ACM exits with an undocumented error

macpijan commented 10 months ago

Device

Lenovo M920q

Dasharo version

Not a Dasharo firmware

Affected component(s) or functionality

Intel ACM and/or Lenovo stock firmware

Brief summary

ACM exits with an undocumented error

How reproducible

100%

How to reproduce

Load both CFL ACM's from: https://openxt.ainfosec.com/OpenXT/mirror/ via GRUB command, and start SINIT

Expected behavior

No error, or documented error

Actual behavior

it ends with error 0xC00014A1, not described in documentation for this ACM

Screenshots

grub> slaunch
grub> slaunch_module /sinit_old.bin
loader/i386/txt/acmod.c:433: chipset production fused: yes, chipset vendor:
0x8086, device: 0xb008, revision: 0x1
loader/i386/txt/acmod.c:441: processor family/model/stepping: 0x906ea, platform
id: 0x4000000000000
loader/i386/txt/acmod.c:460: 1 SINIT ACM chipset id entries:
loader/i386/txt/acmod.c:465:   vendor: 0x8086, device: 0xb008, flags: 0x1,
revision: 0x1, extended: 0x0
loader/i386/txt/acmod.c:508: 4 SINIT ACM processor id entries:
loader/i386/txt/acmod.c:513:   fms: 0x806e0, fms_mask: 0xfff3ff0, platform_id:
0x0, platform_mask: 0x0
loader/i386/txt/acmod.c:513:   fms: 0x906e0, fms_mask: 0xfff3ff0, platform_id:
0x0, platform_mask: 0x0
grub> multiboot2 /xen.gz placeholder console=tty0 console=ttyS0,115200 loglvl=al
l guest_loglvl=all com1=115200,8n1 console=com1 no-real-mode edd=off
loader/multiboot.c:109: align=0x200000, preference=0x2, load_size=0x3f7000,
avoid_efi_boot_services=0
loader/multiboot.c:158: load_base_addr=0x38600000, source=0x38600000
loader/multiboot.c:181: mle_ptab_mem = 0x200000, mle_ptab_target = 200000,
mle_ptab_size = 200000
loader/multiboot.c:195: relocatable=1, link_base_addr=0x200000,
load_base_addr=0x38600000
loader/multiboot.c:205: segment 0: paddr=0x200000, memsz=0x3f7000,
vaddr=0x200000
loader/multiboot.c:211: segment 0: load_offset=0x0
loader/multiboot.c:265: slparams->mle_header_offset: 0x000000a0
loader/multiboot_mbi2.c:420: tpm_evt_log_base = 38bdb000, tpm_evt_log_size =
8000
grub> boot
loader/i386/txt/acmod.c:545: TXT.SINIT.BASE: 0x38ec0000
TXT.SINIT.SIZE: 0x50000
loader/i386/txt/acmod.c:555: SINIT ACM date: 20211019
loader/i386/txt/txt.c:946: Init TXT heap
loader/i386/txt/txt.c:557: TXT heap 0x38f10000
loader/i386/txt/txt.c:562: OS MLE data: 0x38f1005e
loader/i386/txt/txt.c:578: Saving MTRRs to OS MLE data
loader/i386/txt/txt.c:582: Get supported OS SINIT data version
loader/i386/txt/txt.c:591: OS SINIT data: 0x38f102da
loader/i386/txt/txt.c:632: vtd_pmr_lo_base: 0x0 vtd_pmr_lo_size: 0x38c00000
vtd_pmr_hi_base: 0x100000000 vtd_pmr_hi_size: 0x3bf800000
loader/i386/txt/txt.c:641: SINIT capabilities 0000036e
loader/i386/txt/txt.c:696: TPM 2.0 detected
loader/i386/txt/txt.c:697: Setting up TXT HEAP TPM event log element
loader/i386/txt/txt.c:720: TXT HEAP init done
loader/i386/txt/txt.c:952: TXT heap successfully prepared
loader/i386/txt/txt.c:972: TPM localities relinquished
loader/i386/txt/txt.c:369: setting MTRRs for acmod: base=0x38ec0000,
size=20d00, num_pages=33
loader/i386/txt/txt.c:386: The maximum allowed MTRR range size=64 Pages
loader/i386/txt/txt.c:978: MTRRs set for ACMOD
loader/i386/txt/txt.c:224: CPU supports processor-based S-CRTM
loader/i386/txt/txt.c:227: CPU supports preserving machine check errors
loader/i386/txt/txt.c:984: CPU prepared for secure launch

Additional context

After this is reboots and further attempts are blocked because of the error mentioned above

Solutions you've tried

No response

pietrushnic commented 10 months ago

@bdelgado1995 do you know anyone who can say something about the problem?

bdelgado1995 commented 10 months ago

I'll see if I can check with a few people. Will let you know if I learn anything useful.

bdelgado1995 commented 10 months ago

Got some input, can you update the microcode patch to the latest and try again?

miczyg1 commented 9 months ago

@macpijan do we have the latest BIOS on this Lenovo M920Q?

Dasharo / dasharo-issues