First I used the wrong SINIT and I had the pcr sanity check failed error, but then I corrected this mistake.
But now after tboot messages pass the computer (Thinkpad x270 with 6th gen) reboots.
After this I resetup AEM but the issue persists
I enabled vga_logging and possibly not great stuff are ACM info_table version mismatch.
no LCP module found unsupported BIOS data version failed to read policy from TPM NV, using default policy failed to get public data of 0x40000001 (and with 2 also) in TPM NV`
UPDATE: the first time I actually used the correct SINIT, the updated ones, just that time PCR santiy check failed. The boot loop is only with the original SINIT files. Now that I am using the updated ones again, it was sealed correctly. I had to do the workaround for the missing chunk of ram.
However when booting with AEM waking from suspend is broken! The first boot, before fixing the ram, it would suspend but simply not wake. But now it (Thinkpad x270 with 6th gen cpu) doesn’t suspend at all: the fans at first keep spinning, the display turns off, but the power LED is flashing at high speed (usually when suspended the power LED is slowly fading in and out)
When booting without AEM: suspend works perfectly.
So maybe you should boot AEM after you lose complete physical possession, and after verifying you can boot into non-AEM, where suspend works, if you really need suspend.
Note that I installed AEM on internal hard disk, which requires SRK password to be set, but the documentation mentions that some ram integrity after exiting s3 sleep only works without SRK password. So is this breakage intentional?