5 Replies Latest reply on Nov 3, 2016 10:38 AM by Intel Corporation

    Intel TXT(LT) + TPM 2.0 = BIOS POST loop

    stna1981

      Hello,

       

      there seems to be some strage issue between C236 chipset and Intel Xeon E3 v5 CPUs when Intel TXT(LT) is being used together with a hardware TPM module.

      I noticed the following behaviour on an ASRock Rack board with plugged TPM 1.2 as well as on an ASUS Board with plugged TPM 2.0, both C236 chipset. CPU is a Xeon E3-1245 v5.

       

      I found out that if the Xeon TXT (LT) feature is enabled in the BIOS and the TPM is plugged in, but disabled, both systems hang at POST. If the TPM is set to enabled, the system is not stuck at POST anymore, but after POST the system reboots (POST

      loop). So if I want to use Intel TXT, the TPM must be physically removed. The TPM is recognized by Windows and working properly. The other way round also works, unplugging the TPM allows then to activate Intel TXT. But as TXT is made for use with a hardware TPM, that makes absolutely no sense.

       

      Can you please assist here on how to solve this issue?

       

      Best regards

       

      Stefan

        • 1. Re: Intel TXT(LT) + TPM 2.0 = BIOS POST loop
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hello stna1981:
           
          First of all let me apologize for the lateness on our response.
           
          I just wanted to let you know that from the day we received your inquiry, we are doing an investigation on this matter, so we can provide the most accurate information in regards to your question and the information that you need..
           
          As soon as I get any updates about our research, I will post all the details on this thread.
           
          Once again, let me apologize for any inconvenience.
           
          Any questions, please let me know.
           
          Alberto
           

          • 2. Re: Intel TXT(LT) + TPM 2.0 = BIOS POST loop
            rguevara

            Hi stna1981,

             

            You are correct, you could say that TPM is a component of TXT,  that provides securely-generated cryptographic keys. This is a hardware-based mechanism that stores cryptographic keys and other data related to Intel TXT within the platform. It also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment. The attestation process uses the TPM to establish mutual trust between parties regarding execution environment during runtime.

            The very first thing that I would recommend that you check is that TPM 1.x (mostly 1.2) was the standard for a long time. In 2014 vendors are starting to ship TPM 2.0, not backward compatible. You must match the TPM to the vendor's system requirements.

             

            Please check on that and provide more details on the versions so that I can either help you or address you in the right direction.

             

            I would also recommend that you check on the following Intel® Trusted Execution Technology (Intel® TXT) Enabling Guide | Intel® Software  there is a forum that could be very helpful.

             

            Regards,

            Ronny G

            • 3. Re: Intel TXT(LT) + TPM 2.0 = BIOS POST loop
              Intel Corporation
              This message was posted on behalf of Intel Corporation

              Hello:
               
              Thank you very much to rguevara for the information provided above.
               
              To stna1981:
               
              I just wanted to check if the information provided above was useful for you, and also if you need further assistance on this matter?
               
              Any questions, please let me know.
               
              Alberto
               

              • 4. Re: Intel TXT(LT) + TPM 2.0 = BIOS POST loop
                stna1981

                Hi Alberto,

                 

                I'm still in discussion with AsRock Rack, seems they only implemented TXT for servers, but C236 needs TXT for clients...

                 

                Best regards

                 

                Stefan

                • 5. Re: Intel TXT(LT) + TPM 2.0 = BIOS POST loop
                  Intel Corporation
                  This message was posted on behalf of Intel Corporation

                  Hello stna1981:
                   
                  Thank you very much for sharing that information.
                   
                  Hopefully ASrock might be able to provide a solution to resolve the problem, so you can use the Intel TXT(LT) + TPM 2.0.
                   
                  Any questions, please let me know.
                   
                  Alberto