I recently had a fresh installation(legacy boot) of Qubes OS on my Thinkpad X260. Everything seems to work absolutely good. I decide to install anti-evil-maid and configure my system.
I followed the steps of github.
- echo 14 >/sys/class/tpm/tpm0/ppi/request to clear the tpm.
- Take ownership of the tpm and set srk passwd
- Install anti-evil-maid on /dev/sda1 (boot partition)
- Start-enable tcsd
- Copy on /boot partition the RIGHT sinit module.
- Reboot the system
- Choose Aem Qubes and set the correct passwd to unseal the secrets.
- Enter my disk passphrase but on the left corner i see a message “PCR sanity check failed”
Then my txt-stat shows:
Intel(r) TXT Configuration Registers:
STS: 0x00000002
senter_done: FALSE
sexit_done: TRUE
mem_config_lock: FALSE
private_open: FALSE
locality_1_open: FALSE
locality_2_open: FALSE
ESTS: 0x00
txt_reset: FALSE
E2STS: 0x0000000000000004
secrets: FALSE
ERRORCODE: 0x00000000
DIDVID: 0x00000001b0068086
vendor_id: 0x8086
device_id: 0xb006
revision_id: 0x1
FSBIF: 0xffffffffffffffff
QPIIF: 0x000000009d003000
SINIT.BASE: 0xd8ed0000
SINIT.SIZE: 327680B (0x50000)
HEAP.BASE: 0xd8f20000
HEAP.SIZE: 917504B (0xe0000)
DPR: 0x00000000d9000041
lock: TRUE
top: 0xd9000000
size: 4MB (4194304B)
PUBLIC.KEY:
2d 67 dd d7 5e f9 33 92 66 a5 6f 27 18 95 55 ae
77 a2 b0 de 77 42 22 e5 de 24 8d be b8 e3 3d d7
***********************************************************
TXT measured launch: FALSE
secrets flag set: FALSE
And then journalctl -u anti-evil-maid-unseal -u anti-evil-maid-seal
Dec 05 22:31:01 dom0 systemd[1]: Starting Anti Evil Maid unsealing...
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Mounting /dev/disk/by-uuid/736ff43e-2ef5-4f72-b98c-41f70e13d3e5 ("aem")...
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Initializing TPM...
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Copying sealed AEM secrets...
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: tcsd_changer_identify: identifying TPM
Dec 05 22:31:05 dom0 TCSD[455]: TrouSerS Config file /etc/tcsd.conf not found, using defaults.
Dec 05 22:31:05 dom0 tcsd[455]: TCSD TDDL[455]: TrouSerS ioctl: (25) Inappropriate ioctl for device
Dec 05 22:31:05 dom0 tcsd[455]: TCSD TDDL[455]: TrouSerS Falling back to Read/Write device support.
Dec 05 22:31:05 dom0 TCSD[456]: TrouSerS trousers 0.3.13: TCSD up and running.
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: tcsd_changer_identify: TPM identity: 4da352e7751e78517b1f7d85711cd4bb92c6096d
Dec 05 22:31:07 dom0 TCSD[494]: TrouSerS Config file /etc/tcsd.conf not found, using defaults.
Dec 05 22:31:07 dom0 tcsd[494]: TCSD TDDL[494]: TrouSerS ioctl: (25) Inappropriate ioctl for device
Dec 05 22:31:07 dom0 tcsd[494]: TCSD TDDL[494]: TrouSerS Falling back to Read/Write device support.
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Unmounting /dev/disk/by-uuid/736ff43e-2ef5-4f72-b98c-41f70e13d3e5 ("aem")...
Dec 05 22:31:07 dom0 TCSD[496]: TrouSerS trousers 0.3.13: TCSD up and running.
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Extending PCR 13, value 64e1273093ca8258eb7d5a92bb11780887f60cc4, device 70d75207-efb8-4098-b6bf-b3c1bef2abae...
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: tpm_z_srk: detecting whether SRK is password protected
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: Tspi_Key_CreateKey failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: tpm_z_srk: yes, SRK is password protected
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Prompting for SRK password...
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: Enter SRK password: anti-evil-maid-unseal: Correct SRK password
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Unsealing freshness token...
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: Unable to write output file
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Freshness token unsealing failed!
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: This is expected during the first boot from a particular
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: AEM media or after updating any of the boot components or
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: changing their configuration.
Dec 05 22:31:11 dom0 systemd[1]: anti-evil-maid-unseal.service: Main process exited, code=exited, status=1/FAILURE
Dec 05 22:31:11 dom0 systemd[1]: Failed to start Anti Evil Maid unsealing.
Dec 05 22:31:11 dom0 systemd[1]: anti-evil-maid-unseal.service: Unit entered failed state.
Dec 05 22:31:11 dom0 systemd[1]: anti-evil-maid-unseal.service: Failed with result 'exit-code'.
Dec 05 22:31:37 dom0 systemd[1]: Starting Anti Evil Maid sealing...
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: Enter owner password: Tspi_TPM_SetStatus failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: tpm_z_srk: detecting whether SRK is password protected
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: Tspi_Key_CreateKey failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: tpm_z_srk: yes, SRK is password protected
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Dec 05 22:31:39 dom0 systemd[1]: anti-evil-maid-seal.service: Main process exited, code=exited, status=1/FAILURE
Dec 05 22:31:39 dom0 systemd[1]: Failed to start Anti Evil Maid sealing.
Dec 05 22:31:39 dom0 systemd[1]: anti-evil-maid-seal.service: Unit entered failed state.
Dec 05 22:31:39 dom0 systemd[1]: anti-evil-maid-seal.service: Failed with result 'exit-code'.
I hope you can help me