search

Dasharo / dasharo-issues

The Dasharo issue tracker
https://dasharo.com/
25 stars 0 forks source link

MSI z790p TCG2 Configuration missing when changing Intel ME mode Disabled (HAP) -> Enabled #1106

Open philipandag opened 1 month ago

philipandag commented 1 month ago

Component

Dasharo firmware

Device

MSI Pro Z790-P

Dasharo version

v0.9.1

Dasharo Tools Suite version

-

Test case ID

-

Brief summary

When changing from HAP to Enabled TCG2 does not appear. It does when changing from Disabled(Soft) to Enabled

How reproducible

100% in two tries of changing HAP->Enabled and Soft->Enabled each

How to reproduce

In UEFI Setup menu:

Expected behavior

It should reappear

Actual behavior

It does not. But it does every time when transitioning from Intel ME mode Disabled (Soft) to Enabled

Screenshots

image image

Additional context

In the state of Intel ME mode being enabled but TCG2 Configuration submenu missing the me device is visible to the OS image

Solutions you've tried

Reflashing the platform with v0.9.1, repeating the sequence, checking if ME is detected in the OS

mkopec commented 1 month ago

can you add cbmem logs from when the platform is in this state?

In the state of Intel ME mode being enabled but TCG2 Configuration submenu missing the me device is visible to the OS

philipandag commented 1 month ago

After checking for the ME in lspci when transitioning from Disabled (HAP) to Enabled, applying and rebooting the platform freezes on the Dasharo Logo. No text appears. The screen does not change even after over 30 minutes. Cutting off power to the platform and restoring it causes it to boot normally. The TCG2 Configuration appears in the Setup Menu after this. I have repeated the steps to "freeze" the platform, cut off the power and booted into Ubuntu to collect logs from cbmem:

cbmem2.log cbmemc.log cbmem1.log The 1, 2, and c in file names mean the flags -1, -2 and -c were used. Interestingly the cbmem -2 returns nothing.

I will repeat the process to hopefully get something from cbmem -2 as I imagine the logs from the freezed boot would be the most interesting here.

mkopec commented 1 month ago

CBMEM is located RAM, so it's going to get lost if you remove power

philipandag commented 1 month ago

CBMEM is located RAM, so it's going to get lost if you remove power

That makes sense.

A little observation, when the platform is not "freezed", before the Press _ to... text appears on top of the boot logo, a cursor can be seen blinking in the upper left corner for a couple seconds. When the platform "freezes" because of switching from Disabled (HAP) to Enabled the cursor does not appear.

philipandag commented 1 month ago

I have managed to pass through the "freezing point" only directly after reflashing the device. Here are the cbmem logs from this one boot:

cbmem1.log

From what I can see the new log contains hundreds of TPM2 Events whereas the one from a normal boot does not. Example:

  │ <   LogFormat - 0x00000002
4491   │ < WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x4)
4492   │ < WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xC)
4493   │ < WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x12)
4494   │ < SupportedEventLogs - 0x00000002

Later there is ~1500 lines of what seems to be memory dumps with the memory being interpreted as some events, probably the same TPM events from before. They look like:

│ <   Event:
5768   │ <     PCRIndex  - 8
5769   │ <     EventType - 0x0000000D
5770   │ <     DigestCount: 0x00000001
5771   │ <       HashAlgo : 0x000B
5772   │ <       Digest(0): 5D 48 7E 28 57 06 B3 6D 48 EF F0 3E 56 38 3E 46 92 DE 24 B8 67 B3 8F CB 3C 58 96 FD 22 2A 59 57 
5773   │ < 
5774   │ <     EventSize - 0x00000018