I believe the phone number for Germany is 069 9509 6099, or check the Intel.com web site under contact support. 

Accedere per lasciare un commento.