Hi,
I recently bought a Thinkpad X1 2-in-1 Gen 10 (21NVS07F00) specifically for its
support of Intel TXT.
With Intel TME enabled, I can successfully boot using a verified launch policy
that continues on non-fatal errors. Using a stricter setting, the boot hangs.
In the log, the following messages can be found, which document the trigger of
an error condition:
TBOOT: var MTRRs with non-contiguous regions: base=0xc0000, mask=0x3fc0000
TBOOT: mtrr_def_type: e = 1, fe = 1, type = 6
TBOOT: mtrrs:
TBOOT: base mask type v
TBOOT: 00000000c0000 0000003fc0000 00 01
TBOOT: 00000000a0000 0000003fe0000 00 01
TBOOT: 000000009c000 0000003ffc000 00 01
TBOOT: 0000001000000 0000003000000 00 01
TBOOT: 0000002000000 0000002000000 00 01
TBOOT: 000000085f800 0000003fff800 00 01
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: failed to verify platform
The full log can be found here: https://pastebin.com/Hhk4AEb7
The problem also occurs with the latest tboot version 1.11.10. Interestingly, when Intel TME is disabled, tboot hangs with the same policy. Unfortunately, VGA output for tboot does
not work on this machine and I cannot access this machine's serial console provided via AMT to obtain a log in this case. (I don't really care about support for disabled TME, but
wanted to mention it nevertheless.)
Any help is appreciated. I can test patches or provide additional (debug)
information if needed. I also posted this problem on the Lenovo Linux forum,
but did not receive any reply.
Thank you and best regards
N0T3P4D
_______________________________________________
tboot-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tboot-devel
