Showing results for 
Search instead for 
Did you mean: 

Intel NUC NUC7i7DNKE SINIT ACM for linux tboot?

1 - What if any SINIT is needed for Dawson Canyon 8th gen NUCs (NUC7i7DNKE)?

2 - What is the correct what to determine if an SINIT is needed and if so which SINIT ACM, from linux? 

There is a section in dmidecode on my system that appears related to TXT ACM;

Handle 0x004B, DMI type 221, 33 bytes
OEM-specific Type
        Header and Data:
                DD 21 4B 00 04 01 00 03 00 00 00 00 02 00 00 00
                00 70 00 03 00 00 05 00 00 00 04 00 FF FF FF FF
                Reference Code - CPU
                uCode Version
                TXT ACM Version
                BIOS Guard Version


0 Kudos
4 Replies

I installed all the SINIT ACMs and apparently 7th Generation Intel® Core™ i7 and i5 (codename: Kaby Lake) matches the NUC very well

TBOOT: checking if module  is an SINIT for this platform...
TBOOT:   ACM info_table version mismatch (6)
TBOOT:   1 ACM chipset id entries:
TBOOT:       vendor: 0x8086, device: 0xb006, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT:   4 ACM processor id entries:
TBOOT:       fms: 0x406e0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT:       fms: 0x506e0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT:       fms: 0x806e0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: SINIT matches platform



Did you ever get one of those SINITs to work?


I've just debugged my problem and I don't know if it's mine, Intel's or the OEM's...


I have a mobile platform with an Intel 8350U processor. I believe that is classified as a Kaby Lake R processor, but it's called 8th gen. I've tried Intel TXT (using the same flow as I've always used) using the 8th generation SINIT ACM from Intel (8th_gen_i5_i7_SINIT_76.bin). According to the tboot logs, this ACM does not match my platform. So I tried the 7th generation ACM (7th_gen_i5_i7_SINIT_74.bin). It actually matches the platform, and goes a lot further... but even with a fresh TPM clear with no policy, the machine reboots when performing a GETSEC instruction. The error code seems to decode with a version mismatch.

The chipset ID of the platform is b006, which seems to match the 7th generation. That probably explains why it gets so much further... So since this 8th generation processor really uses 7th generation ACM, is there a versioning problem here? Is this an issue with Intel's ACM, HP's BIOS, or would my non-configuration be suspect...?



Yes, we got working very well with our NUC7i7DNKE i7-8650U, both in EFI mode and in legacy mode, using tboot both from latest source code as well as ubuntu's apt get tboot.

We experienced random hangs and reboots earlier, never clearly identified root cause, but we had zero issues later running correct ACM and Ubuntu's grub scripts.