Community
Register Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
RSham3
Beginner
‎11-09-2018 05:48 PM
1,379 Views

Which SINIT ACM should I use with tboot for Intel TXT support on 5i5MYHE?

Hi,

I am new to the forums, and I hope I am posting this to the appropriate forum.

I have a NUC5i5MYHE and I am trying to use tboot on Ubuntu 16.04 LTS. I enabled Intel TXT and VT from the BIOS. Then installed tboot and obtained the 5th generation SINIT ACM (Authenticated Code Module) from the Intel website (https://software.intel.com/en-us/articles/intel-trusted-execution-technology Intel® Trusted Execution Technology (TXT) | Intel® Software). I updated grub and selected tboot for booting. The system rebooted after trying to load the SINIT module (5th_gen_i5_i7-SINIT_79.bin). Then I did some more investigation and found that the SINIT module corresponds to TXT.DIDVID.DeviceID: 0xb002. Running the command txt-stat to obtain the TXT register on my NUC yielded the device_id as 0xb005. There were no ACMs for this particular device ID. So I tried the 6th generation ACM (deviceID: 0xb003) and 7th generation ACM (deviceID: 0xb006) with the same result. Where can I find the appropriate ACM corresponding to device ID: 0xb005 for my NUC?

Thanks a lot

Rayees

0 Kudos

Link Copied

3 Replies
idata
Community Manager
‎11-12-2018 04:58 PM
161 Views

Hello rayees,

 

 

Thank you for joining this Intel Community.

 

 

Intel does not test and validate Intel® NUC on Linux. Also, questions about Intel® Trusted Execution Technology (TXT) are usually supported on the the https://software.intel.com/en-us/forums/intel-vpro-software-development/ Intel Business Client Developer Forum. However, since Intel® NUC Kit NUC5i5MYHE supports this technology, I would like to do further research to determine which SINIT ACM is needed to address this issue.

 

 

We will get back to you soon.

 

 

Wanner G.

 

Intel Customer Support Technician

 

Under Contract to Intel Corporation
0 Kudos
Copy link
RSham3
Beginner
‎11-13-2018 12:14 PM
161 Views

Thanks Wanner for responding to me and looking into the matter. Please let me know once you have more details.

Regards

Rayees

In response to idata
0 Kudos
Copy link
RSham3
Beginner
‎11-14-2018 03:29 PM
161 Views

I found the solution to my question. Posting it here so that it would be useful to someone in the future.

I was using tboot 1.8.3 which came from the Ubuntu distribution. When I downloaded tboot (1.9.8) and built it, I was able to use the SINIT ACM (5th_gen_i5_i7-SINIT_79.bin) successfully.

Well there was one more twist to the story - I was seeing only a mouse cursor even after 10 minutes and the kernel login prompt wouldn't show up. Looking at the kernel logs indicated gpu hang to be the problem.

Doing some search suggested that I need to turn off the intel_iommu. But setting it to off wasn't helpful because tboot turned it on. I found that using the parameter intel_iommu=tboot_noforce for the kernel helped me to boot to the kernel.

This option lowers the security provided by tboot because it makes the system vulnerable to DMA attacks.

Thanks again for all the help.

In response to RSham3
0 Kudos
Copy link
Reply

For more complete information about compiler optimizations, see our Optimization Notice.