Dasharo
MSI z790p TCG2 Configuration missing when changing Intel ME mode Disabled (HAP) -> Enabled
Component
Dasharo firmware
Device
MSI Pro Z790-P
Dasharo version
v0.9.1
Dasharo Tools Suite version
Test case ID
Brief summary
When changing from HAP to Enabled TCG2 does not appear. It does when changing from Disabled(Soft) to Enabled
How reproducible
100% in two tries of changing HAP->Enabled and Soft->Enabled each
How to reproduce
In UEFI Setup menu:
- change the Intel ME mode to Disabled(HAP), apply, reboot
- Check for the TCG2 Configuration submenu in Driver Settings - it should be missing
- change Intel ME mode to Enabled, apply, reboot
- Check for the TCG2 Configuration submenu in Driver Settings
Expected behavior
It should reappear
Actual behavior
It does not. But it does every time when transitioning from Intel ME mode Disabled (Soft) to Enabled
Screenshots
Additional context
In the state of Intel ME mode being enabled but TCG2 Configuration submenu missing the me device is visible to the OS
Solutions you've tried
Reflashing the platform with v0.9.1, repeating the sequence, checking if ME is detected in the OS
can you add cbmem logs from when the platform is in this state?
In the state of Intel ME mode being enabled but TCG2 Configuration submenu missing the me device is visible to the OS
After checking for the ME in lspci when transitioning from Disabled (HAP) to Enabled, applying and rebooting the platform freezes on the Dasharo Logo. No text appears. The screen does not change even after over 30 minutes. Cutting off power to the platform and restoring it causes it to boot normally. The TCG2 Configuration appears in the Setup Menu after this. I have repeated the steps to "freeze" the platform, cut off the power and booted into Ubuntu to collect logs from cbmem:
cbmem2.log
cbmemc.log
cbmem1.log
The 1, 2, and c in file names mean the flags -1, -2 and -c were used. Interestingly the cbmem -2 returns nothing.
I will repeat the process to hopefully get something from cbmem -2 as I imagine the logs from the freezed boot would be the most interesting here.
CBMEM is located RAM, so it's going to get lost if you remove power
That makes sense.
A little observation, when the platform is not "freezed", before the Press _ to... text appears on top of the boot logo, a cursor can be seen blinking in the upper left corner for a couple seconds. When the platform "freezes" because of switching from Disabled (HAP) to Enabled the cursor does not appear.
I have managed to pass through the "freezing point" only directly after reflashing the device. Here are the cbmem logs from this one boot:
From what I can see the new log contains hundreds of TPM2 Events whereas the one from a normal boot does not. Example:
│ < LogFormat - 0x00000002
4491 │ < WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x4)
4492 │ < WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xC)
4493 │ < WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x12)
4494 │ < SupportedEventLogs - 0x00000002
Later there is ~1500 lines of what seems to be memory dumps with the memory being interpreted as some events, probably the same TPM events from before. They look like:
│ < Event:
5768 │ < PCRIndex - 8
5769 │ < EventType - 0x0000000D
5770 │ < DigestCount: 0x00000001
5771 │ < HashAlgo : 0x000B
5772 │ < Digest(0): 5D 48 7E 28 57 06 B3 6D 48 EF F0 3E 56 38 3E 46 92 DE 24 B8 67 B3 8F CB 3C 58 96 FD 22 2A 59 57
5773 │ <
5774 │ < EventSize - 0x00000018
The original issue affects the Protectli V1000 series as well. The TCG2 menu appears only on second reboot after changing from HAP to Enabled.
It is quite likely that this is ME property and affects all Intel platforms.
This might also be why https://github.com/Dasharo/dasharo-issues/issues/1575 happens.
Can reproduce this issue on ODROID-H4+ on v0.9.1
