When I was trying to use TBOOT to perform Intel TXT Measured Launch with Ubuntu Linux, my platform resets right after invoking GETSEC SENTER. From the decoded error code (TXT.ERRORCODE raw value 0xc0007851) I got error class 5, major 0x1e. The ACM error spreadsheet says ERR_DLCK_CONFIG - "DLOCK bit state unexpected", but I am not sure what should be the expected state. May I get more detailed explanation how to solve this error and what the expected state of DLOCK is? Also I am not sure what the DLOCK really is. Is it the BIOS_DLOCK at SPIBAR offset 0xc?
Testing on Comet Lake U Intel Core i7-10810U with coreboot and TianoCore UEFI Payload as firmware so I can patch the BIOS side if needed. Attached the TBOOT log.
Please help.
Best regards,
--
Michał Żygowski
Firmware Engineer
GPG: 6B5BA214D21FCEB2 https://3mdeb.com | @3mdeb_com
Also I wish the ACM error spreadsheet be consistent with Intel datasheets, i.e. at least change DLCK to D_LCK or to SMRAMC.D_LCK in the spreadhseet. It would already help much.
Appreciate your help.
Best regards,
Michał
Last edit: Michał Żygowski 2023-09-06
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello TBOOT community,
When I was trying to use TBOOT to perform Intel TXT Measured Launch with Ubuntu Linux, my platform resets right after invoking GETSEC SENTER. From the decoded error code (TXT.ERRORCODE raw value 0xc0007851) I got error class 5, major 0x1e. The ACM error spreadsheet says ERR_DLCK_CONFIG - "DLOCK bit state unexpected", but I am not sure what should be the expected state. May I get more detailed explanation how to solve this error and what the expected state of DLOCK is? Also I am not sure what the DLOCK really is. Is it the BIOS_DLOCK at SPIBAR offset 0xc?
Testing on Comet Lake U Intel Core i7-10810U with coreboot and TianoCore UEFI Payload as firmware so I can patch the BIOS side if needed. Attached the TBOOT log.
Please help.
Best regards,
--
Michał Żygowski
Firmware Engineer
GPG: 6B5BA214D21FCEB2
https://3mdeb.com | @3mdeb_com
Hi,
sorry for the long wait.
This is related to D_LCK bit in the SMRAMC register - https://www.intel.com/content/www/us/en/products/docs/processors/core/core-technical-resources.html see datasheet volume 2 for 10th Gen Intel Core CPU Families, section 3.29
SINIT ACM module expects BIOS to set the D_LCK bit, else an error is generated.
Best regards,
Mateusz
Hi Mateusz,
Thank you for your response. I just managed to find this out last weekend :(
It seems coreboot already locks the SMRAMC register, however there was another trap waiting for me. The D_LCK bit needs to be set with PCI I/O access instead of ECAM: https://github.com/Dasharo/coreboot/commit/c7540a73860d653988d21565b892c8427709088d
Also I wish the ACM error spreadsheet be consistent with Intel datasheets, i.e. at least change DLCK to D_LCK or to SMRAMC.D_LCK in the spreadhseet. It would already help much.
Appreciate your help.
Best regards,
Michał
Last edit: Michał Żygowski 2023-09-06