Intel® NUCs
Support for Intel® NUC products
11778 Discussions

NUC10 TPM unavailable on first boot without CMOS battery

jamesk
Beginner
280 Views

I'm using a NUC10i3FNK1 with Ubuntu 18.04 and the latest BIOS installed (0052). Our setup uses the TPM to store encryption keys that are used to decrypt the root filesystem partition during bootup.

 

For testing we wanted to simulate what would happen when the CMOS battery dies (ideally we want everything to continue to work normally when this happens). In order to do this we unplugged the CMOS battery before plugging in the main power supply (BIOS is set to boot automatically after power is applied).

 

On this first boot the NUC fan turned on at full speed for a few seconds before showing the "Intel NUC" boot screen. Next the NUC successfuly launched our initramfs that which retrieves the keys from the TPM. The problem in that the TPM does not appear to be available at this point (no listing in /dev/tpm0, and dmesg shows the following error: "ima: No TPM chip found, activating TPM-bypass!")

 

If I hold down the power button for 20 seconds to force shut down the NUC the TPM is available and all works as expected on the next boot.

 

If I run "reboot" from the initramfs cli, the NUC reboots, but the TPM is not available on the next boot.

 

I'm wondering if anyone has any idea what could be going on here? Is there some kind of hardware/bios bug that prevents the TPM from coming up properly without a CMOS battery?

Labels (1)
0 Kudos
3 Replies
AndrewG_Intel
Moderator
256 Views

Hello @jamesk

Thank you for posting on the Intel® communities.


Please allow us to check this further and we will be posting back as soon as more details are available or if further information is required.


Best regards,

Andrew G.

Intel Customer Support Technician


AndrewG_Intel
Moderator
228 Views

Hello jamesk

Thank you for your patience in this matter.

 

The coin-cell battery that powers the real-time clock and CMOS (complementary metal-oxide-semiconductor) memory is required to maintain the TPM's monotonic counters. One major function of the monotonic counters is for anti-replay protection of the internal Intel TPM data.

If the battery is removed or exhausted, the Intel TPM data will be deleted in accordance with Trusted Computing Group guidelines.

For more details, please refer to the Trusted Platform Module (TPM) Quick Reference Guide.

 

For any other inquiries, please don't hesitate to contact us back.

Best regards,

Andrew G.

Intel Customer Support Technician

 

AndrewG_Intel
Moderator
211 Views

Hello jamesk

We have not heard back from you so we will proceed to close this thread now. If you need any additional information, please submit a new question as this thread will no longer be monitored.


Best regards,

Andrew G.

Intel Customer Support Technician


Reply