1 2 Previous Next 23 Replies Latest reply on Mar 27, 2017 11:56 AM by John_Ewalt

    NUC 6i7KYB TPM

    John_Ewalt

      I'm trying to enable TPM (PTT or fTPM) on the NUC 6i7KYB. I am currently running BIOS 42 (KYSKLi70.086A.0042.2016.0929.1933) which is the newest I can find.  I have turned on PTT in the BIOS and am booting secure UEFI.  I don’t see any the PCRs and my kernel module is throwing an error on loading.  I think I have debugged the problem down to ACPI IO Resources.  The MSFT0101 memory region (as defined in APCI) is at 0xFED40000 – 0xFED4087F.  When the TPM driver (tpm_crb.ko) starts, it reads the command buffer size (0xF80) from the TPM2 command size register and tries to allocate space at starting at 0xFED40080.  This is larger than the size of MSFT0101 and the module loading fails.  So one value is wrong, either the size of MSFT0101 or the command/receive buffer size reported by the TPM2 (PTT) registers.  I have modified the driver to use a smaller buffer size (0x7F0) but that does not work so I think it must require the entire buffer space.

       

      Disassembling the ACPI tables, I can see that the _CRS method returns 0x880 but I don't know enough about ACPI to understand why.  So, is there a newer BIOS I should be using?  I know Intel doesn't like to support Linux, but that is a requirement.  I know that there is active development on this module by several Intel developers and I don't think this is a Linux problem.  Any help would be appreciated.

       

      Message was edited by: John Ewalt

        • 1. Re: NUC 6i7KYB TPM
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hello John_Ewalt,

           

          Could you please confirm the Intel® NUC model that you are using? Do you have the kit or your the board?

           

          Regards,

          Amy.

          • 2. Re: NUC 6i7KYB TPM
            John_Ewalt

            I have the kit.  I guess the NUC6i7KYB is the bare board which is the value reported in the BIOS screen.

            • 3. Re: NUC 6i7KYB TPM
              John_Ewalt

              To clarify, I have the NUC6i7KYK.

              • 4. Re: NUC 6i7KYB TPM
                Intel Corporation
                This message was posted on behalf of Intel Corporation

                Thank you for the clarification.

                 

                Now, please let me review your inquiry. I will keep you posted.

                 

                Regards,

                Amy.

                • 5. Re: NUC 6i7KYB TPM
                  John_Ewalt

                  Has there been any progress made on investigating why TPM (PTT) is not working on the NUC6i7KYK?

                  • 6. Re: NUC 6i7KYB TPM
                    rguevara

                    Hi John_Ewalt,

                     

                    The Intel® NUC Kit NUC6i7KYK does not support TPM (it doesnt have the chip) you can double check that on Ark: Intel® NUC Kit NUC6i7KYK Product Specifications  under Advanced Technologies section.

                    On the other hand, it does support Intel® Platform Trust Technology (Intel® PTT), see more details here: Trusted Platform Module Information

                     

                    I hope this helps,

                    Ronny G

                    • 7. Re: NUC 6i7KYB TPM
                      John_Ewalt

                      I understand that, but PTT performs similar functionality to TPM2.0 and most people know what TPM is but maybe not PTT.  So, I have enabled PTT and see the ACPI object for a TPM2.0 device but it doesn't work.  The memory the TPM2.0 registers say they need and the memory reserved in ACPI do not match.  I am asking to find out which is correct (see my first post) and to get updated BIOS to support this.  If Intel is going to advertise some functionality, it should support it.

                      • 8. Re: NUC 6i7KYB TPM
                        rguevara

                        Hi John_Ewalt,

                         

                        I have to ask you for more details, I would have to investigate a lot more on this issue and will need to pull in some peers to help me out so I need all possible details you can provide me with, for instance:

                         

                        • Detailed description of the implementation that you are trying to accomplish
                        • Operating System and applications
                        • Kernel error messages (you mentioned your system is showing at loading)
                        • Error Screenshots if possible.
                        • Anything else that you consider important.

                         

                        Thanks,

                        Ronny G

                        • 9. Re: NUC 6i7KYB TPM
                          John_Ewalt

                          I am currently running Ubuntu 14.04 and have updated to the Linux 4.10.0 kernel as I see quite a bit of activity on the tpm_crb kernel driver by Intel employees (I wanted to get the latest patches available).  I have made some modifications to the tpm_crb.ko module to add debugging but I get the same errors regardless of the kernel I am using. 

                           

                          I am attempting to enable full disk encryption using TPM to provide the key.  I have done this on other Linux systems and I know it works with Ubuntu 14.04.

                           

                          The errors I am seeing are:
                          tpm_crb MSFT0101:00: can't request region for resource [mem 0xfed40080-0xfed40fff]

                          tpm_crb: probe of MSFT0101:00 failed with error -16

                           

                          As near as I can tell, this is due to the the TPM cmd size register returning 0xf80 as the command buffer size while the memory region specified in ACPI is fixed at 0x7f0 bytes long.  My best guess is that the ACPI settings are incorrect and can be fixed with a BIOS update.  However, I that is just a guess.

                          • 10. Re: NUC 6i7KYB TPM
                            John_Ewalt

                            After more investigation, I now know this is a BIOS bug.  I modified the Linux Kernel resource allocation to ignore what is specified in the ACPI data and force the size of the MSFT0101 area (0xFED4_0000) to be 0x1000 bytes long. After doing this, I can now read the PCRs.  Is there any way I can be put in touch with a BIOS developer from Intel?  I know this is a bug and it should be  easy to validate with the information I have provided.  I would really appreciate an update as soon as possible as I believe this to be a single line error in the ACPI (LTFE is set to 0x880 instead of 0x1000).

                             

                            Is this something I can change without loading new BIOS? Possibly writing a firmware file?

                            1 of 1 people found this helpful
                            • 11. Re: NUC 6i7KYB TPM
                              John_Ewalt

                              Any Progress?

                              • 12. Re: NUC 6i7KYB TPM
                                John_Ewalt

                                rguevara, any status updates?  Please see my latest posts.  This is a BIOS bug and is stopping my progress. 

                                • 13. Re: NUC 6i7KYB TPM
                                  John_Ewalt

                                  It has now been over a week since I provided the requested information.  I would really appreciate a followup.  Is this even being looked at?

                                  • 14. Re: NUC 6i7KYB TPM
                                    N.Scott.Pearson

                                    From personal experience, as a former member of this team, I can tell you that the process for investigating an issue, finding the actual root cause, developing a fix, regressing this fix and then fully validating this fix within a production-level BIOS (along with other fixes) can take many weeks (if not months).

                                     

                                    Intel will not commit to and does not release schedules for BIOS updates. Quite simply, too many things can force schedules to (need to) be altered. As Ronny said, the problem has been reported. When the fix is available, Intel will let you know. Do not expect anything sooner (you will only be disappointed if you do). Nagging doesn't help.

                                     

                                    Sorry, but this is the reality of the situation (don't shoot the messengers).

                                    ...S

                                    1 2 Previous Next