[replying to an old email thread]
On Tue, 7 Apr 2020, Lukasz Hawrylko wrote:
Unfortunately, this bug is not reported anywhere. In real life scenarios
I don't see any benefits of loading multiple SINITs. In most cases you
have one SINIT that is dedicated to the platform.
I am not sure if that issue can be fixed without moving TBOOT log memory
pool somewhere else and that change will brake other tools. It will be
better to change documentation that only one SINIT can be loaded. I will
check who is the owner of TBOOT page in Fedora's wiki.
Just for the record I hit this issue again on HP Elitedesk 800 G2 in
UEFI-only mode. Loading
2nd_gen_i5_i7_SINIT_51.BIN
3rd_gen_i5_i7_SINIT_67.BIN
4th_gen_i5_i7_SINIT_75.BIN
5th_gen_i5_i7_SINIT_79.BIN
6th_7th_gen_i5_i7-SINIT_79.bin
7th_8th_gen_i5_i7-SINIT_81.bin
GM45_GS45_PM45_SINIT_51.BIN
Q35_SINIT_51.BIN
Q45_Q43_SINIT_51.BIN
Xeon-5600-3500-SINIT-v1.1.bin
Xeon-E7-8800-4800-2800-SINIT-v1.1.bin
i5_i7_DUAL_SINIT_51.BIN
i7_QUAD_SINIT_51.BIN
causes the system to reset at SENTER with
TBOOT: TXT.ERRORCODE: 0x80000007
TBOOT: processor error 0x7
Loading only sinit 6th_7th_gen_i5_i7-SINIT_79.bin works:
TBOOT: checking if module is an SINIT for this platform...
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xb006, revision: 0x1
TBOOT: processor family/model/stepping: 0x506e3
TBOOT: platform id: 0x4000000000000
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb006, flags: 0x1, revision: 0x1,
extended: 0x0
TBOOT: 4 ACM processor id entries:
TBOOT: fms: 0x406e0, fms_mask: 0xfff3ff0, platform_id: 0x0,
platform_mask: 0x0
TBOOT: fms: 0x506e0, fms_mask: 0xfff3ff0, platform_id: 0x0,
platform_mask: 0x0
TBOOT: SINIT matches platform
...
TBOOT: SINIT ACM successfully returned...
Could you try to contact again Fedora to get the wiki page fixed? It is
still misleading people into putting all ACMs to /boot. I could not figure
out how to modify the wiki as it seems to be very restricted due to spam
challenges.
Should we fix ./tboot/20_linux_tboot to complain if multiple ACMs are
present? I would really prefer an error message over a system reset that
is difficult to diagnose without serial console. Or should 20_linux_tboot
try to automatically select the correct ACM? Or perhaps even create one
boot entry per ACM to some submenu?
-Timo
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel