AEM with ThinkPad W520

User Support Hardware Issues
1

Does anyone has experience with installing AEM (Anti Evil Maid) on ThinkPad W520?
I’m trying to install it since several weeks and it does not work.

TPM seems to be supported and TXT is enabled.
I finally finished to reset the already used chip with tpm_clear --force (instead of tmp_clear -z like in the README) and then going to the BIOS and use the appeared clear option.

I’ve made sure I’m not using UEFI and I have LUKS for the whole volume group.

I have successfully used the RACM tool with FreeDOS.

I got the right SINIT module and found out that I indeed have to rename it to 2nd_gen_i5_i7_SINIT_51.BIN (with uppercase BIN, not lower case: Then the logs of tboot shown with vga and vga_delay=30 are showing that the module is not found).
The logs are also confirming me that it is the right module for the platform.

But one problem seems unsolvable for me: If I boot using the AEM option (using an external boot media (USB) or using an internal boot partition), the boot process is crashing after the executing GETSEC[SENTER] tboot log information and the computer reboots into some kind of bootloop that only ends if I’m using a non AEM boot option or power off the computer.

I tried to solve the problem by verifying and compiling different tboot versions from SourceForge (1.10.0 and 1.9.9; 1.9.5 is not compiling), but that does not change anything. (Source: Anti Evil Maid / PCR sanity check failed - #4 by sebuq)

Using boot options for tboot like min_ram=0x2000000 doesn’t solve the problem, either (Source: AEM boot option causes hard reboot/partial shutdown · Issue #2155 · QubesOS/qubes-issues · GitHub)

2

Tboot upgraded version worked for my X260. You must download latest upgraded racm modules from this link . Rename the file SNB_IVB_SINIT_20190708_PW.bin to 2nd_gen_i5_i7_SINIT_51.BIN Copy the file to boot in dom0 and run grub2-mkconfig -o /boot/grub2/grub.cfg If you see that module does not appear in grub.cfg in aem with xen hypervisor section add it manually. Are you sure you clear, activate and enable tpm in bios? I successfully did it by running echo 14 >/sys/class/tpm/tpm0/ppi/request Reboot and press f9 to confirm the process. That worked for me.

Let me tell you about an issue in X230. With latest bios version was impossible to clear activate and enable tpm in bios. So I flashed an older version, i clear, activate and enable tpm successfully, then flash latest bios and finally take ownership of the tpm.

Before take ownership of TPM you must run → systemctl start tcsd

I hope the instructions above help you

3

sebuq, thank you for your reply - but I already have done almost everything you have suggested:

This is already done. I checked my files and compare them with “your” version with sha512sum: They are the same.

The BIN file already apperas in grub.cfg

Yes, I’m sure that I have cleared, activated and enabled tpm in bios. As I described I used tpm_clear --force and then reboot into BIOS to use the according option. This worked - if it wouldn’t work, the following parts of AEM installation (using the commands in Dom0) would complain about not knowing the owership password for the module.

This is also something I already found out.

Ok, so I shouldn’t try to upgrade the bios because if I do so maybe I will work less than before.

4

I do not know. The process you followed seems to be correct. Did you install aem in internal or external drive? For internal drive try to follow the steps as appearing below.

  1. sudo -s
  2. echo 14 >/sys/class/tpm/tpm0/ppi/request
  3. Reboot. If you do not see the blue screen try to clear, activate and enable tpm 1.2 in bios manually.
  4. open dom0 terminal again sudo -s
  5. systemctl start tcsd
  6. anti-evil-maid-tpm-setup (without -z option. z option is only for external drive)
  7. Copy paste sinit module in boot partition
  8. anti-evil-maid-install /dev/sdx (replace x for your boot partition. In my case sda1)
  9. cd /var/lib/anti-evill-maid/aem Create a secret.txt file
  10. echo ‘export GRUB_CMDLINE_TBOOT=min_ram=0x2000000’ >>/etc/default/grub
  11. grub2-mkconfig -o /boot/grub2/grub.cfg
5

That works :wink:

Works if one not forget to type the whitespace between the 14 and the >.

Blue screen does appear and I can do the reset.

Still works.

Is already enabled.

anti-evil-maid-tpm-setup: You must reset/clear your TPM first!
Strange.

I have tried another method to reset the TPM: using the option inside the BIOS.
But this option does only appear in rare chases and I didn’t found out what to do to make it appear if I need it. It seems to be very random.
After some time the option has appeared and I used it and reboot - without success.

But at least running tpm_clear without any option and entering the password from /var/lib/anti-evil-maid/tpm-owner-pw works.

So, again:

Now, this is working.

Already done before.

Works.

Already done.

OK.

OK.

After a reboot, there is no bootloop anymore (Thank you very much), but there is the following error message:

Failed to seal secrets (error @ line 184)
Press <ENTER> to continue…

After rebooting several time, I found out that my SRK password does not work.
The error message:

[...]
Promting for SRK password...
Tspi_TPM_GetRandom failed: 0x00000006 - layer=tpm, code=0006, TPM is deactivated
anti-evil-maid-unseal: Wrong SRK password...
[...]

I have tried to access the TPM via command line in Dom0, but then I get the “TPM is deactivated” error message, too. I have tried to reboot and enable the TPM in BIOS - but it is already enabled and disable and enable it again did not help. I have tried tpm_resetdalock because I entered a SRK password that is suspected to be wrong 3 times. But there is the same error message. Also waiting for 20h like some website said does not help.

Last, but not least, I have reset the TPM with the cat method and have reinstalled AEM while setting the SRK password to something that I definitely cannot type incorrect.

Now I’m getting exactly the same error message. And no, it has nothing to do with the keyboard layout - the “password” includes numbers only.

6

You get the errors because TPM is not activated. Even if you see in bios that is activated probably is not. If you do not see the blue screen the command echo 14 >/sys/class/tpm/tpm0/ppi/request not worked. Type the command as it is without whitespace.

I mentioned before that I was able to clear enable and activate tpm by flashing older bios. Then I flashed latest and i was able to take ownership of tpm.

7

Now I have installed an older BIOS version (1.32 instead of 1.43).

I see the bluescreen after using the echo 14 >/sys/class/tpm/tpm0/ppi/request command and can clear the tpm. Rebooting is working; setting up SRK password with anti-evil-maid-tpm-setup, too. But the commands output doesn’t include the “taking ownership message” as usual.
After a reboot, there is the same error as before: TPM is deactivated
Checking the BIOS settings: TPM seems to be enabled.
Again, disabling, rebooting and enabling does not fix the issue.

Resetting the TPM in BIOS. Repeat.
Now, I get the “taking ownership”-message, but if I boot Qubes with AEM, I’m stuck in a bootloop again.

8

Here are some parts of the tboot log (because I can only see them on the monitor, I can not provide full logs):

TPM is ready
TPM nv_locked: TRUE
[...]
TPM: get capability, return value = 00000002
TPM: fail to get public data of 0x20000001 in TPM NV
        : reading failed.
[...]
TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 0000000

Error: write TPM error: 0x2
SMX is enabled
TXT chipset and all needed capabilites present
TXT.ERRORCODE: 0x0

checking pervious errors on the last boot.
TPM: read nv index 20000002 offset 00000000, return value = 00000002
ERROR: read TPM error: 0x2
[...]
[...]
[...]
[...]
executing GETSEC[SENTER]...
9

If you successfully clear activate and enable tpm with the command flash the newest version again and take tpm ownership with the latest version not the old one. Check your settings in bios. Maybe there is a setting for activation that you have to change manually. I do not know how W520 bios settings are exactly.

10

After several tests I found out that clearing the TPM directly in BIOS (if the option for this does appear) is working and enables me to use the TPM (currently I’m using the latest bios available for the W520).

If TPM is successfully enabled and activated (as I can see in the tboot logs), tboot is working until it executes GETSEC[SENTER] - then it the system crashes and the laptop restarts.

If TPM is not enabled, it boots Qubes OS which is asking for an srk password - but according to the tboot logs GETSEC[SENTER] is never executed in this case - so my “progress” in preventing the bootloop was only a fallback option because of the not activated TPM.

(I tested both with the tboot version that comes with Qubes OS (1.8.2) and with the most current one (1.10.0))

11

Ok I understood that is really annoying trying so long time. Did you rename SNB_IVB_SINIT_20190708_PW.bin to 3rd_gen_i5_i7_SINIT_67.BIN? If yes, try the default BIN file from intel page. RACM file you used do not work for all laptops.

12

I have tried it and using the 2nd_gen_i5_i7_SINIT_51.BIN file from your link to the intel website does not help.

I’m sure the 2nd_gen file should be compatible because I looked up the code name of the CPU shown in BIOS (Sandy Bridge) and for this CPUs, the table from intels websites lists the 2nd_gen file.

AFAIK the SNB_IVB_SINIT_20190708_PW.bin file is for both, Sandy Bridge and Ivy Bridge (see pdf in the zip file containing the SNB_IVB_SINIT_20190708_PW.bin file).

For both files (the 2nd_gen file from your link and the 2nd_gen file renamed from the link of the AEM readme) the TBOOT logs are showing the message that it is the right module for my platform.

By the way, the RACM tool I have used has said that it had run successfully (although I know that this does not necessarily means that everything has worked without any error). Also, I have used the RACM tool for the 3rd gen platform because it is compatible and suggested by the AEM readme.

But wait - if the RACM tool from 3rd gen platform is compatible with the 2nd gen platform - maybe the 3rd gen sinit module is compatible, too?

If I’m using that module (from 3rd-gen-i5-i7-sinit-67.zip, see Intel® Trusted Execution Technology (TXT)) and rename it to 2nd_gen_i5_i7_SINIT_51.BIN and boot, there is a black screen - but no crash anymore.

Setting the iommu boot option of xen to required fixes that issue. This can be be done in the /etc/default/grub file using sudo vi /etc/default/grub to edit it. Then running grub2-mkconfig -o /boot/grub2/grub.cfg, then anti-evil-maid-install /dev/sda1 and then reboot.

Thank you for your help. sebuq :slight_smile:

13

It’s possible to use 3rd gen SINIT/RACM on 2nd gen platforms. In fact, the
only RACM available at the time of writing is for the 3rd gen, while the 2nd
gen platforms were also affected by the buffer overflow bug in old SINIT
version.

Its your last chance :slight_smile: Oh I thought you were using 3rd gen not 2nd. Good luck. I hope this time everything is ok

14

Sorry for not making myself clear enouth, but my last posts message is about that my problems are solved now (and how I have achieved that) :slight_smile:

1 Like