Intel® NUCs
Assistance in Intel® NUC products
13318 Discussions

NUC7i3BNB PTT (fTPM) fails after Intel ME / BIOS update

ticapix
Novice
‎09-10-2022 01:37 AM
479 Views
Solved Jump to solution

Hi,

 

I have a NUC7i3BNB NUC (https://ark.intel.com/content/www/fr/fr/ark/products/95070/intel-nuc-board-nuc7i3bnb.html)

 

I had the BIOS version BNKBL357.86A.0080.2019.0725.1139 and the following error when trying the get my TPM EK certificate.

 

root@pve:~# tpm2_getekcertificate
ERROR: Cannot proceed. For further information please refer to: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html. Recovery tools are located here:https://github.com/intel/INTEL-SA-00086-Linux-Recovery-Tools
ERROR: Unable to run tpm2_getekcertificate
root@pve:~#

 

After the BIOS update to version BNKBL357.86A.0088.2022.0125.1102, the fTPM (Intel PTT) seems to be completely broken (journalctrl output)

Sep 09 12:10:41 pve kernel: efi: TPMFinalLog=0x7c855000 ACPI 2.0=0x7c076000 ACPI=0x7c076000 SMBIOS=0x7ce08000 SMBIOS 3.0=0x7ce07000 MEMATTR=0x7a011118 ESRT=0x7ce04e98
Sep 09 12:10:41 pve kernel: ACPI: TPM2 0x000000007C0AD398 000034 (v04 INTEL  NUC7i3BN 00000058 AMI  00000000)
Sep 09 12:10:41 pve kernel: ACPI: Reserving TPM2 table memory at [mem 0x7c0ad398-0x7c0ad3cb]
Sep 09 12:10:41 pve kernel: tpm tpm0: A TPM error (257) occurred attempting the self test
Sep 09 12:10:41 pve kernel: tpm tpm0: A TPM error (257) occurred attempting the self test
Sep 09 12:10:41 pve kernel: ima: No TPM chip found, activating TPM-bypass!

and no TPM device under /dev/ which leads to TPM command to fail

root@pve:~## tpm2_getekcertificate
ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory
[...]
ERROR: Could not load tcti, got: "(null)"
root@pve:~#

From the BIOS release note, is Intel ME 11.8.90.3987 (v9.1) broken ?

 

After the BIOS update, I have new ACPI errors but no idea if this is related

 

[    0.485553] ACPI BIOS Error (bug): Could not resolve symbol [\_PR.PR00._CPC], AE_NOT_FOUND (20210730/psargs-330)
[    0.485579] ACPI Error: Aborting method \_PR.PR01._CPC due to previous error (AE_NOT_FOUND) (20210730/psparse-529)
[    0.485669] ACPI BIOS Error (bug): Could not resolve symbol [\_PR.PR00._CPC], AE_NOT_FOUND (20210730/psargs-330)
[    0.485690] ACPI Error: Aborting method \_PR.PR02._CPC due to previous error (AE_NOT_FOUND) (20210730/psparse-529)
[    0.485776] ACPI BIOS Error (bug): Could not resolve symbol [\_PR.PR00._CPC], AE_NOT_FOUND (20210730/psargs-330)
[    0.485796] ACPI Error: Aborting method \_PR.PR03._CPC due to previous error (AE_NOT_FOUND) (20210730/psparse-529)

 

Any help to fix or understand what's happening is appreciated.

 

Thank you,

Pierre

 

(@pierre_g_)

 

 

 

Preview file
564 KB
0 Kudos
1 Solution
ticapix
Novice
‎09-11-2022 11:34 AM
453 Views
Solved Jump to solution

Solved here https://community.intel.com/t5/Intel-NUCs/NUC7i3BNB-Error-sending-end-of-post-message-to-ME-HECI-disabled/m-p/1413993#M93763

 

TL;DR: need to do a BIOS recovery with the BIOS in Configuration mode, ie yellow jumper removed.

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
ticapix
Novice
‎09-11-2022 11:34 AM
454 Views
Solved Jump to solution

Solved here https://community.intel.com/t5/Intel-NUCs/NUC7i3BNB-Error-sending-end-of-post-message-to-ME-HECI-disabled/m-p/1413993#M93763

 

TL;DR: need to do a BIOS recovery with the BIOS in Configuration mode, ie yellow jumper removed.

0 Kudos
Copy link
Steven_Intel
Moderator
‎09-12-2022 02:04 PM
436 Views
Solved Jump to solution

Hello ticapix,


Thank you for posting on the Intel® communities.   


Due to this product being discontinued, Intel Customer Service no longer supports inquiries for it. I am glad to see that you were able to find a solution on another thread.


You may also find the Discontinued Products website (https://www.intel.com/content/www/us/en/support/discontinued-products.html) helpful to address your request.  


You can get the specifications and verify this product's discontinuance status at the Intel® Product Specifications website > Product Status > "Discontinued". https://ark.intel.com/   


Please keep in mind that this thread will no longer be monitored by Intel. Thank you for your understanding.  


Best regards,


Steven G.

Intel Customer Support Technician.


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.