Menu
▾
▴
tboot-devel — Developer support
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(19) |
Feb
(24) |
Mar
(8) |
Apr
(14) |
May
(8) |
Jun
(10) |
Jul
(14) |
Aug
(3) |
Sep
(13) |
Oct
(27) |
Nov
(39) |
Dec
(24) |
| 2009 |
Jan
(19) |
Feb
(4) |
Mar
(2) |
Apr
(15) |
May
|
Jun
(2) |
Jul
(44) |
Aug
(21) |
Sep
(20) |
Oct
(2) |
Nov
(1) |
Dec
(7) |
| 2010 |
Jan
(7) |
Feb
(10) |
Mar
(2) |
Apr
(12) |
May
(7) |
Jun
(2) |
Jul
(18) |
Aug
(11) |
Sep
(4) |
Oct
(25) |
Nov
(8) |
Dec
(1) |
| 2011 |
Jan
(27) |
Feb
(2) |
Mar
(19) |
Apr
(8) |
May
(16) |
Jun
(11) |
Jul
(9) |
Aug
(9) |
Sep
(35) |
Oct
(9) |
Nov
(8) |
Dec
(32) |
| 2012 |
Jan
(37) |
Feb
(20) |
Mar
(2) |
Apr
(24) |
May
(4) |
Jun
(3) |
Jul
(5) |
Aug
(21) |
Sep
(8) |
Oct
(15) |
Nov
(1) |
Dec
(7) |
| 2013 |
Jan
(4) |
Feb
(8) |
Mar
(38) |
Apr
(9) |
May
(42) |
Jun
(4) |
Jul
(21) |
Aug
(4) |
Sep
|
Oct
(7) |
Nov
(2) |
Dec
(3) |
| 2014 |
Jan
(8) |
Feb
(8) |
Mar
(5) |
Apr
(9) |
May
(19) |
Jun
(1) |
Jul
(10) |
Aug
(25) |
Sep
(6) |
Oct
(2) |
Nov
(5) |
Dec
(1) |
| 2015 |
Jan
|
Feb
|
Mar
(5) |
Apr
|
May
(12) |
Jun
|
Jul
(2) |
Aug
(5) |
Sep
(11) |
Oct
(5) |
Nov
(3) |
Dec
(1) |
| 2016 |
Jan
(2) |
Feb
(24) |
Mar
|
Apr
(6) |
May
(26) |
Jun
(20) |
Jul
(8) |
Aug
(15) |
Sep
(21) |
Oct
(1) |
Nov
(7) |
Dec
(24) |
| 2017 |
Jan
(12) |
Feb
(2) |
Mar
(6) |
Apr
(8) |
May
(18) |
Jun
(13) |
Jul
(12) |
Aug
(8) |
Sep
(5) |
Oct
(1) |
Nov
|
Dec
|
| 2018 |
Jan
(2) |
Feb
(12) |
Mar
(8) |
Apr
(5) |
May
(7) |
Jun
(1) |
Jul
(4) |
Aug
(8) |
Sep
(2) |
Oct
(3) |
Nov
(4) |
Dec
(3) |
| 2019 |
Jan
(8) |
Feb
|
Mar
(2) |
Apr
|
May
(3) |
Jun
(4) |
Jul
(1) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2020 |
Jan
(25) |
Feb
(12) |
Mar
(2) |
Apr
(13) |
May
(44) |
Jun
(9) |
Jul
|
Aug
(3) |
Sep
(5) |
Oct
(4) |
Nov
(2) |
Dec
|
| 2021 |
Jan
(6) |
Feb
|
Mar
(7) |
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
(16) |
Sep
(4) |
Oct
(6) |
Nov
(1) |
Dec
(6) |
| 2022 |
Jan
(5) |
Feb
(4) |
Mar
(22) |
Apr
(6) |
May
(4) |
Jun
(17) |
Jul
(2) |
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(2) |
| 2023 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2024 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(3) |
| 2026 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Camacho R. M. <mic...@li...> - 2026-04-16 06:32:44
|
Hello Timo, Soon, I'll update this command. Regards, Michal Camacho Romero On 4/11/2026 11:20 AM, Timo Lindfors wrote: > Hi, > > it seems tboot (hg 728:54ea68a98aef) still depends on the function > 'version_find_latest' that is no longer included in grub (removed in > git commit a79c567f6b5820a8795c273a9eaabd06a1f92b29) > > This causes autopkgtests in Debian to fail: > > https://ci.debian.net/packages/t/tboot/testing/amd64/69226640/#S12 > > Fixing this should be straightforward but I'm quite busy at the moment > so I'm just sending this bug report for now. > > -Timo > > > > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Timo L. <tim...@ik...> - 2026-04-11 09:46:37
|
Hi, it seems tboot (hg 728:54ea68a98aef) still depends on the function 'version_find_latest' that is no longer included in grub (removed in git commit a79c567f6b5820a8795c273a9eaabd06a1f92b29) This causes autopkgtests in Debian to fail: https://ci.debian.net/packages/t/tboot/testing/amd64/69226640/#S12 Fixing this should be straightforward but I'm quite busy at the moment so I'm just sending this bug report for now. -Timo |
|
From: Camacho R. M. <mic...@li...> - 2026-02-11 14:10:55
|
Hello Matthias, We will review your patch in the future. However our team needs first to implement several urgent features for TBOOT MLE, before we take care of your changeset. Regards, Michal Camacho Romero On 1/23/2026 12:07 PM, Matthias Gerstner wrote: > Hello list, > > although it seems there is no longer an active upstream for tboot, here > is a patch for a compiler error/warning in tboot which occurs with > gcc-16. Maybe at least other users of tboot can make use of it. > > The diagnostic is as follows: > > safeclib/strpbrk_s.c: In function ‘strpbrk_s’: > safeclib/strpbrk_s.c:95:13: error: variable ‘len’ set but not used [-Werror=unused-but-set-variable=] > 95 | rsize_t len; > | ^~~ > cc1: all warnings being treated as errors > > It seems that this function does not take the `slen` parameter into > account at all, thereby not providing the safety guarantees that the > function's signature suggests. My take on fixing the issue is found in > the attached patch. Hopefully this doesn't cause any regressions in > spots where this shortcoming has masked errors before. > > Cheers > > Matthias > > > > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: <mic...@li...> - 2026-02-04 08:13:07
|
# HG changeset patch # User Michal Camacho Romero <mic...@li...> # Date 1770122503 -3600 # Tue Feb 03 13:41:43 2026 +0100 # Node ID 1232464471185e11faf58825ca0bb1fea64c7924 # Parent 6aefe80324aec8673ef9347cfb1d624da328f2e8 Disable CET in the TBOOT shutdown handler During PC shutdown, the Linux Kernel works under enable Intel CET technology, which enforces indirect branch tracking (IBT) mechanism for CPU indirect jumps and calls. It prevented CPU to jump into the TBOOT shutdown handler, during PC shutdown process. In the result, Kernel threw "Missing ENDBR" bug, when CPU tried to jump to the TBOOT shutdown handler's entry. The given bug was resolved by endbr64 instuction call at the begin of TBOOT shutdown handler and through disabling CET prior to the next CPU jump execution. It resolves TBOOT shutdown failure bug, reported on the SLES (SUSE Linux Enterprise Server) 16.0 OS. OS power off, called by the "init 0" command, was failing, due to activated Intel Control-Flow Enforcement Technology (CET). Disabling CET has allowed to execute OS and TBOOT shutdown properly. Closes: https://bugzilla.suse.com/show_bug.cgi?id=1247950 diff -r 6aefe80324ae -r 123246447118 tboot/common/shutdown.S --- a/tboot/common/shutdown.S Wed Jan 28 23:26:31 2026 +0100 +++ b/tboot/common/shutdown.S Tue Feb 03 13:41:43 2026 +0100 @@ -116,9 +116,21 @@ */ ENTRY(shutdown_entry) .code64 + endbr64 cli wbinvd + /* Disable CET*/ + movl $0, %eax + movl $0, %edx + movl $MSR_IA32_U_CET, %ecx + wrmsr + + movl $0, %eax + movl $0, %edx + movl $MSR_IA32_S_CET, %ecx + wrmsr + movl $MSR_EFER,%ecx rdmsr bt $_EFER_LME,%eax diff -r 6aefe80324ae -r 123246447118 tboot/include/msr.h --- a/tboot/include/msr.h Wed Jan 28 23:26:31 2026 +0100 +++ b/tboot/include/msr.h Tue Feb 03 13:41:43 2026 +0100 @@ -95,6 +95,10 @@ /* AMD64 MSR's */ #define MSR_EFER 0xc0000080 /* extended features */ +/* CET MSRs*/ +#define MSR_IA32_U_CET 0x000006a0 /* user mode cet */ +#define MSR_IA32_S_CET 0x000006a2 /* kernel mode cet */ + /* EFER bits */ #define _EFER_LME 8 /* Long mode enable */ |
|
From: <mic...@li...> - 2026-01-29 08:36:22
|
# HG changeset patch
# User Michal Camacho Romero <mic...@li...>
# Date 1769639191 -3600
# Wed Jan 28 23:26:31 2026 +0100
# Node ID 497c8178233de6e9ae636440abfc52be57c197fc
# Parent 5b577a02cec7f8ab1344d9f548cbf9af19f3ec00
Downgrade MinMleHdr version from 2.3 to 2.2
SINIT ACM supports only TPR, if MinMleHdr version is 2.3. Forcing PMRs will cause
SINIT ACM failure, if TPR support bit in the MLE capabilities will be disabled.
For this reason, TBOOT downgrades MinMleHdrVer from 2.3 to 2.2. In this case SINIT
ACM ignores TPR support settings.
diff -r 5b577a02cec7 -r 497c8178233d tboot/common/tboot.c
--- a/tboot/common/tboot.c Tue Jan 13 13:02:48 2026 +0100
+++ b/tboot/common/tboot.c Wed Jan 28 23:26:31 2026 +0100
@@ -353,7 +353,7 @@
{
tb_error_t err;
- if (g_ldr_ctx->type == 0)
+ if (g_ldr_ctx->type == 0)
determine_loader_type(addr, magic);
/* on pre-SENTER boot, copy command line to buffer in tboot image
@@ -400,7 +400,7 @@
if (is_launched()) printk(TBOOT_INFO"SINIT ACM successfully returned...\n");
if ( s3_flag ) printk(TBOOT_INFO"Resume from S3...\n");
-
+
/* RLM scaffolding
if (g_ldr_ctx->type == 2)
print_loader_ctx(g_ldr_ctx);
@@ -457,7 +457,14 @@
//We need to have g_sinit point to SINIT ACM before we can run is_tpr_supported
//This global variable decides whether PMR or TPR is used
- g_tpr_support = is_tpr_supported(get_tboot_force_pmrs());
+ if (get_tboot_force_pmrs()) {
+ // Disable TPR support, if "force_pmrs" cmdline option was set
+ g_tpr_support = false;
+ force_pmrs_usage();
+ }
+ else {
+ g_tpr_support = is_tpr_supported();
+ }
/* make TPM ready for measured launch */
if (!tpm_detect())
diff -r 5b577a02cec7 -r 497c8178233d tboot/include/txt/txt.h
--- a/tboot/include/txt/txt.h Tue Jan 13 13:02:48 2026 +0100
+++ b/tboot/include/txt/txt.h Wed Jan 28 23:26:31 2026 +0100
@@ -60,8 +60,9 @@
extern void txt_shutdown(void);
extern bool txt_is_powercycle_required(void);
extern void ap_wait(unsigned int cpuid);
+extern void force_pmrs_usage(void);
extern int get_evtlog_type(void);
-extern bool is_tpr_supported(bool);
+extern bool is_tpr_supported(void);
extern uint32_t g_using_da;
extern bool g_tpr_support;
diff -r 5b577a02cec7 -r 497c8178233d tboot/txt/txt.c
--- a/tboot/txt/txt.c Tue Jan 13 13:02:48 2026 +0100
+++ b/tboot/txt/txt.c Wed Jan 28 23:26:31 2026 +0100
@@ -835,51 +835,38 @@
return sts.senter_done_sts;
}
-bool is_tpr_supported(bool force_pmrs)
+bool is_tpr_supported(void)
{
- acm_info_table_t *info_table = NULL;
+ //Reads SINIT ACM capabilities field and returns tpr_support bit
+ //Needs g_sinit to be set.
txt_caps_t sinit_caps;
sinit_caps._raw = 0;
+
if (g_sinit != NULL) {
sinit_caps = get_sinit_capabilities(g_sinit);
}
- else {
- return sinit_caps.tpr_support;
+
+ return sinit_caps.tpr_support;
+}
+
+void force_pmrs_usage(void)
+{
+ acm_info_table_t *info_table = get_acmod_info_table(g_sinit);
+ if (info_table == NULL) {
+ return;
}
- // Disable TPR support, if "force_pmrs" cmdline option was set
- if (force_pmrs) {
- info_table = get_acmod_info_table(g_sinit);
- if (info_table == NULL) {
- return sinit_caps.tpr_support;
- }
+ if (info_table->min_mle_hdr_ver >= 0x00020003) {
+ printk(TBOOT_WARN"SINIT ACM has no support for PMR DMA Protection by default.\n");
+ printk(TBOOT_WARN"MinMleHeader version is downgraded to 2.2.\n");
+ info_table->min_mle_hdr_ver = 0x00020002;
+ }
- if (info_table->min_mle_hdr_ver == 0x00020003) {
- printk(TBOOT_INFO"MinMleHeader version is 2.3. "
- "Forcing PMRs is forbidden.\n");
- return sinit_caps.tpr_support;
- }
- else {
- if (info_table->min_mle_hdr_ver == 0x00020002) {
- printk(TBOOT_INFO"MinMleHeader version is 2.2. "
- "SINIT will ignore TPR support bit 14 in\n"
- "OsSinit.Capabilities.\n");
- return sinit_caps.tpr_support;
- }
- else {
- g_force_pmrs = true;
- }
-
- g_mle_hdr.capabilities.tpr_support = 0;
- printk(TBOOT_INFO"TPR Support disabled in the MLE capabilities.\n");
-
- return g_mle_hdr.capabilities.tpr_support;
- }
- }
- else {
- return sinit_caps.tpr_support;
- }
+ g_force_pmrs = true;
+ g_mle_hdr.capabilities.tpr_support = 0;
+ printk(TBOOT_INFO"TPR support disabled in the MLE capabilities.\n");
+ return;
}
tb_error_t txt_launch_environment(loader_ctx *lctx)
|
|
From: N0T3P4D <n0t...@gm...> - 2026-01-23 14:14:30
|
Hi, I recently bought a Thinkpad X1 2-in-1 Gen 10 (21NVS07F00) specifically for its support of Intel TXT. With Intel TME enabled, I can successfully boot using a verified launch policy that continues on non-fatal errors. Using a stricter setting, the boot hangs. In the log, the following messages can be found, which document the trigger of an error condition: TBOOT: var MTRRs with non-contiguous regions: base=0xc0000, mask=0x3fc0000 TBOOT: mtrr_def_type: e = 1, fe = 1, type = 6 TBOOT: mtrrs: TBOOT: base mask type v TBOOT: 00000000c0000 0000003fc0000 00 01 TBOOT: 00000000a0000 0000003fe0000 00 01 TBOOT: 000000009c000 0000003ffc000 00 01 TBOOT: 0000001000000 0000003000000 00 01 TBOOT: 0000002000000 0000002000000 00 01 TBOOT: 000000085f800 0000003fff800 00 01 TBOOT: 0000000000000 0000000000000 00 00 TBOOT: 0000000000000 0000000000000 00 00 TBOOT: 0000000000000 0000000000000 00 00 TBOOT: 0000000000000 0000000000000 00 00 TBOOT: failed to verify platform The full log can be found here: https://pastebin.com/Hhk4AEb7 The problem also occurs with the latest tboot version 1.11.10. Interestingly, when Intel TME is disabled, tboot hangs with the same policy. Unfortunately, VGA output for tboot does not work on this machine and I cannot access this machine's serial console provided via AMT to obtain a log in this case. (I don't really care about support for disabled TME, but wanted to mention it nevertheless.) Any help is appreciated. I can test patches or provide additional (debug) information if needed. I also posted this problem on the Lenovo Linux forum, but did not receive any reply. Thank you and best regards N0T3P4D |
|
From: Matthias G. <mge...@su...> - 2026-01-23 11:22:59
|
Hello list,
although it seems there is no longer an active upstream for tboot, here
is a patch for a compiler error/warning in tboot which occurs with
gcc-16. Maybe at least other users of tboot can make use of it.
The diagnostic is as follows:
safeclib/strpbrk_s.c: In function ‘strpbrk_s’:
safeclib/strpbrk_s.c:95:13: error: variable ‘len’ set but not used [-Werror=unused-but-set-variable=]
95 | rsize_t len;
| ^~~
cc1: all warnings being treated as errors
It seems that this function does not take the `slen` parameter into
account at all, thereby not providing the safety guarantees that the
function's signature suggests. My take on fixing the issue is found in
the attached patch. Hopefully this doesn't cause any regressions in
spots where this shortcoming has masked errors before.
Cheers
Matthias
--
Matthias Gerstner <mat...@su...>
Security Engineer
https://www.suse.com/security
GPG Key ID: 0x14C405C971923553
SUSE Software Solutions Germany GmbH
HRB 36809, AG Nürnberg
Geschäftsführer: Jochen Jaser, Andrew McDonald, Werner Knoblich
|
|
From: Camacho R. M. <mic...@li...> - 2026-01-21 11:01:24
|
Hello Lukasz, Timo and Tony, I've prepared 4 patches, which provide the additional option for TBOOT cmdline - "force_pmrs". It's purpose is to force TBOOT and SINIT ACM to configure IOMMU PMRs (Protected Memory Ranges) , instead of TPRs (Intel TXT Protection Ranges) on the Intel Processors, which support the second ones. This option will be needed to omit potential Kernel hanging issues, caused by the lack of TPR support. Below I've shared an example of such failures, which appeared for the MTL CPUs: " [ 8.448984] ACPI: Added _OSI(3.0 _SCP Extensions) [ 8.449984] ACPI: Added _OSI(Processor Aggregator Device) [ 8.863893] ACPI: 13 ACPI AML tables successfully acquired and loaded [ 8.883000] DMAR: VT-d detected Invalidation Queue Error: Reason 2 [ 8.883003] DMAR: QI HEAD: Interrupt Entry Cache Invalidation qw0 = 0x800000014, qw1 = 0x0 [ 8.883007] DMAR: DRHD: handling fault status reg 10 [ 8.883981] DMAR: QI PRIOR: UNKNOWN qw0 = 0x0, qw1 = 0x0 [ 8.883981] DMAR: Invalidation Queue Error (IQE) cleared [ 8.909982] DMAR: DRHD: handling fault status reg 10 [ 8.883981] DMAR: VT-d detected Invalidation Queue Error: Reason 2 [ 8.883981] DMAR: QI HEAD: Invalidation Wait qw0 = 0x200000025, qw1 = 0x100351804 [ 8.883981] DMAR: QI PRIOR: UNKNOWN qw0 = 0x0, qw1 = 0x0 [ 8.883981] DMAR: VT-d detected Invalidation Queue Error: Reason 2 [ 8.883981] DMAR: QI HEAD: Invalidation Wait qw0 = 0x200000025, qw1 = 0x100351804 [ 8.883981] DMAR: QI PRIOR: UNKNOWN qw0 = 0x0, qw1 = 0x0 [ 8.883981] DMAR: VT-d detected Invalidation Queue Error: Reason 2 [ 8.883981] DMAR: QI HEAD: Invalidation Wait qw0 = 0x200000025, qw1 = 0x100351804 [ 8.883981] DMAR: QI PRIOR: UNKNOWN qw0 = 0x0, qw1 = 0x0 [ 8.883981] DMAR: VT-d detected Invalidation Queue Error: Reason 2 [ 8.883981] DMAR: QI HEAD: Invalidation Wait qw0 = 0x200000025, qw1 = 0x100351804 [ 8.883981] DMAR: QI PRIOR: UNKNOWN qw0 = 0x0, qw1 = 0x0 [ 8.883981] DMAR: VT-d detected Invalidation Queue Error: Reason 2 [ 8.883981] DMAR: QI HEAD: Invalidation Wait qw0 = 0x200000025, qw1 = 0x100351804 [ 8.883981] DMAR: QI PRIOR: UNKNOWN qw0 = 0x0, qw1 = 0x0 [ 8.883981] DMAR: VT-d detected Invalidation Queue Error: Reason 2 [ 8.883981] DMAR: QI HEAD: Invalidation Wait qw0 = 0x200000025, qw1 = 0x100351804 [ 8.883981] DMAR: QI PRIOR: UNKNOWN qw0 = 0x0, qw1 = 0x0 [ 8.883981] DMAR: VT-d detected Invalidation Queue Error: Reason 2 [ 8.883981] DMAR: QI HEAD: Invalidation Wait qw0 = 0x200000025, qw1 = 0x100351804 [ 8.883981] DMAR: QI PRIOR: UNKNOWN qw0 = 0x0, qw1 = 0x0 " Could you please share you opinions about these 4 patches? Regards, Michal Camacho Romero On 1/19/2026 8:10 PM, mic...@li... wrote: > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Camacho R. M. <mic...@li...> - 2026-01-19 19:12:11
|
Please ignore the given message. There is a lack of the last 4th patch. On 1/19/2026 8:07 PM, mic...@li... wrote: > > > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: <mic...@li...> - 2026-01-19 19:10:46
|
# HG changeset patch
# User Michal Camacho Romero <mic...@li...>
# Date 1768305768 -3600
# Tue Jan 13 13:02:48 2026 +0100
# Node ID 5b577a02cec7f8ab1344d9f548cbf9af19f3ec00
# Parent f24ac8c37095e6a0ffb2f781ad2202656a249caa
Verify MinMleHeader version, before TPR support disabling
Before TBOOT disables TPR support bits in the OsSinit.Capabilities and MleHeader.Capabilities,
it needs to verify if the MinMleHeader version is not equal both to the v2.2 and v2.3.
In case, when minimal MLE Header version is 2.2, then SINIT treats TprSupport bit in OsSinit.Capabilities
as reserved field and ignores it. However, when MinMleHeader version is 2.3, it means that SINIT supports
only TPRs as memory protection mechanism and it will abort MLE execution if TPR support bit is disabled in MLE
Header. From these reasons, TBOOT needs to verify MinMleHeader, before it forces PMR usage by SINIT ACM.
In the case, when the force_pmrs option isn't used, function returnes TPR support bit value from the SINIT ACM capabilities.
diff -r f24ac8c37095 -r 5b577a02cec7 tboot/txt/txt.c
--- a/tboot/txt/txt.c Wed Jan 07 16:45:20 2026 +0100
+++ b/tboot/txt/txt.c Tue Jan 13 13:02:48 2026 +0100
@@ -837,15 +837,49 @@
bool is_tpr_supported(bool force_pmrs)
{
- // Disable TPR support, if "force_pmrs" cmdline option was set
- if (force_pmrs)
- {
- g_force_pmrs = true;
- g_mle_hdr.capabilities.tpr_support = 0;
- printk(TBOOT_INFO"TPR Support disabled in the MLE capabilities.\n");
+ acm_info_table_t *info_table = NULL;
+ txt_caps_t sinit_caps;
+
+ sinit_caps._raw = 0;
+ if (g_sinit != NULL) {
+ sinit_caps = get_sinit_capabilities(g_sinit);
+ }
+ else {
+ return sinit_caps.tpr_support;
}
- return g_mle_hdr.capabilities.tpr_support;
+ // Disable TPR support, if "force_pmrs" cmdline option was set
+ if (force_pmrs) {
+ info_table = get_acmod_info_table(g_sinit);
+ if (info_table == NULL) {
+ return sinit_caps.tpr_support;
+ }
+
+ if (info_table->min_mle_hdr_ver == 0x00020003) {
+ printk(TBOOT_INFO"MinMleHeader version is 2.3. "
+ "Forcing PMRs is forbidden.\n");
+ return sinit_caps.tpr_support;
+ }
+ else {
+ if (info_table->min_mle_hdr_ver == 0x00020002) {
+ printk(TBOOT_INFO"MinMleHeader version is 2.2. "
+ "SINIT will ignore TPR support bit 14 in\n"
+ "OsSinit.Capabilities.\n");
+ return sinit_caps.tpr_support;
+ }
+ else {
+ g_force_pmrs = true;
+ }
+
+ g_mle_hdr.capabilities.tpr_support = 0;
+ printk(TBOOT_INFO"TPR Support disabled in the MLE capabilities.\n");
+
+ return g_mle_hdr.capabilities.tpr_support;
+ }
+ }
+ else {
+ return sinit_caps.tpr_support;
+ }
}
tb_error_t txt_launch_environment(loader_ctx *lctx)
|
|
From: <mic...@li...> - 2026-01-19 19:10:45
|
# HG changeset patch
# User Michal Camacho Romero <mic...@li...>
# Date 1767800720 -3600
# Wed Jan 07 16:45:20 2026 +0100
# Node ID f24ac8c37095e6a0ffb2f781ad2202656a249caa
# Parent f26f17cb735a0c2e814728b852e701778c800406
Disable TPR support in ACM capabilities (TXT Heap/OsSinitData)
diff -r f26f17cb735a -r f24ac8c37095 tboot/common/tboot.c
--- a/tboot/common/tboot.c Wed Jan 07 16:14:51 2026 +0100
+++ b/tboot/common/tboot.c Wed Jan 07 16:45:20 2026 +0100
@@ -352,7 +352,6 @@
void begin_launch(void *addr, uint32_t magic)
{
tb_error_t err;
- bool force_pmrs = false;
if (g_ldr_ctx->type == 0)
determine_loader_type(addr, magic);
@@ -456,11 +455,9 @@
apply_policy(TB_ERR_ACMOD_VERIFY_FAILED);
}
- force_pmrs = get_tboot_force_pmrs();
-
//We need to have g_sinit point to SINIT ACM before we can run is_tpr_supported
//This global variable decides whether PMR or TPR is used
- g_tpr_support = is_tpr_supported(force_pmrs);
+ g_tpr_support = is_tpr_supported(get_tboot_force_pmrs());
/* make TPM ready for measured launch */
if (!tpm_detect())
diff -r f26f17cb735a -r f24ac8c37095 tboot/txt/txt.c
--- a/tboot/txt/txt.c Wed Jan 07 16:14:51 2026 +0100
+++ b/tboot/txt/txt.c Wed Jan 07 16:45:20 2026 +0100
@@ -111,6 +111,8 @@
TBOOT_BASE_ADDR,
};
+static bool g_force_pmrs = false;
+
/*
* counts of APs going into wait-for-sipi
*/
@@ -667,6 +669,14 @@
printk(TBOOT_ERR"SINIT capabilities are incompatible (0x%x)\n", sinit_caps._raw);
return NULL;
}
+
+ if (g_tpr_support == false && g_force_pmrs == true)
+ {
+ os_sinit_data->capabilities.tpr_support = 0;
+ printk(TBOOT_INFO"TPR Support disabled in the ACM capabilities "
+ "(OsSinitData).\n");
+ }
+
if ( get_evtlog_type() == EVTLOG_TPM2_TCG ) {
printk(TBOOT_INFO"SINIT ACM supports TCG compliant TPM 2.0 event log format, tcg_event_log_format = %d \n",
sinit_caps.tcg_event_log_format);
@@ -830,6 +840,7 @@
// Disable TPR support, if "force_pmrs" cmdline option was set
if (force_pmrs)
{
+ g_force_pmrs = true;
g_mle_hdr.capabilities.tpr_support = 0;
printk(TBOOT_INFO"TPR Support disabled in the MLE capabilities.\n");
}
|
|
From: <mic...@li...> - 2026-01-19 19:10:44
|
# HG changeset patch
# User Michal Camacho Romero <mic...@li...>
# Date 1767798891 -3600
# Wed Jan 07 16:14:51 2026 +0100
# Node ID f26f17cb735a0c2e814728b852e701778c800406
# Parent d512777179769bd322ea73adc560b9e85d63c893
Fix force_pmrs option verification procedure
TBOOT hasn't proceed earlier force_pmrs option, due to invalid comparision condition,
given in the get_tboot_force_pmrs function, which parses "force_pmrs" option from
the TBOOT cmdline.
diff -r d51277717976 -r f26f17cb735a tboot/common/cmdline.c
--- a/tboot/common/cmdline.c Thu Nov 20 09:52:29 2025 +0100
+++ b/tboot/common/cmdline.c Wed Jan 07 16:14:51 2026 +0100
@@ -547,7 +547,7 @@
const char *force_pmrs = get_option_val(g_tboot_cmdline_options,
g_tboot_param_values,
"force_pmrs");
- if (force_pmrs != NULL && tb_strcmp(force_pmrs, "true"))
+ if (force_pmrs != NULL && (tb_strcmp(force_pmrs, "true") == 0))
{
return true;
}
diff -r d51277717976 -r f26f17cb735a tboot/txt/txt.c
--- a/tboot/txt/txt.c Thu Nov 20 09:52:29 2025 +0100
+++ b/tboot/txt/txt.c Wed Jan 07 16:14:51 2026 +0100
@@ -117,22 +117,6 @@
/* count of APs in WAIT-FOR-SIPI */
atomic_t ap_wfs_count;
-static void disable_tpr_support(const acm_hdr_t *hdr)
-{
- // Disable TPR support in the SINIT ACM capabilities
- acm_info_table_t *info_table = get_acmod_info_table(hdr);
- if ( info_table == NULL || info_table->version < 3 ) {
- printk(TBOOT_ERR"TPR support disabling process has failed\n");
- }
-
- info_table->capabilities.tpr_support = 0;
- printk(TBOOT_INFO"TPR support has been disabled properly in SINIT ACM\n");
-
- // Disable TPR support bit in the MLE capabilities
- g_mle_hdr.capabilities.tpr_support = 0;
-
- printk(TBOOT_INFO"MLE capabilities: 0x%X\n", g_mle_hdr.capabilities._raw);
-}
static void print_file_info(void)
{
@@ -843,23 +827,14 @@
bool is_tpr_supported(bool force_pmrs)
{
- //Reads SINIT ACM capabilities field and returns tpr_support bit
- //Needs g_sinit to be set.
- txt_caps_t sinit_caps;
-
- sinit_caps._raw = 0;
-
// Disable TPR support, if "force_pmrs" cmdline option was set
- if (force_pmrs && g_sinit != NULL)
+ if (force_pmrs)
{
- disable_tpr_support(g_sinit);
+ g_mle_hdr.capabilities.tpr_support = 0;
+ printk(TBOOT_INFO"TPR Support disabled in the MLE capabilities.\n");
}
- if (g_sinit != NULL) {
- sinit_caps = get_sinit_capabilities(g_sinit);
- }
-
- return sinit_caps.tpr_support;
+ return g_mle_hdr.capabilities.tpr_support;
}
tb_error_t txt_launch_environment(loader_ctx *lctx)
|
|
From: <mic...@li...> - 2026-01-19 19:10:44
|
# HG changeset patch
# User Michal Camacho Romero <mic...@li...>
# Date 1763628749 -3600
# Thu Nov 20 09:52:29 2025 +0100
# Node ID d512777179769bd322ea73adc560b9e85d63c893
# Parent 5220085b54dd5fb5f2e9f59766f14756b2062ebd
Enable to force PMR using, instead of TPRs
Provide a possibility to replace TPRs usage with PMRs, by setting the
additional TBOOT cmdline option "force_pmrs=true". It disables TPR
support bit in the ACM capabilities and the similar bit in the MLE
capabilities. This solution forced TBOOT and SINIT ACM to configure PMRs
as their protection ranges.
diff -r 5220085b54dd -r d51277717976 tboot/common/cmdline.c
--- a/tboot/common/cmdline.c Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/common/cmdline.c Thu Nov 20 09:52:29 2025 +0100
@@ -85,6 +85,7 @@
{ "measure_nv", "false" }, /* true|false */
{ "extpol", "sha256" }, /*agile|embedded|sha1|sha256|sm3|... */
{ "ignore_prev_err", "true"}, /* true|false */
+ { "force_pmrs", "false"}, /* true|false */
{ "force_tpm2_legacy_log", "false"}, /* true|false */
{ "save_vtd", "false"}, /* true|false */
{ "dump_memmap", "false"}, /* true|false */
@@ -541,6 +542,19 @@
}
}
+bool get_tboot_force_pmrs(void)
+{
+ const char *force_pmrs = get_option_val(g_tboot_cmdline_options,
+ g_tboot_param_values,
+ "force_pmrs");
+ if (force_pmrs != NULL && tb_strcmp(force_pmrs, "true"))
+ {
+ return true;
+ }
+
+ return false;
+}
+
bool get_tboot_force_tpm2_legacy_log(void)
{
const char *force_legacy_log =
diff -r 5220085b54dd -r d51277717976 tboot/common/tboot.c
--- a/tboot/common/tboot.c Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/common/tboot.c Thu Nov 20 09:52:29 2025 +0100
@@ -352,6 +352,7 @@
void begin_launch(void *addr, uint32_t magic)
{
tb_error_t err;
+ bool force_pmrs = false;
if (g_ldr_ctx->type == 0)
determine_loader_type(addr, magic);
@@ -454,10 +455,12 @@
if (!verify_acmod(g_sinit))
apply_policy(TB_ERR_ACMOD_VERIFY_FAILED);
}
-
+
+ force_pmrs = get_tboot_force_pmrs();
+
//We need to have g_sinit point to SINIT ACM before we can run is_tpr_supported
//This global variable decides whether PMR or TPR is used
- g_tpr_support = is_tpr_supported();
+ g_tpr_support = is_tpr_supported(force_pmrs);
/* make TPM ready for measured launch */
if (!tpm_detect())
diff -r 5220085b54dd -r d51277717976 tboot/include/cmdline.h
--- a/tboot/include/cmdline.h Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/include/cmdline.h Thu Nov 20 09:52:29 2025 +0100
@@ -55,6 +55,7 @@
extern bool get_tboot_ignore_prev_err(void);
extern bool get_tboot_measure_nv(void);
extern void get_tboot_extpol(void);
+extern bool get_tboot_force_pmrs(void);
extern bool get_tboot_force_tpm2_legacy_log(void);
extern bool get_tboot_save_vtd(void);
extern bool get_tboot_dump_memmap(void);
diff -r 5220085b54dd -r d51277717976 tboot/include/txt/acmod.h
--- a/tboot/include/txt/acmod.h Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/include/txt/acmod.h Thu Nov 20 09:52:29 2025 +0100
@@ -202,6 +202,8 @@
extern txt_caps_t get_sinit_capabilities(const acm_hdr_t* hdr);
extern tpm_info_list_t *get_tpm_info_list(const acm_hdr_t* hdr);
extern void verify_IA32_se_svn_status(const acm_hdr_t *acm_hdr);
+extern acm_info_table_t *get_acmod_info_table(const acm_hdr_t* hdr);
+
#endif /* __TXT_ACMOD_H__ */
/*
diff -r 5220085b54dd -r d51277717976 tboot/include/txt/txt.h
--- a/tboot/include/txt/txt.h Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/include/txt/txt.h Thu Nov 20 09:52:29 2025 +0100
@@ -61,7 +61,7 @@
extern bool txt_is_powercycle_required(void);
extern void ap_wait(unsigned int cpuid);
extern int get_evtlog_type(void);
-extern bool is_tpr_supported(void);
+extern bool is_tpr_supported(bool);
extern uint32_t g_using_da;
extern bool g_tpr_support;
diff -r 5220085b54dd -r d51277717976 tboot/txt/acmod.c
--- a/tboot/txt/acmod.c Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/txt/acmod.c Thu Nov 20 09:52:29 2025 +0100
@@ -56,7 +56,7 @@
#include <tpm.h>
#endif /* IS_INCLUDED */
-static acm_info_table_t *get_acmod_info_table(const acm_hdr_t* hdr)
+acm_info_table_t *get_acmod_info_table(const acm_hdr_t* hdr)
{
uint32_t user_area_off;
diff -r 5220085b54dd -r d51277717976 tboot/txt/txt.c
--- a/tboot/txt/txt.c Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/txt/txt.c Thu Nov 20 09:52:29 2025 +0100
@@ -97,7 +97,7 @@
* this is the structure whose addr we'll put in TXT heap
* it needs to be within the MLE pages, so force it to the .text section
*/
-static __text const mle_hdr_t g_mle_hdr = {
+static __text mle_hdr_t g_mle_hdr = {
uuid : MLE_HDR_UUID,
length : sizeof(mle_hdr_t),
version : MLE_HDR_VER,
@@ -117,6 +117,23 @@
/* count of APs in WAIT-FOR-SIPI */
atomic_t ap_wfs_count;
+static void disable_tpr_support(const acm_hdr_t *hdr)
+{
+ // Disable TPR support in the SINIT ACM capabilities
+ acm_info_table_t *info_table = get_acmod_info_table(hdr);
+ if ( info_table == NULL || info_table->version < 3 ) {
+ printk(TBOOT_ERR"TPR support disabling process has failed\n");
+ }
+
+ info_table->capabilities.tpr_support = 0;
+ printk(TBOOT_INFO"TPR support has been disabled properly in SINIT ACM\n");
+
+ // Disable TPR support bit in the MLE capabilities
+ g_mle_hdr.capabilities.tpr_support = 0;
+
+ printk(TBOOT_INFO"MLE capabilities: 0x%X\n", g_mle_hdr.capabilities._raw);
+}
+
static void print_file_info(void)
{
printk(TBOOT_DETA"file addresses:\n");
@@ -824,7 +841,7 @@
return sts.senter_done_sts;
}
-bool is_tpr_supported(void)
+bool is_tpr_supported(bool force_pmrs)
{
//Reads SINIT ACM capabilities field and returns tpr_support bit
//Needs g_sinit to be set.
@@ -832,6 +849,12 @@
sinit_caps._raw = 0;
+ // Disable TPR support, if "force_pmrs" cmdline option was set
+ if (force_pmrs && g_sinit != NULL)
+ {
+ disable_tpr_support(g_sinit);
+ }
+
if (g_sinit != NULL) {
sinit_caps = get_sinit_capabilities(g_sinit);
}
|
|
From: <mic...@li...> - 2026-01-19 19:10:43
|
|
From: <mic...@li...> - 2026-01-19 19:08:13
|
# HG changeset patch
# User Michal Camacho Romero <mic...@li...>
# Date 1767800720 -3600
# Wed Jan 07 16:45:20 2026 +0100
# Node ID f24ac8c37095e6a0ffb2f781ad2202656a249caa
# Parent f26f17cb735a0c2e814728b852e701778c800406
Disable TPR support in ACM capabilities (TXT Heap/OsSinitData)
diff -r f26f17cb735a -r f24ac8c37095 tboot/common/tboot.c
--- a/tboot/common/tboot.c Wed Jan 07 16:14:51 2026 +0100
+++ b/tboot/common/tboot.c Wed Jan 07 16:45:20 2026 +0100
@@ -352,7 +352,6 @@
void begin_launch(void *addr, uint32_t magic)
{
tb_error_t err;
- bool force_pmrs = false;
if (g_ldr_ctx->type == 0)
determine_loader_type(addr, magic);
@@ -456,11 +455,9 @@
apply_policy(TB_ERR_ACMOD_VERIFY_FAILED);
}
- force_pmrs = get_tboot_force_pmrs();
-
//We need to have g_sinit point to SINIT ACM before we can run is_tpr_supported
//This global variable decides whether PMR or TPR is used
- g_tpr_support = is_tpr_supported(force_pmrs);
+ g_tpr_support = is_tpr_supported(get_tboot_force_pmrs());
/* make TPM ready for measured launch */
if (!tpm_detect())
diff -r f26f17cb735a -r f24ac8c37095 tboot/txt/txt.c
--- a/tboot/txt/txt.c Wed Jan 07 16:14:51 2026 +0100
+++ b/tboot/txt/txt.c Wed Jan 07 16:45:20 2026 +0100
@@ -111,6 +111,8 @@
TBOOT_BASE_ADDR,
};
+static bool g_force_pmrs = false;
+
/*
* counts of APs going into wait-for-sipi
*/
@@ -667,6 +669,14 @@
printk(TBOOT_ERR"SINIT capabilities are incompatible (0x%x)\n", sinit_caps._raw);
return NULL;
}
+
+ if (g_tpr_support == false && g_force_pmrs == true)
+ {
+ os_sinit_data->capabilities.tpr_support = 0;
+ printk(TBOOT_INFO"TPR Support disabled in the ACM capabilities "
+ "(OsSinitData).\n");
+ }
+
if ( get_evtlog_type() == EVTLOG_TPM2_TCG ) {
printk(TBOOT_INFO"SINIT ACM supports TCG compliant TPM 2.0 event log format, tcg_event_log_format = %d \n",
sinit_caps.tcg_event_log_format);
@@ -830,6 +840,7 @@
// Disable TPR support, if "force_pmrs" cmdline option was set
if (force_pmrs)
{
+ g_force_pmrs = true;
g_mle_hdr.capabilities.tpr_support = 0;
printk(TBOOT_INFO"TPR Support disabled in the MLE capabilities.\n");
}
|
|
From: <mic...@li...> - 2026-01-19 19:08:12
|
# HG changeset patch
# User Michal Camacho Romero <mic...@li...>
# Date 1763628749 -3600
# Thu Nov 20 09:52:29 2025 +0100
# Node ID d512777179769bd322ea73adc560b9e85d63c893
# Parent 5220085b54dd5fb5f2e9f59766f14756b2062ebd
Enable to force PMR using, instead of TPRs
Provide a possibility to replace TPRs usage with PMRs, by setting the
additional TBOOT cmdline option "force_pmrs=true". It disables TPR
support bit in the ACM capabilities and the similar bit in the MLE
capabilities. This solution forced TBOOT and SINIT ACM to configure PMRs
as their protection ranges.
diff -r 5220085b54dd -r d51277717976 tboot/common/cmdline.c
--- a/tboot/common/cmdline.c Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/common/cmdline.c Thu Nov 20 09:52:29 2025 +0100
@@ -85,6 +85,7 @@
{ "measure_nv", "false" }, /* true|false */
{ "extpol", "sha256" }, /*agile|embedded|sha1|sha256|sm3|... */
{ "ignore_prev_err", "true"}, /* true|false */
+ { "force_pmrs", "false"}, /* true|false */
{ "force_tpm2_legacy_log", "false"}, /* true|false */
{ "save_vtd", "false"}, /* true|false */
{ "dump_memmap", "false"}, /* true|false */
@@ -541,6 +542,19 @@
}
}
+bool get_tboot_force_pmrs(void)
+{
+ const char *force_pmrs = get_option_val(g_tboot_cmdline_options,
+ g_tboot_param_values,
+ "force_pmrs");
+ if (force_pmrs != NULL && tb_strcmp(force_pmrs, "true"))
+ {
+ return true;
+ }
+
+ return false;
+}
+
bool get_tboot_force_tpm2_legacy_log(void)
{
const char *force_legacy_log =
diff -r 5220085b54dd -r d51277717976 tboot/common/tboot.c
--- a/tboot/common/tboot.c Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/common/tboot.c Thu Nov 20 09:52:29 2025 +0100
@@ -352,6 +352,7 @@
void begin_launch(void *addr, uint32_t magic)
{
tb_error_t err;
+ bool force_pmrs = false;
if (g_ldr_ctx->type == 0)
determine_loader_type(addr, magic);
@@ -454,10 +455,12 @@
if (!verify_acmod(g_sinit))
apply_policy(TB_ERR_ACMOD_VERIFY_FAILED);
}
-
+
+ force_pmrs = get_tboot_force_pmrs();
+
//We need to have g_sinit point to SINIT ACM before we can run is_tpr_supported
//This global variable decides whether PMR or TPR is used
- g_tpr_support = is_tpr_supported();
+ g_tpr_support = is_tpr_supported(force_pmrs);
/* make TPM ready for measured launch */
if (!tpm_detect())
diff -r 5220085b54dd -r d51277717976 tboot/include/cmdline.h
--- a/tboot/include/cmdline.h Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/include/cmdline.h Thu Nov 20 09:52:29 2025 +0100
@@ -55,6 +55,7 @@
extern bool get_tboot_ignore_prev_err(void);
extern bool get_tboot_measure_nv(void);
extern void get_tboot_extpol(void);
+extern bool get_tboot_force_pmrs(void);
extern bool get_tboot_force_tpm2_legacy_log(void);
extern bool get_tboot_save_vtd(void);
extern bool get_tboot_dump_memmap(void);
diff -r 5220085b54dd -r d51277717976 tboot/include/txt/acmod.h
--- a/tboot/include/txt/acmod.h Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/include/txt/acmod.h Thu Nov 20 09:52:29 2025 +0100
@@ -202,6 +202,8 @@
extern txt_caps_t get_sinit_capabilities(const acm_hdr_t* hdr);
extern tpm_info_list_t *get_tpm_info_list(const acm_hdr_t* hdr);
extern void verify_IA32_se_svn_status(const acm_hdr_t *acm_hdr);
+extern acm_info_table_t *get_acmod_info_table(const acm_hdr_t* hdr);
+
#endif /* __TXT_ACMOD_H__ */
/*
diff -r 5220085b54dd -r d51277717976 tboot/include/txt/txt.h
--- a/tboot/include/txt/txt.h Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/include/txt/txt.h Thu Nov 20 09:52:29 2025 +0100
@@ -61,7 +61,7 @@
extern bool txt_is_powercycle_required(void);
extern void ap_wait(unsigned int cpuid);
extern int get_evtlog_type(void);
-extern bool is_tpr_supported(void);
+extern bool is_tpr_supported(bool);
extern uint32_t g_using_da;
extern bool g_tpr_support;
diff -r 5220085b54dd -r d51277717976 tboot/txt/acmod.c
--- a/tboot/txt/acmod.c Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/txt/acmod.c Thu Nov 20 09:52:29 2025 +0100
@@ -56,7 +56,7 @@
#include <tpm.h>
#endif /* IS_INCLUDED */
-static acm_info_table_t *get_acmod_info_table(const acm_hdr_t* hdr)
+acm_info_table_t *get_acmod_info_table(const acm_hdr_t* hdr)
{
uint32_t user_area_off;
diff -r 5220085b54dd -r d51277717976 tboot/txt/txt.c
--- a/tboot/txt/txt.c Thu Apr 17 08:33:41 2025 -0400
+++ b/tboot/txt/txt.c Thu Nov 20 09:52:29 2025 +0100
@@ -97,7 +97,7 @@
* this is the structure whose addr we'll put in TXT heap
* it needs to be within the MLE pages, so force it to the .text section
*/
-static __text const mle_hdr_t g_mle_hdr = {
+static __text mle_hdr_t g_mle_hdr = {
uuid : MLE_HDR_UUID,
length : sizeof(mle_hdr_t),
version : MLE_HDR_VER,
@@ -117,6 +117,23 @@
/* count of APs in WAIT-FOR-SIPI */
atomic_t ap_wfs_count;
+static void disable_tpr_support(const acm_hdr_t *hdr)
+{
+ // Disable TPR support in the SINIT ACM capabilities
+ acm_info_table_t *info_table = get_acmod_info_table(hdr);
+ if ( info_table == NULL || info_table->version < 3 ) {
+ printk(TBOOT_ERR"TPR support disabling process has failed\n");
+ }
+
+ info_table->capabilities.tpr_support = 0;
+ printk(TBOOT_INFO"TPR support has been disabled properly in SINIT ACM\n");
+
+ // Disable TPR support bit in the MLE capabilities
+ g_mle_hdr.capabilities.tpr_support = 0;
+
+ printk(TBOOT_INFO"MLE capabilities: 0x%X\n", g_mle_hdr.capabilities._raw);
+}
+
static void print_file_info(void)
{
printk(TBOOT_DETA"file addresses:\n");
@@ -824,7 +841,7 @@
return sts.senter_done_sts;
}
-bool is_tpr_supported(void)
+bool is_tpr_supported(bool force_pmrs)
{
//Reads SINIT ACM capabilities field and returns tpr_support bit
//Needs g_sinit to be set.
@@ -832,6 +849,12 @@
sinit_caps._raw = 0;
+ // Disable TPR support, if "force_pmrs" cmdline option was set
+ if (force_pmrs && g_sinit != NULL)
+ {
+ disable_tpr_support(g_sinit);
+ }
+
if (g_sinit != NULL) {
sinit_caps = get_sinit_capabilities(g_sinit);
}
|
|
From: <mic...@li...> - 2026-01-19 19:08:12
|
# HG changeset patch
# User Michal Camacho Romero <mic...@li...>
# Date 1767798891 -3600
# Wed Jan 07 16:14:51 2026 +0100
# Node ID f26f17cb735a0c2e814728b852e701778c800406
# Parent d512777179769bd322ea73adc560b9e85d63c893
Fix force_pmrs option verification procedure
TBOOT hasn't proceed earlier force_pmrs option, due to invalid comparision condition,
given in the get_tboot_force_pmrs function, which parses "force_pmrs" option from
the TBOOT cmdline.
diff -r d51277717976 -r f26f17cb735a tboot/common/cmdline.c
--- a/tboot/common/cmdline.c Thu Nov 20 09:52:29 2025 +0100
+++ b/tboot/common/cmdline.c Wed Jan 07 16:14:51 2026 +0100
@@ -547,7 +547,7 @@
const char *force_pmrs = get_option_val(g_tboot_cmdline_options,
g_tboot_param_values,
"force_pmrs");
- if (force_pmrs != NULL && tb_strcmp(force_pmrs, "true"))
+ if (force_pmrs != NULL && (tb_strcmp(force_pmrs, "true") == 0))
{
return true;
}
diff -r d51277717976 -r f26f17cb735a tboot/txt/txt.c
--- a/tboot/txt/txt.c Thu Nov 20 09:52:29 2025 +0100
+++ b/tboot/txt/txt.c Wed Jan 07 16:14:51 2026 +0100
@@ -117,22 +117,6 @@
/* count of APs in WAIT-FOR-SIPI */
atomic_t ap_wfs_count;
-static void disable_tpr_support(const acm_hdr_t *hdr)
-{
- // Disable TPR support in the SINIT ACM capabilities
- acm_info_table_t *info_table = get_acmod_info_table(hdr);
- if ( info_table == NULL || info_table->version < 3 ) {
- printk(TBOOT_ERR"TPR support disabling process has failed\n");
- }
-
- info_table->capabilities.tpr_support = 0;
- printk(TBOOT_INFO"TPR support has been disabled properly in SINIT ACM\n");
-
- // Disable TPR support bit in the MLE capabilities
- g_mle_hdr.capabilities.tpr_support = 0;
-
- printk(TBOOT_INFO"MLE capabilities: 0x%X\n", g_mle_hdr.capabilities._raw);
-}
static void print_file_info(void)
{
@@ -843,23 +827,14 @@
bool is_tpr_supported(bool force_pmrs)
{
- //Reads SINIT ACM capabilities field and returns tpr_support bit
- //Needs g_sinit to be set.
- txt_caps_t sinit_caps;
-
- sinit_caps._raw = 0;
-
// Disable TPR support, if "force_pmrs" cmdline option was set
- if (force_pmrs && g_sinit != NULL)
+ if (force_pmrs)
{
- disable_tpr_support(g_sinit);
+ g_mle_hdr.capabilities.tpr_support = 0;
+ printk(TBOOT_INFO"TPR Support disabled in the MLE capabilities.\n");
}
- if (g_sinit != NULL) {
- sinit_caps = get_sinit_capabilities(g_sinit);
- }
-
- return sinit_caps.tpr_support;
+ return g_mle_hdr.capabilities.tpr_support;
}
tb_error_t txt_launch_environment(loader_ctx *lctx)
|
|
From: <mic...@li...> - 2026-01-19 19:08:11
|
|
From: Tony C. <tc...@re...> - 2026-01-12 17:31:52
|
On 12/11/25 8:46 AM, Tony Camuso wrote:
>
> On 12/10/2025 1:10 PM, Tony Camuso wrote:
>> On 11/24/2025 7:34 PM, Bagas Sanjaya wrote:
>>> On Thu, Nov 13, 2025 at 09:37:14AM -0500, Tony Camuso wrote:
>>>> The tboot->shutdown_entry is effectively bios code and CET needs to be
>>>> disabled before calling it.
>>>>
>>>> It resolves TBOOT shutdown failure bug, reported on the SLES (SUSE
>>>> Linux
>>>> Enterprise Server) 16.0 OS. OS power off, called by the "init 0"
>>>> command,
>>>> was failing, due to activated Intel Control-Flow Enforcement Technology
>>>> (CET).
>>>> Disabling CET has allowed to execute OS and TBOOT shutdown properly.
>>>
>>> Are ``systemctl poweroff`` and ``shutdown -P`` are also affected?
>>>
>>> Confused...
>>>
>>
>> Yes, all shutdown methods on kernels launched with tboot, on systems that
>> expose the CPU ibt flag to kernels v6.12+ will cause the stack trace
>> appended
>> below.
>>
>> The stack trace demonstrates that CET enforcement collides with legacy
>> BIOS shutdown code that lacks ENDBR markers. The kernel BUG at
>> cet.c:102 is a direct result of CET being active when jumping into
>> tboot->shutdown_entry.
>>
>> Legacy BIOS/tboot code without ENDBR now traps, requiring CET to be
>> disabled
>> around that call.
>>
>> The patch:
>> Prevents CET from falsely trapping on non-CET BIOS code.
>
> Need to clarify further:
>
> The patch prevents CET from trapping when tboot invokes the BIOS-provided
> shutdown_entry routine, which lacks ENDBR instructions.
>
> tboot side:
> In tboot_shutdown(), the kernel switches to the tboot page tables and
> then calls:
> shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry;
> shutdown();
>
> That shutdown_entry pointer comes from the tboot structure, populated
> at boot.
> In the tboot project directory, see include/tboot.h
> In the kernel, see include/linux/tboot.h
>
> BIOS side:
> The actual routine behind shutdown_entry is implemented in BIOS/
> firmware.
> It’s not compiled with CET/IBT support, so it lacks the required ENDBR64
> instruction at its entry point
>
> When CET is still enabled, the CPU enforces IBT. Jumping into that BIOS
> routine without ENDBR triggers a #CP (control protection exception),
> which is what the stack trace shows.
>
> So it is the BIOS shutdown_entry function itself that causes the trap,
> but only because tboot is handing control to it while CET is active.
>
> What happens:
> From the stack trace
> Missing ENDBR: 0x8041d0
> kernel BUG at arch/x86/kernel/cet.c:102!
> RIP: 0010:0x8041d0
> This shows the CPU trapping on entry into the shutdown routine at
> address
> 0x8041d0, which is the pointer stored in tboot->shutdown_entry
>
> The shutdown_entry field is explicitly documented as the physical
> address
> of the BIOS shutdown routine. This structure is populated by tboot at
> boot.
>
>>
>> Maintains system stability during shutdown.
>>
>> Preserves CET protection elsewhere, only disabling it for the
>> narrow window where legacy firmware must run.
>>
>>
>> [ 169.420078] reboot: Power down
>> [ 169.427516] Missing ENDBR: 0x8041d0
>> [ 169.431128] ------------[ cut here ]------------
>> [ 169.435805] kernel BUG at arch/x86/kernel/cet.c:102!
>> [ 169.440840] Oops: invalid opcode: 0000 [#1] SMP NOPTI
>> [ 169.445966] CPU: 0 UID: 0 PID: 3354 Comm: poweroff Kdump: loaded
>> Not tainted 6.12.0-124.8.1.el10_1.x86_64 #1 PREEMPT(voluntary)
>> [ 169.457580] Hardware name: Dell Inc. PowerEdge R570/03TJR3, BIOS
>> 1.2.1 01/23/2025
>> [ 169.465113] RIP: 0010:exc_control_protection+0x18c/0x190
>> [ 169.470490] Code: 1c ff 45 31 c9 49 89 d8 b9 09 00 00 00 48 8b 93
>> 80 00 00 00 be 63 00 00 00 48 c7 c7 a4 85 e5 a4 e8 79 92 30 ff e9 02
>> ff ff ff <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
>> 66 0f
>> [ 169.489292] RSP: 0018:ff55b3cba167fa88 EFLAGS: 00010002
>> [ 169.494581] RAX: 0000000000000017 RBX: ff55b3cba167faa8 RCX:
>> 00000000ffff7fff
>> [ 169.501765] RDX: 0000000000000000 RSI: 0000000000000003 RDI:
>> 0000000000000001
>> [ 169.508949] RBP: 0000000000000003 R08: 0000000000000000 R09:
>> ffffffffa59e2b08
>> [ 169.516132] R10: ffffffffa5922ac8 R11: 0000000000000003 R12:
>> 0000000000000000
>> [ 169.523316] R13: 0000000000000000 R14: 0000000000000000 R15:
>> 0000000000000000
>> [ 169.530514] FS: 00007f5f9a122140(0000) GS:ff39175c2de00000(0000)
>> knlGS:0000000000000000
>> [ 169.538659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 169.544454] CR2: 0000559386dc5320 CR3: 000000010fbe2000 CR4:
>> 0000000000f71ef0
>> [ 169.551651] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 169.558835] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7:
>> 0000000000000400
>> [ 169.566019] PKRU: 55555554
>> [ 169.568784] Call Trace:
>> [ 169.571295] <TASK>
>> [ 169.573458] ? show_trace_log_lvl+0x1b0/0x2f0
>> [ 169.577880] ? show_trace_log_lvl+0x1b0/0x2f0
>> [ 169.582301] ? asm_exc_control_protection+0x26/0x30
>> [ 169.587244] ? exc_control_protection+0x18c/0x190
>> [ 169.592011] ? __die_body.cold+0x8/0x12
>> [ 169.595910] ? die+0x2e/0x50
>> [ 169.598863] ? do_trap+0xca/0x110
>> [ 169.602243] ? do_error_trap+0x65/0x80
>> [ 169.606049] ? exc_control_protection+0x18c/0x190
>> [ 169.610816] ? exc_invalid_op+0x50/0x70
>> [ 169.614715] ? exc_control_protection+0x18c/0x190
>> [ 169.619482] ? asm_exc_invalid_op+0x1a/0x20
>> [ 169.623728] ? exc_control_protection+0x18c/0x190
>> [ 169.628496] ? exc_control_protection+0x14f/0x190
>> [ 169.633263] asm_exc_control_protection+0x26/0x30
>> [ 169.638030] RIP: 0010:0x8041d0
>> [ 169.641142] Code: Unable to access opcode bytes at 0x8041a6.
>> [ 169.646857] RSP: 0018:ff55b3cba167fb50 EFLAGS: 00010007
>> [ 169.652144] RAX: 00000000008041d0 RBX: 0000000000000000 RCX:
>> 0000000000000005
>> [ 169.659341] RDX: 00c6e8a7c0000000 RSI: 0000000000000001 RDI:
>> ffffffffff1ff000
>> [ 169.666525] RBP: 0000000000000005 R08: 0000000000000000 R09:
>> 000000000000ffff
>> [ 169.673709] R10: 0000000000000000 R11: ffffffffffff0000 R12:
>> 0000000000002001
>> [ 169.680906] R13: ffffffffa5ae02c8 R14: 00000000ffffffff R15:
>> 0000000000000000
>> [ 169.688091] ? tboot_shutdown+0x5b/0x140
>> [ 169.692084] ? tboot_sleep+0x12c/0x140
>> [ 169.695890] ? acpi_os_enter_sleep+0x2b/0x60
>> [ 169.700221] ? acpi_hw_legacy_sleep+0x140/0x1c0
>> [ 169.704816] ? acpi_power_off+0x16/0x40
>> [ 169.708715] ? sys_off_notify+0x48/0x70
>> [ 169.712615] ? notifier_call_chain+0x5a/0xd0
>> [ 169.716943] ? atomic_notifier_call_chain+0x32/0x50
>> [ 169.721885] ? do_kernel_power_off+0x3e/0x50
>> [ 169.726213] ? native_machine_power_off+0x21/0x40
>> [ 169.730983] ? __do_sys_reboot+0x1d2/0x240
>> [ 169.735151] ? do_syscall_64+0x7d/0x160
>> [ 169.739053] ? syscall_exit_work+0xf3/0x120
>> [ 169.743302] ? syscall_exit_to_user_mode+0x32/0x190
>> [ 169.748243] ? do_syscall_64+0x89/0x160
>> [ 169.752143] ? __count_memcg_events+0xdf/0x170
>> [ 169.756645] ? handle_mm_fault+0x256/0x370
>> [ 169.760813] ? do_user_addr_fault+0x347/0x640
>> [ 169.765235] ? exc_page_fault+0x73/0x160
>> [ 169.769228] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>
>
Hi, Bagas.
I wanted to follow up on the tboot/CET patch I sent on 2025-12-11. You
had asked whether the IBT failure occurred only in certain shutdown
paths. I’ve since tested all the shutdown and reboot flows available on
this system, and they all hit the same tboot_shutdown() → shutdown_entry
path and trigger a #CP when CET is enabled.
To recap the findings:
shutdown_entry ultimately points to a BIOS/firmware routine.
That routine isn’t built with CET/IBT, so it lacks an ENDBR64 at
its entry.
With CET still active, IBT enforcement causes an immediate #CP
when control is transferred.
Disabling CET before calling shutdown_entry resolves the issue
across all tested shutdown/reboot paths.
If there’s anything you’d like clarified or adjusted in the patch or
changelog, I’m happy to update it. Just wanted to check in now that
we’re past the holiday lull.
Thanks,
Tony Camuso <tc...@re...>
|
|
From: Tony C. <tc...@re...> - 2025-12-11 13:46:26
|
On 12/10/2025 1:10 PM, Tony Camuso wrote:
> On 11/24/2025 7:34 PM, Bagas Sanjaya wrote:
>> On Thu, Nov 13, 2025 at 09:37:14AM -0500, Tony Camuso wrote:
>>> The tboot->shutdown_entry is effectively bios code and CET needs to be
>>> disabled before calling it.
>>>
>>> It resolves TBOOT shutdown failure bug, reported on the SLES (SUSE Linux
>>> Enterprise Server) 16.0 OS. OS power off, called by the "init 0" command,
>>> was failing, due to activated Intel Control-Flow Enforcement Technology
>>> (CET).
>>> Disabling CET has allowed to execute OS and TBOOT shutdown properly.
>>
>> Are ``systemctl poweroff`` and ``shutdown -P`` are also affected?
>>
>> Confused...
>>
>
> Yes, all shutdown methods on kernels launched with tboot, on systems that
> expose the CPU ibt flag to kernels v6.12+ will cause the stack trace appended
> below.
>
> The stack trace demonstrates that CET enforcement collides with legacy
> BIOS shutdown code that lacks ENDBR markers. The kernel BUG at
> cet.c:102 is a direct result of CET being active when jumping into
> tboot->shutdown_entry.
>
> Legacy BIOS/tboot code without ENDBR now traps, requiring CET to be disabled
> around that call.
>
> The patch:
> Prevents CET from falsely trapping on non-CET BIOS code.
Need to clarify further:
The patch prevents CET from trapping when tboot invokes the BIOS-provided
shutdown_entry routine, which lacks ENDBR instructions.
tboot side:
In tboot_shutdown(), the kernel switches to the tboot page tables and
then calls:
shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry;
shutdown();
That shutdown_entry pointer comes from the tboot structure, populated
at boot.
In the tboot project directory, see include/tboot.h
In the kernel, see include/linux/tboot.h
BIOS side:
The actual routine behind shutdown_entry is implemented in BIOS/firmware.
It’s not compiled with CET/IBT support, so it lacks the required ENDBR64
instruction at its entry point
When CET is still enabled, the CPU enforces IBT. Jumping into that BIOS
routine without ENDBR triggers a #CP (control protection exception),
which is what the stack trace shows.
So it is the BIOS shutdown_entry function itself that causes the trap,
but only because tboot is handing control to it while CET is active.
What happens:
From the stack trace
Missing ENDBR: 0x8041d0
kernel BUG at arch/x86/kernel/cet.c:102!
RIP: 0010:0x8041d0
This shows the CPU trapping on entry into the shutdown routine at address
0x8041d0, which is the pointer stored in tboot->shutdown_entry
The shutdown_entry field is explicitly documented as the physical address
of the BIOS shutdown routine. This structure is populated by tboot at boot.
>
> Maintains system stability during shutdown.
>
> Preserves CET protection elsewhere, only disabling it for the
> narrow window where legacy firmware must run.
>
>
> [ 169.420078] reboot: Power down
> [ 169.427516] Missing ENDBR: 0x8041d0
> [ 169.431128] ------------[ cut here ]------------
> [ 169.435805] kernel BUG at arch/x86/kernel/cet.c:102!
> [ 169.440840] Oops: invalid opcode: 0000 [#1] SMP NOPTI
> [ 169.445966] CPU: 0 UID: 0 PID: 3354 Comm: poweroff Kdump: loaded Not tainted 6.12.0-124.8.1.el10_1.x86_64 #1 PREEMPT(voluntary)
> [ 169.457580] Hardware name: Dell Inc. PowerEdge R570/03TJR3, BIOS 1.2.1 01/23/2025
> [ 169.465113] RIP: 0010:exc_control_protection+0x18c/0x190
> [ 169.470490] Code: 1c ff 45 31 c9 49 89 d8 b9 09 00 00 00 48 8b 93 80 00 00 00 be 63 00 00 00 48 c7 c7 a4 85 e5 a4 e8 79 92 30 ff e9 02 ff ff ff <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f
> [ 169.489292] RSP: 0018:ff55b3cba167fa88 EFLAGS: 00010002
> [ 169.494581] RAX: 0000000000000017 RBX: ff55b3cba167faa8 RCX: 00000000ffff7fff
> [ 169.501765] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001
> [ 169.508949] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffffa59e2b08
> [ 169.516132] R10: ffffffffa5922ac8 R11: 0000000000000003 R12: 0000000000000000
> [ 169.523316] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
> [ 169.530514] FS: 00007f5f9a122140(0000) GS:ff39175c2de00000(0000) knlGS:0000000000000000
> [ 169.538659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 169.544454] CR2: 0000559386dc5320 CR3: 000000010fbe2000 CR4: 0000000000f71ef0
> [ 169.551651] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 169.558835] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
> [ 169.566019] PKRU: 55555554
> [ 169.568784] Call Trace:
> [ 169.571295] <TASK>
> [ 169.573458] ? show_trace_log_lvl+0x1b0/0x2f0
> [ 169.577880] ? show_trace_log_lvl+0x1b0/0x2f0
> [ 169.582301] ? asm_exc_control_protection+0x26/0x30
> [ 169.587244] ? exc_control_protection+0x18c/0x190
> [ 169.592011] ? __die_body.cold+0x8/0x12
> [ 169.595910] ? die+0x2e/0x50
> [ 169.598863] ? do_trap+0xca/0x110
> [ 169.602243] ? do_error_trap+0x65/0x80
> [ 169.606049] ? exc_control_protection+0x18c/0x190
> [ 169.610816] ? exc_invalid_op+0x50/0x70
> [ 169.614715] ? exc_control_protection+0x18c/0x190
> [ 169.619482] ? asm_exc_invalid_op+0x1a/0x20
> [ 169.623728] ? exc_control_protection+0x18c/0x190
> [ 169.628496] ? exc_control_protection+0x14f/0x190
> [ 169.633263] asm_exc_control_protection+0x26/0x30
> [ 169.638030] RIP: 0010:0x8041d0
> [ 169.641142] Code: Unable to access opcode bytes at 0x8041a6.
> [ 169.646857] RSP: 0018:ff55b3cba167fb50 EFLAGS: 00010007
> [ 169.652144] RAX: 00000000008041d0 RBX: 0000000000000000 RCX: 0000000000000005
> [ 169.659341] RDX: 00c6e8a7c0000000 RSI: 0000000000000001 RDI: ffffffffff1ff000
> [ 169.666525] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000ffff
> [ 169.673709] R10: 0000000000000000 R11: ffffffffffff0000 R12: 0000000000002001
> [ 169.680906] R13: ffffffffa5ae02c8 R14: 00000000ffffffff R15: 0000000000000000
> [ 169.688091] ? tboot_shutdown+0x5b/0x140
> [ 169.692084] ? tboot_sleep+0x12c/0x140
> [ 169.695890] ? acpi_os_enter_sleep+0x2b/0x60
> [ 169.700221] ? acpi_hw_legacy_sleep+0x140/0x1c0
> [ 169.704816] ? acpi_power_off+0x16/0x40
> [ 169.708715] ? sys_off_notify+0x48/0x70
> [ 169.712615] ? notifier_call_chain+0x5a/0xd0
> [ 169.716943] ? atomic_notifier_call_chain+0x32/0x50
> [ 169.721885] ? do_kernel_power_off+0x3e/0x50
> [ 169.726213] ? native_machine_power_off+0x21/0x40
> [ 169.730983] ? __do_sys_reboot+0x1d2/0x240
> [ 169.735151] ? do_syscall_64+0x7d/0x160
> [ 169.739053] ? syscall_exit_work+0xf3/0x120
> [ 169.743302] ? syscall_exit_to_user_mode+0x32/0x190
> [ 169.748243] ? do_syscall_64+0x89/0x160
> [ 169.752143] ? __count_memcg_events+0xdf/0x170
> [ 169.756645] ? handle_mm_fault+0x256/0x370
> [ 169.760813] ? do_user_addr_fault+0x347/0x640
> [ 169.765235] ? exc_page_fault+0x73/0x160
> [ 169.769228] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
>
|
|
From: Tony C. <tc...@re...> - 2025-12-11 13:05:42
|
On 12/10/25 1:10 PM, Tony Camuso wrote: > On 11/24/2025 7:34 PM, Bagas Sanjaya wrote: >> On Thu, Nov 13, 2025 at 09:37:14AM -0500, Tony Camuso wrote: >>> The tboot->shutdown_entry is effectively bios code and CET needs to be >>> disabled before calling it. >>> >>> It resolves TBOOT shutdown failure bug, reported on the SLES (SUSE >>> Linux >>> Enterprise Server) 16.0 OS. OS power off, called by the "init 0" >>> command, >>> was failing, due to activated Intel Control-Flow Enforcement Technology >>> (CET). >>> Disabling CET has allowed to execute OS and TBOOT shutdown properly. >> >> Are ``systemctl poweroff`` and ``shutdown -P`` are also affected? >> >> Confused... >> > > Yes, all shutdown methods on kernels launched with tboot, on systems that > expose the CPU ibt flag to kernels v6.12+ will cause the stack trace > appended > below. > > The stack trace demonstrates that CET enforcement collides with legacy > BIOS shutdown code that lacks ENDBR markers. The kernel BUG at > cet.c:102 is a direct result of CET being active when jumping into > tboot->shutdown_entry. > > Legacy BIOS/tboot code without ENDBR now traps, requiring CET to be > disabled > around that call. > > The patch: > Prevents CET from falsely trapping on non-CET BIOS code. Need to clarify further: The patch prevents CET from trapping when tboot invokes the BIOS-provided shutdown_entry routine, which lacks ENDBR instructions. tboot side: In |tboot_shutdown()|, the kernel switches to the tboot page tables and then calls: shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry; shutdown(); That |shutdown_entry| pointer comes from the tboot structure, populated at boot. BIOS side: The actual routine behind |shutdown_entry| is implemented in BIOS/firmware. It’s not compiled with CET/IBT support, so it lacks the required ENDBR64 instruction at its entry point When CET is still enabled, the CPU enforces IBT. Jumping into that BIOS routine without ENDBR triggers a #CP (control protection exception), which is what the stack trace shows. So it is the BIOS shutdown_entry function itself that causes the trap, but only because tboot is handing control to it while CET is active. > Maintains system stability during shutdown. > > Preserves CET protection elsewhere, only disabling it for the > narrow window where legacy firmware must run. > > > [ 169.420078] reboot: Power down > [ 169.427516] Missing ENDBR: 0x8041d0 > [ 169.431128] ------------[ cut here ]------------ > [ 169.435805] kernel BUG at arch/x86/kernel/cet.c:102! > [ 169.440840] Oops: invalid opcode: 0000 [#1] SMP NOPTI > [ 169.445966] CPU: 0 UID: 0 PID: 3354 Comm: poweroff Kdump: loaded > Not tainted 6.12.0-124.8.1.el10_1.x86_64 #1 PREEMPT(voluntary) > [ 169.457580] Hardware name: Dell Inc. PowerEdge R570/03TJR3, BIOS > 1.2.1 01/23/2025 > [ 169.465113] RIP: 0010:exc_control_protection+0x18c/0x190 > [ 169.470490] Code: 1c ff 45 31 c9 49 89 d8 b9 09 00 00 00 48 8b 93 > 80 00 00 00 be 63 00 00 00 48 c7 c7 a4 85 e5 a4 e8 79 92 30 ff e9 02 > ff ff ff <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > 66 0f > [ 169.489292] RSP: 0018:ff55b3cba167fa88 EFLAGS: 00010002 > [ 169.494581] RAX: 0000000000000017 RBX: ff55b3cba167faa8 RCX: > 00000000ffff7fff > [ 169.501765] RDX: 0000000000000000 RSI: 0000000000000003 RDI: > 0000000000000001 > [ 169.508949] RBP: 0000000000000003 R08: 0000000000000000 R09: > ffffffffa59e2b08 > [ 169.516132] R10: ffffffffa5922ac8 R11: 0000000000000003 R12: > 0000000000000000 > [ 169.523316] R13: 0000000000000000 R14: 0000000000000000 R15: > 0000000000000000 > [ 169.530514] FS: 00007f5f9a122140(0000) GS:ff39175c2de00000(0000) > knlGS:0000000000000000 > [ 169.538659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 169.544454] CR2: 0000559386dc5320 CR3: 000000010fbe2000 CR4: > 0000000000f71ef0 > [ 169.551651] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 169.558835] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: > 0000000000000400 > [ 169.566019] PKRU: 55555554 > [ 169.568784] Call Trace: > [ 169.571295] <TASK> > [ 169.573458] ? show_trace_log_lvl+0x1b0/0x2f0 > [ 169.577880] ? show_trace_log_lvl+0x1b0/0x2f0 > [ 169.582301] ? asm_exc_control_protection+0x26/0x30 > [ 169.587244] ? exc_control_protection+0x18c/0x190 > [ 169.592011] ? __die_body.cold+0x8/0x12 > [ 169.595910] ? die+0x2e/0x50 > [ 169.598863] ? do_trap+0xca/0x110 > [ 169.602243] ? do_error_trap+0x65/0x80 > [ 169.606049] ? exc_control_protection+0x18c/0x190 > [ 169.610816] ? exc_invalid_op+0x50/0x70 > [ 169.614715] ? exc_control_protection+0x18c/0x190 > [ 169.619482] ? asm_exc_invalid_op+0x1a/0x20 > [ 169.623728] ? exc_control_protection+0x18c/0x190 > [ 169.628496] ? exc_control_protection+0x14f/0x190 > [ 169.633263] asm_exc_control_protection+0x26/0x30 > [ 169.638030] RIP: 0010:0x8041d0 > [ 169.641142] Code: Unable to access opcode bytes at 0x8041a6. > [ 169.646857] RSP: 0018:ff55b3cba167fb50 EFLAGS: 00010007 > [ 169.652144] RAX: 00000000008041d0 RBX: 0000000000000000 RCX: > 0000000000000005 > [ 169.659341] RDX: 00c6e8a7c0000000 RSI: 0000000000000001 RDI: > ffffffffff1ff000 > [ 169.666525] RBP: 0000000000000005 R08: 0000000000000000 R09: > 000000000000ffff > [ 169.673709] R10: 0000000000000000 R11: ffffffffffff0000 R12: > 0000000000002001 > [ 169.680906] R13: ffffffffa5ae02c8 R14: 00000000ffffffff R15: > 0000000000000000 > [ 169.688091] ? tboot_shutdown+0x5b/0x140 > [ 169.692084] ? tboot_sleep+0x12c/0x140 > [ 169.695890] ? acpi_os_enter_sleep+0x2b/0x60 > [ 169.700221] ? acpi_hw_legacy_sleep+0x140/0x1c0 > [ 169.704816] ? acpi_power_off+0x16/0x40 > [ 169.708715] ? sys_off_notify+0x48/0x70 > [ 169.712615] ? notifier_call_chain+0x5a/0xd0 > [ 169.716943] ? atomic_notifier_call_chain+0x32/0x50 > [ 169.721885] ? do_kernel_power_off+0x3e/0x50 > [ 169.726213] ? native_machine_power_off+0x21/0x40 > [ 169.730983] ? __do_sys_reboot+0x1d2/0x240 > [ 169.735151] ? do_syscall_64+0x7d/0x160 > [ 169.739053] ? syscall_exit_work+0xf3/0x120 > [ 169.743302] ? syscall_exit_to_user_mode+0x32/0x190 > [ 169.748243] ? do_syscall_64+0x89/0x160 > [ 169.752143] ? __count_memcg_events+0xdf/0x170 > [ 169.756645] ? handle_mm_fault+0x256/0x370 > [ 169.760813] ? do_user_addr_fault+0x347/0x640 > [ 169.765235] ? exc_page_fault+0x73/0x160 > [ 169.769228] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e > |
|
From: Tony C. <tc...@re...> - 2025-12-10 18:11:10
|
On 11/24/2025 7:34 PM, Bagas Sanjaya wrote:
> On Thu, Nov 13, 2025 at 09:37:14AM -0500, Tony Camuso wrote:
>> The tboot->shutdown_entry is effectively bios code and CET needs to be
>> disabled before calling it.
>>
>> It resolves TBOOT shutdown failure bug, reported on the SLES (SUSE Linux
>> Enterprise Server) 16.0 OS. OS power off, called by the "init 0" command,
>> was failing, due to activated Intel Control-Flow Enforcement Technology
>> (CET).
>> Disabling CET has allowed to execute OS and TBOOT shutdown properly.
>
> Are ``systemctl poweroff`` and ``shutdown -P`` are also affected?
>
> Confused...
>
Yes, all shutdown methods on kernels launched with tboot, on systems that
expose the CPU ibt flag to kernels v6.12+ will cause the stack trace appended
below.
The stack trace demonstrates that CET enforcement collides with legacy
BIOS shutdown code that lacks ENDBR markers. The kernel BUG at
cet.c:102 is a direct result of CET being active when jumping into
tboot->shutdown_entry.
Legacy BIOS/tboot code without ENDBR now traps, requiring CET to be disabled
around that call.
The patch:
Prevents CET from falsely trapping on non-CET BIOS code.
Maintains system stability during shutdown.
Preserves CET protection elsewhere, only disabling it for the
narrow window where legacy firmware must run.
[ 169.420078] reboot: Power down
[ 169.427516] Missing ENDBR: 0x8041d0
[ 169.431128] ------------[ cut here ]------------
[ 169.435805] kernel BUG at arch/x86/kernel/cet.c:102!
[ 169.440840] Oops: invalid opcode: 0000 [#1] SMP NOPTI
[ 169.445966] CPU: 0 UID: 0 PID: 3354 Comm: poweroff Kdump: loaded Not tainted 6.12.0-124.8.1.el10_1.x86_64 #1 PREEMPT(voluntary)
[ 169.457580] Hardware name: Dell Inc. PowerEdge R570/03TJR3, BIOS 1.2.1 01/23/2025
[ 169.465113] RIP: 0010:exc_control_protection+0x18c/0x190
[ 169.470490] Code: 1c ff 45 31 c9 49 89 d8 b9 09 00 00 00 48 8b 93 80 00 00 00 be 63 00 00 00 48 c7 c7 a4 85 e5 a4 e8 79 92 30 ff e9 02 ff ff ff <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f
[ 169.489292] RSP: 0018:ff55b3cba167fa88 EFLAGS: 00010002
[ 169.494581] RAX: 0000000000000017 RBX: ff55b3cba167faa8 RCX: 00000000ffff7fff
[ 169.501765] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001
[ 169.508949] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffffa59e2b08
[ 169.516132] R10: ffffffffa5922ac8 R11: 0000000000000003 R12: 0000000000000000
[ 169.523316] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 169.530514] FS: 00007f5f9a122140(0000) GS:ff39175c2de00000(0000) knlGS:0000000000000000
[ 169.538659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 169.544454] CR2: 0000559386dc5320 CR3: 000000010fbe2000 CR4: 0000000000f71ef0
[ 169.551651] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 169.558835] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[ 169.566019] PKRU: 55555554
[ 169.568784] Call Trace:
[ 169.571295] <TASK>
[ 169.573458] ? show_trace_log_lvl+0x1b0/0x2f0
[ 169.577880] ? show_trace_log_lvl+0x1b0/0x2f0
[ 169.582301] ? asm_exc_control_protection+0x26/0x30
[ 169.587244] ? exc_control_protection+0x18c/0x190
[ 169.592011] ? __die_body.cold+0x8/0x12
[ 169.595910] ? die+0x2e/0x50
[ 169.598863] ? do_trap+0xca/0x110
[ 169.602243] ? do_error_trap+0x65/0x80
[ 169.606049] ? exc_control_protection+0x18c/0x190
[ 169.610816] ? exc_invalid_op+0x50/0x70
[ 169.614715] ? exc_control_protection+0x18c/0x190
[ 169.619482] ? asm_exc_invalid_op+0x1a/0x20
[ 169.623728] ? exc_control_protection+0x18c/0x190
[ 169.628496] ? exc_control_protection+0x14f/0x190
[ 169.633263] asm_exc_control_protection+0x26/0x30
[ 169.638030] RIP: 0010:0x8041d0
[ 169.641142] Code: Unable to access opcode bytes at 0x8041a6.
[ 169.646857] RSP: 0018:ff55b3cba167fb50 EFLAGS: 00010007
[ 169.652144] RAX: 00000000008041d0 RBX: 0000000000000000 RCX: 0000000000000005
[ 169.659341] RDX: 00c6e8a7c0000000 RSI: 0000000000000001 RDI: ffffffffff1ff000
[ 169.666525] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000ffff
[ 169.673709] R10: 0000000000000000 R11: ffffffffffff0000 R12: 0000000000002001
[ 169.680906] R13: ffffffffa5ae02c8 R14: 00000000ffffffff R15: 0000000000000000
[ 169.688091] ? tboot_shutdown+0x5b/0x140
[ 169.692084] ? tboot_sleep+0x12c/0x140
[ 169.695890] ? acpi_os_enter_sleep+0x2b/0x60
[ 169.700221] ? acpi_hw_legacy_sleep+0x140/0x1c0
[ 169.704816] ? acpi_power_off+0x16/0x40
[ 169.708715] ? sys_off_notify+0x48/0x70
[ 169.712615] ? notifier_call_chain+0x5a/0xd0
[ 169.716943] ? atomic_notifier_call_chain+0x32/0x50
[ 169.721885] ? do_kernel_power_off+0x3e/0x50
[ 169.726213] ? native_machine_power_off+0x21/0x40
[ 169.730983] ? __do_sys_reboot+0x1d2/0x240
[ 169.735151] ? do_syscall_64+0x7d/0x160
[ 169.739053] ? syscall_exit_work+0xf3/0x120
[ 169.743302] ? syscall_exit_to_user_mode+0x32/0x190
[ 169.748243] ? do_syscall_64+0x89/0x160
[ 169.752143] ? __count_memcg_events+0xdf/0x170
[ 169.756645] ? handle_mm_fault+0x256/0x370
[ 169.760813] ? do_user_addr_fault+0x347/0x640
[ 169.765235] ? exc_page_fault+0x73/0x160
[ 169.769228] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
|
|
From: Tony C. <tc...@re...> - 2025-11-03 17:15:40
|
Mark, Michael, Has this patch been submitted upstream yet? If so, to what branch? Thanks On 10/17/2025 8:14 AM, tbo...@li... wrote: > Send tboot-devel mailing list submissions to > tbo...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/tboot-devel > or, via email, send a message with subject or body 'help' to > tbo...@li... > > You can reach the person managing the list at > tbo...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tboot-devel digest..." > > > Today's Topics: > > 1. [PATCH 1/1] Disable CET when calling tboot shutdown > procedure. (Michal Camacho Romero) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 17 Oct 2025 09:36:19 +0200 > From: Michal Camacho Romero <mic...@li...> > To: tbo...@li..., nin...@in... > Cc: mat...@in..., Mark Gross <mg...@li...>, Mark > Gross <mar...@in...>, Michal Camacho Romero > <mic...@li...> > Subject: [tboot-devel] [PATCH 1/1] Disable CET when calling tboot > shutdown procedure. > Message-ID: > <202...@li...> > > From: Mark Gross <mg...@li...> > > The tboot->shutdown_entry is effectively bios code and CET needs to be > disabled before calling it. > > It resolves TBOOT shutdown failure bug, reported on the SLES (SUSE Linux > Enterprise Server) 16.0 OS. OS power off, called by the "init 0" command, > was failing, due to activated Intel Control-Flow Enforcement Technology (CET). > Disabling CET has allowed to execute OS and TBOOT shutdown properly. > > Closes: https://bugzilla.suse.com/show_bug.cgi?id=1247950 > Signed-off-by: Mark Gross <mar...@in...> > Signed-off-by: Michal Camacho Romero <mic...@li...> > --- > arch/x86/kernel/tboot.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c > index 46b8f1f16676..73396c43a7ad 100644 > --- a/arch/x86/kernel/tboot.c > +++ b/arch/x86/kernel/tboot.c > @@ -28,6 +28,7 @@ > #include <asm/setup.h> > #include <asm/e820/api.h> > #include <asm/io.h> > +#include <asm/cpu.h> > > #include "../realmode/rm/wakeup.h" > > @@ -247,6 +248,10 @@ void tboot_shutdown(u32 shutdown_type) > > switch_to_tboot_pt(); > > + /* > + * toggle off CET while we call shutdown_entry in bios > + */ > + cet_disable(); > shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry; > shutdown(); > |
|
From: Michal C. R. <mic...@li...> - 2025-10-17 07:58:56
|
From: Mark Gross <mg...@li...> The tboot->shutdown_entry is effectively bios code and CET needs to be disabled before calling it. It resolves TBOOT shutdown failure bug, reported on the SLES (SUSE Linux Enterprise Server) 16.0 OS. OS power off, called by the "init 0" command, was failing, due to activated Intel Control-Flow Enforcement Technology (CET). Disabling CET has allowed to execute OS and TBOOT shutdown properly. Closes: https://bugzilla.suse.com/show_bug.cgi?id=1247950 Signed-off-by: Mark Gross <mar...@in...> Signed-off-by: Michal Camacho Romero <mic...@li...> --- arch/x86/kernel/tboot.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index 46b8f1f16676..73396c43a7ad 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -28,6 +28,7 @@ #include <asm/setup.h> #include <asm/e820/api.h> #include <asm/io.h> +#include <asm/cpu.h> #include "../realmode/rm/wakeup.h" @@ -247,6 +248,10 @@ void tboot_shutdown(u32 shutdown_type) switch_to_tboot_pt(); + /* + * toggle off CET while we call shutdown_entry in bios + */ + cet_disable(); shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry; shutdown(); -- 2.43.0 |
|
From: N0T3P4D <n0t...@gm...> - 2025-01-08 19:02:29
|
Hi,
I'm unable to get a successful TXT boot on the Protectli VP6670 (12th Gen Intel(R) Core(TM) i7-1255U) using tboot 1.11.9 and the latest (non-coreboot) UEFI firmware 1.80 on Gentoo
Linux. TXT is enabled in the firmware and the kernel.
The SINIT ACM module does not seem to be included in the firmware and is provided as the last multiboot2 module in GRUB.
txt-info shows
Intel(r) TXT Configuration Registers:
STS: 0x00000002
senter_done: FALSE
sexit_done: TRUE
mem_config_lock: FALSE
private_open: FALSE
locality_1_open: FALSE
locality_2_open: FALSE
ESTS: 0x00
txt_reset: FALSE
E2STS: 0x0000000000000004
secrets: FALSE
ERRORCODE: 0x00000000
DIDVID: 0x00000001b00c8086
vendor_id: 0x8086
device_id: 0xb00c
revision_id: 0x1
FSBIF: 0xffffffffffffffff
QPIIF: 0x000000009d003000
SINIT.BASE: 0x00000000
SINIT.SIZE: 0B (0x0)
HEAP.BASE: 0x00000000
HEAP.SIZE: 0B (0x0)
DPR: 0x0000000000000000
lock: FALSE
top: 0x00000000
size: 0MB (0B)
PUBLIC.KEY:
87 9a 8f 9c bf 9e 3d 1d 12 dc 9a d7 6d de 34 e6
aa 40 36 64 c7 39 db 34 7b 85 8f 0b e0 33 ae 3a
***********************************************************
TXT measured launch: FALSE
secrets flag set: FALSE
The TXT error log (see below for full log) does not show an explicit error. The only interesting part seems to be related to SINIT ACM:
TBOOT: chipset ids: vendor: 0x8086, device: 0xb00c, revision: 0x1
TBOOT: processor family/model/stepping: 0x906a4
TBOOT: platform id: 0x1c000000000000
TBOOT: 3 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb00f, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: vendor: 0x8086, device: 0xb012, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: vendor: 0x8086, device: 0xb00c, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: 6 ACM processor id entries:
TBOOT: fms: 0x90670, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: fms: 0x906a0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: SINIT matches platform
TBOOT: TXT.SINIT.BASE: 0x0
TBOOT: TXT.SINIT.SIZE: 0x0 (0)
TBOOT: BIOS-reserved SINIT size (0) is too small for loaded SINIT (1fdc0)
TBOOT: SINIT ACM not provided.
txt-acminfo /boot/ADL_SINIT_v1_18_16_20230427_REL_NT_O1.PW_signed.bin (see below for full output) finishes with
ERROR: No TXT heap is available
Any help is appreciated!
Best regards
N0T3P4D
-----
txt-acminfo /boot/ADL_SINIT_v1_18_16_20230427_REL_NT_O1.PW_signed.bin
AC module header dump for /boot/ADL_SINIT_v1_18_16_20230427_REL_NT_O1.PW_signed.bin:
type: 0x2 (ACM_TYPE_CHIPSET)
subtype: 0x0
length: 0xe0 (224)
version: 196608
chipset_id: 0xb00c
flags: 0x0
pre_production: 0
debug_signed: 0
vendor: 0x8086
date: 0x20230427
size*4: 0x1fdc0 (130496)
txt_svn: 0x00000004
se_svn: 0x0000000b
code_control: 0x0
entry point: 0x00000008:0000da16
scratch_size: 0xd0 (208)
info_table:
uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
ACM_UUID_V3
chipset_acm_type: 0x1 (SINIT)
version: 7
length: 0x30 (48)
chipset_id_list: 0x6f0
os_sinit_data_ver: 0x7
min_mle_hdr_ver: 0x00020000
capabilities: 0x0000077e
rlp_wake_getsec: 0
rlp_wake_monitor: 1
ecx_pgtbl: 1
stm: 1
pcr_map_no_legacy: 1
pcr_map_da: 1
platform_type: 1
max_phy_addr: 1
tcg_event_log_format: 1
cbnt_supported: 1
acm_ver: 39
acm_revision: 1.12.10
chipset list:
count: 3
entry 0:
flags: 0x1
vendor_id: 0x8086
device_id: 0xb00f
revision_id: 0x1
extended_id: 0x0
entry 1:
flags: 0x1
vendor_id: 0x8086
device_id: 0xb012
revision_id: 0x1
extended_id: 0x0
entry 2:
flags: 0x1
vendor_id: 0x8086
device_id: 0xb00c
revision_id: 0x1
extended_id: 0x0
processor list:
count: 6
entry 0:
fms: 0x90670
fms_mask: 0xfff3ff0
platform_id: 0x0
platform_mask: 0x0
entry 1:
fms: 0x906a0
fms_mask: 0xfff3ff0
platform_id: 0x0
platform_mask: 0x0
entry 2:
fms: 0xb0670
fms_mask: 0xfff3ff0
platform_id: 0x0
platform_mask: 0x0
entry 3:
fms: 0xb06a0
fms_mask: 0xfff3ff0
platform_id: 0x0
platform_mask: 0x0
entry 4:
fms: 0xb06e0
fms_mask: 0xfff3ff0
platform_id: 0x0
platform_mask: 0x0
entry 5:
fms: 0xb06f0
fms_mask: 0xfff3ff0
platform_id: 0x0
platform_mask: 0x0
TPM info list:
TPM capability:
ext_policy: 0x3
tpm_family : 0x3
tpm_nv_index_set : 0x1
alg count: 4
alg_id: 0x4
alg_id: 0xb
alg_id: 0xc
alg_id: 0x16
signature information:
key size*4: 0x60 (96)
RSA public key:
59 4b a3 88 70 7c 03 8f 23 5d d1 02 f8 93 25 78
ed 3f b4 f9 cf 67 e1 f9 7f c6 68 4e d1 08 c5 9d
7e 09 8e 9d 05 f4 e1 ad 1b 7c db 86 6d 87 a9 88
13 5c 47 a1 45 dd 11 4e 73 5c 0b dd 07 2f 07 d7
3d be e9 eb 4a a4 34 f3 a5 f2 ff 2c df 9c 8a dc
39 1f ac b0 96 30 48 ae 85 8c 81 c9 cf 68 6f dc
86 56 93 6c 59 c2 9d ff 0b 3b 87 59 af 1b d5 8d
9d 84 a2 2f d6 ad d6 49 8a 1a 5c d2 a6 df 98 f5
25 48 7f b1 62 0f dd 9d 89 9f ea 0a 65 c3 c7 26
9c 87 00 7c 6c 0a 04 90 5d 9b 1a 1c d5 36 fa d6
c9 d1 2a d9 e6 93 0f 5e 5f 42 8b 75 98 f9 7d f8
47 2e a8 71 1c d2 b9 58 a0 75 7d 7e 81 0c d7 3f
cc e8 a2 f2 e2 87 76 aa 60 ea 8c 47 7a 74 84 33
a4 49 60 e8 4b 7f b9 27 e9 cd 35 5f c0 ed a1 5f
34 31 b0 be 66 90 94 72 e5 3c 5f be 7f 1f ea 32
14 d9 c6 2b b8 c3 91 12 ba 34 ae 21 0b 21 c9 25
0d 7f b7 e5 4e f4 75 b3 f4 2f 2a c9 9d 18 dd 18
55 84 a0 f0 b6 91 f9 11 11 a1 bb b3 1e 38 75 15
67 33 ca 16 46 a8 77 22 2b b1 8f c8 29 bc ed f1
82 de 20 af a9 2f ec 4e dd 31 15 25 6b 20 35 24
19 f7 83 5a 2b e9 2e 43 85 a2 fb 5e 2e 8f cc bb
85 81 ac 73 53 1a 25 4c 77 13 76 0e e0 82 b6 f8
ae d8 eb 79 aa b9 cc 67 d8 54 7b 9b d0 de 06 06
77 70 c7 ee 73 31 d7 96 5a 1a 29 33 e3 a6 30 a8
RSA public key exponent: 0xe5b77f0d
PKCS #1.5 RSA signature:
4e f4 75 b3 f4 2f 2a c9 9d 18 dd 18 55 84 a0 f0
b6 91 f9 11 11 a1 bb b3 1e 38 75 15 67 33 ca 16
46 a8 77 22 2b b1 8f c8 29 bc ed f1 82 de 20 af
a9 2f ec 4e dd 31 15 25 6b 20 35 24 19 f7 83 5a
2b e9 2e 43 85 a2 fb 5e 2e 8f cc bb 85 81 ac 73
53 1a 25 4c 77 13 76 0e e0 82 b6 f8 ae d8 eb 79
aa b9 cc 67 d8 54 7b 9b d0 de 06 06 77 70 c7 ee
73 31 d7 96 5a 1a 29 33 e3 a6 30 a8 c6 71 12 5c
21 42 69 3c 20 66 81 8a 60 63 f5 d0 b7 25 ce 9e
9f 01 12 fa cb 29 7c 7e 96 40 c9 5f a6 c8 ec 4e
12 92 ab a8 0c b5 1a fc 2f f3 6a 93 17 e1 d0 e2
0d d1 01 9a bc e9 9a 82 0e 9a aa 90 f4 62 eb 6d
e5 e6 c0 c0 63 f5 17 c7 9b f6 2f ce 75 d7 61 69
80 7a 34 bc 34 ca 47 9e 55 7a d5 97 30 34 fb 79
20 a7 b6 3a 2a 8b c3 66 3e a8 23 56 62 b9 f2 60
7b 28 55 37 38 6f 5b 06 22 ee a9 26 5f 26 b7 dd
ERROR: No TXT heap is available
TBOOT log:
max_size=65474
zip_count=0
curr_pos=11505
buf:
TBOOT: *********************** TBOOT ***********************
TBOOT: 2024-10-11 12:00 +0100 1.11.9
TBOOT: *****************************************************
TBOOT: This tboot version supports TPR.
TBOOT: This tboot version tries to move SINIT in ldr_ctx v3.
TBOOT: This tboot version disables DMA remapping.
TBOOT: command line: pcr_map=da loglvl=all serial=115200,8n1,0x2f8 logging=serial,memory
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: Loader context at: 0x853c48
TBOOT: MB2 dump: addr 0x22000, size 4264
TBOOT: MB2 tag found of type 21 size 12
TBOOT: MB2 tag found of type 1 size 76 pcr_map=da loglvl=all serial=115200,8n1,0x2f8 logging=serial,memory
TBOOT: MB2 tag found of type 2 size 18 GRUB 2.12
TBOOT: MB2 tag found of type 3 size 45 mod_start: 0x5495000, mod_end: 0x5e9f400 root=/dev/nvme0n1p2 ro noefi
TBOOT:
TBOOT: MB2 tag found of type 3 size 17 mod_start: 0x1000, mod_end: 0x137d
TBOOT: MB2 tag found of type 3 size 17 mod_start: 0x2000, mod_end: 0x21dc0
TBOOT: MB2 tag found of type 6 size 544
TBOOT: MB2 tag found of type 4 size 16
TBOOT: MB2 tag found of type 12 size 16
TBOOT: MB2 tag found of type 14 size 28
TBOOT: MB2 tag found of type 15 size 44
TBOOT: MB2 tag found of type 17 size 3376
TBOOT: MB2 tag found of type 0 size 8
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: move modules above tboot.
TBOOT: Highest mod end: 0x5e9f400
TBOOT: Initial mod destination: 0x5ea0000
TBOOT: TBOOT memory end: 0x5495000
TBOOT: 0x7ff000 bytes copied from 0x1000 to 0x5ea0000
TBOOT: loader context was moved from 0x22000 to 0x5ec1000
TBOOT: Loader context after moving modules0x853c48
TBOOT: MB2 dump: addr 0x5ec1000, size 4264
TBOOT: MB2 tag found of type 21 size 12
TBOOT: MB2 tag found of type 1 size 76 pcr_map=da loglvl=all serial=115200,8n1,0x2f8 logging=serial,memory
TBOOT: MB2 tag found of type 2 size 18 GRUB 2.12
TBOOT: MB2 tag found of type 3 size 45 mod_start: 0x5495000, mod_end: 0x5e9f400 root=/dev/nvme0n1p2 ro noefi
TBOOT:
TBOOT: MB2 tag found of type 3 size 17 mod_start: 0x5ea0000, mod_end: 0x5ea037d
TBOOT: MB2 tag found of type 3 size 17 mod_start: 0x5ea1000, mod_end: 0x5ec0dc0
TBOOT: MB2 tag found of type 6 size 544
TBOOT: MB2 tag found of type 4 size 16
TBOOT: MB2 tag found of type 12 size 16
TBOOT: MB2 tag found of type 14 size 28
TBOOT: MB2 tag found of type 15 size 44
TBOOT: MB2 tag found of type 17 size 3376
TBOOT: MB2 tag found of type 0 size 8
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: Original EFI memory map:
TBOOT: 0000000000000000 - 0000000000025000 (2 | 0xf | EFI_LOADER_DATA)
TBOOT: 0000000000025000 - 000000000009e000 (7 | 0xf | EFI_CONVENTIONAL_MEMORY)
TBOOT: 000000000009e000 - 000000000009f000 (0 | 0xf | EFI_RESERVED_TYPE)
TBOOT: 000000000009f000 - 00000000000a0000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 0000000000100000 - 0000000000800000 (7 | 0xf | EFI_CONVENTIONAL_MEMORY)
TBOOT: 0000000000800000 - 0000000005ea0000 (2 | 0xf | EFI_LOADER_DATA)
TBOOT: 0000000005ea0000 - 0000000063961000 (7 | 0xf | EFI_CONVENTIONAL_MEMORY)
TBOOT: 0000000063961000 - 0000000065961000 (1 | 0xf | EFI_LOADER_CODE)
TBOOT: 0000000065961000 - 00000000659e1000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 00000000659e1000 - 000000006bdd0000 (7 | 0xf | EFI_CONVENTIONAL_MEMORY)
TBOOT: 000000006bdd0000 - 000000006bdf4000 (1 | 0xf | EFI_LOADER_CODE)
TBOOT: 000000006bdf4000 - 000000006be11000 (7 | 0xf | EFI_CONVENTIONAL_MEMORY)
TBOOT: 000000006be11000 - 000000006be12000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006be12000 - 000000006be13000 (2 | 0xf | EFI_LOADER_DATA)
TBOOT: 000000006be13000 - 000000006be19000 (7 | 0xf | EFI_CONVENTIONAL_MEMORY)
TBOOT: 000000006be19000 - 000000006d7b0000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d7b0000 - 000000006d7cb000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d7cb000 - 000000006d7f6000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d7f6000 - 000000006d7f8000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d7f8000 - 000000006d7fd000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d7fd000 - 000000006d7ff000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d7ff000 - 000000006d804000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d804000 - 000000006d808000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d808000 - 000000006d810000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d810000 - 000000006d812000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d812000 - 000000006d818000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d818000 - 000000006d819000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d819000 - 000000006d830000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d830000 - 000000006d834000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d834000 - 000000006d83c000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d83c000 - 000000006d844000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d844000 - 000000006d85c000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d85c000 - 000000006d862000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d862000 - 000000006d872000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d872000 - 000000006d8be000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d8be000 - 000000006d901000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d901000 - 000000006d904000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d904000 - 000000006d9d9000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d9d9000 - 000000006d9e0000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d9e0000 - 000000006d9eb000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d9eb000 - 000000006d9f0000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006d9f0000 - 000000006d9f9000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006d9f9000 - 000000006da36000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006da36000 - 000000006e922000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006e922000 - 000000006e939000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006e939000 - 000000006e949000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 000000006e949000 - 000000006e951000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 000000006e951000 - 0000000071360000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 0000000071360000 - 000000007162c000 (7 | 0xf | EFI_CONVENTIONAL_MEMORY)
TBOOT: 000000007162c000 - 0000000072155000 (3 | 0xf | EFI_BOOT_SERVICES_CODE)
TBOOT: 0000000072155000 - 0000000075255000 (0 | 0xf | EFI_RESERVED_TYPE)
TBOOT: 0000000075255000 - 000000007536f000 (9 | 0xf | EFI_ACPI_RECLAIM_MEMORY)
TBOOT: 000000007536f000 - 000000007544c000 (10 | 0xf | EFI_ACPI_MEMORY_NVS)
TBOOT: 000000007544c000 - 0000000075f66000 (6 | 0x800000000000000f | EFI_RUNTIME_SERVICES_DATA)
TBOOT: 0000000075f66000 - 0000000075fff000 (5 | 0x800000000000000f | EFI_RUNTIME_SERVICES_CODE)
TBOOT: 0000000075fff000 - 0000000076000000 (4 | 0xf | EFI_BOOT_SERVICES_DATA)
TBOOT: 0000000100000000 - 000000107fc00000 (7 | 0xf | EFI_CONVENTIONAL_MEMORY)
TBOOT: 00000000000a0000 - 0000000000100000 (0 | 0x0 | EFI_RESERVED_TYPE)
TBOOT: 0000000076000000 - 000000007a000000 (0 | 0xf | EFI_RESERVED_TYPE)
TBOOT: 000000007a600000 - 000000007a800000 (0 | 0xf | EFI_RESERVED_TYPE)
TBOOT: 000000007ac00000 - 000000007b000000 (0 | 0x0 | EFI_RESERVED_TYPE)
TBOOT: 000000007b000000 - 000000007c000000 (0 | 0x9 | EFI_RESERVED_TYPE)
TBOOT: 000000007c000000 - 0000000080400000 (0 | 0x0 | EFI_RESERVED_TYPE)
TBOOT: 00000000c0000000 - 00000000d0000000 (11 | 0x8000000000000001 | EFI_MEMORY_MAPPED_IO)
TBOOT: 00000000fe000000 - 00000000fe011000 (11 | 0x8000000000000001 | EFI_MEMORY_MAPPED_IO)
TBOOT: 00000000fec00000 - 00000000fec01000 (11 | 0x8000000000000001 | EFI_MEMORY_MAPPED_IO)
TBOOT: 00000000fed00000 - 00000000fed01000 (11 | 0x8000000000000001 | EFI_MEMORY_MAPPED_IO)
TBOOT: 00000000fed20000 - 00000000fed80000 (0 | 0x0 | EFI_RESERVED_TYPE)
TBOOT: 00000000fee00000 - 00000000fee01000 (11 | 0x8000000000000001 | EFI_MEMORY_MAPPED_IO)
TBOOT: 00000000ff000000 - 0000000100000000 (11 | 0x800000000000100d | EFI_MEMORY_MAPPED_IO)
TBOOT: Original E820 memory map:
TBOOT: 0000000000000000 - 000000000009e000 (1 - E820_RAM)
TBOOT: 000000000009e000 - 000000000009f000 (2 - E820_RESERVED)
TBOOT: 000000000009f000 - 00000000000a0000 (1 - E820_RAM)
TBOOT: 00000000000a0000 - 0000000000100000 (2 - E820_RESERVED)
TBOOT: 0000000000100000 - 0000000072155000 (1 - E820_RAM)
TBOOT: 0000000072155000 - 0000000075255000 (2 - E820_RESERVED)
TBOOT: 0000000075255000 - 000000007536f000 (3 - E820_ACPI)
TBOOT: 000000007536f000 - 000000007544c000 (4 - E820_NVS)
TBOOT: 000000007544c000 - 0000000075f66000 (2 - E820_RESERVED)
TBOOT: 0000000075f66000 - 0000000075fff000 (20 - unknown type)
TBOOT: 0000000075fff000 - 0000000076000000 (1 - E820_RAM)
TBOOT: 0000000076000000 - 000000007a000000 (2 - E820_RESERVED)
TBOOT: 000000007a600000 - 000000007a800000 (2 - E820_RESERVED)
TBOOT: 000000007ac00000 - 0000000080400000 (2 - E820_RESERVED)
TBOOT: 00000000c0000000 - 00000000d0000000 (2 - E820_RESERVED)
TBOOT: 00000000fe000000 - 00000000fe011000 (2 - E820_RESERVED)
TBOOT: 00000000fec00000 - 00000000fec01000 (2 - E820_RESERVED)
TBOOT: 00000000fed00000 - 00000000fed01000 (2 - E820_RESERVED)
TBOOT: 00000000fed20000 - 00000000fed80000 (2 - E820_RESERVED)
TBOOT: 00000000fee00000 - 00000000fee01000 (2 - E820_RESERVED)
TBOOT: 00000000ff000000 - 0000000100000000 (2 - E820_RESERVED)
TBOOT: 0000000100000000 - 000000107fc00000 (1 - E820_RAM)
TBOOT: checking if module is an SINIT for this platform...
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xb00c, revision: 0x1
TBOOT: processor family/model/stepping: 0x906a4
TBOOT: platform id: 0x1c000000000000
TBOOT: 3 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb00f, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: vendor: 0x8086, device: 0xb012, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: vendor: 0x8086, device: 0xb00c, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: 6 ACM processor id entries:
TBOOT: fms: 0x90670, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: fms: 0x906a0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: SINIT matches platform
TBOOT: TXT.SINIT.BASE: 0x0
TBOOT: TXT.SINIT.SIZE: 0x0 (0)
TBOOT: BIOS-reserved SINIT size (0) is too small for loaded SINIT (1fdc0)
TBOOT: SINIT ACM not provided.
TBOOT: reserving tboot memory log (60000 - 6ffff) in e820 table
TBOOT: got sinit match on module #2
TBOOT: v2 LCP policy data found
TBOOT: ELF magic number is not matched, image is not ELF format.
TBOOT: assuming kernel is Linux format
TBOOT: Kernel (protected mode) from 0x6000000 to 0x6a06400
TBOOT: Kernel (real mode) from 0x90000 to 0x94000
TBOOT: Linux cmdline from 0x98d00 to 0x99100:
TBOOT: root=/dev/nvme0n1p2 ro noefi
TBOOT: EFI memmap: memmap base: 0x71808, memmap size: 0xd80
TBOOT: EFI memmap: descr size: 0x30, descr version: 0x1
TBOOT: transfering control to kernel @0x6000000...
|
15 messages has been excluded from this view by a project administrator.
