Anti Evil Maid / PCR sanity check failed

User Support
1

I recently had a fresh installation(legacy boot) of Qubes OS on my Thinkpad X260. Everything seems to work absolutely good. I decide to install anti-evil-maid and configure my system.

I followed the steps of github.

  1. echo 14 >/sys/class/tpm/tpm0/ppi/request to clear the tpm.
  2. Take ownership of the tpm and set srk passwd
  3. Install anti-evil-maid on /dev/sda1 (boot partition)
  4. Start-enable tcsd
  5. Copy on /boot partition the RIGHT sinit module.
  6. Reboot the system
  7. Choose Aem Qubes and set the correct passwd to unseal the secrets.
  8. Enter my disk passphrase but on the left corner i see a message “PCR sanity check failed”

Then my txt-stat shows:

Intel(r) TXT Configuration Registers:
	STS: 0x00000002
	    senter_done: FALSE
	    sexit_done: TRUE
	    mem_config_lock: FALSE
	    private_open: FALSE
	    locality_1_open: FALSE
	    locality_2_open: FALSE
	ESTS: 0x00
	    txt_reset: FALSE
	E2STS: 0x0000000000000004
	    secrets: FALSE
	ERRORCODE: 0x00000000
	DIDVID: 0x00000001b0068086
	    vendor_id: 0x8086
	    device_id: 0xb006
	    revision_id: 0x1
	FSBIF: 0xffffffffffffffff
	QPIIF: 0x000000009d003000
	SINIT.BASE: 0xd8ed0000
	SINIT.SIZE: 327680B (0x50000)
	HEAP.BASE: 0xd8f20000
	HEAP.SIZE: 917504B (0xe0000)
	DPR: 0x00000000d9000041
	    lock: TRUE
	    top: 0xd9000000
	    size: 4MB (4194304B)
	PUBLIC.KEY:
	    2d 67 dd d7 5e f9 33 92 66 a5 6f 27 18 95 55 ae 
	    77 a2 b0 de 77 42 22 e5 de 24 8d be b8 e3 3d d7 

***********************************************************
	 TXT measured launch: FALSE
	 secrets flag set: FALSE

And then journalctl -u anti-evil-maid-unseal -u anti-evil-maid-seal

Dec 05 22:31:01 dom0 systemd[1]: Starting Anti Evil Maid unsealing...
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Mounting /dev/disk/by-uuid/736ff43e-2ef5-4f72-b98c-41f70e13d3e5 ("aem")...
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Initializing TPM...
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Copying sealed AEM secrets...
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: tcsd_changer_identify: identifying TPM
Dec 05 22:31:05 dom0 TCSD[455]: TrouSerS Config file /etc/tcsd.conf not found, using defaults.
Dec 05 22:31:05 dom0 tcsd[455]: TCSD TDDL[455]: TrouSerS ioctl: (25) Inappropriate ioctl for device
Dec 05 22:31:05 dom0 tcsd[455]: TCSD TDDL[455]: TrouSerS Falling back to Read/Write device support.
Dec 05 22:31:05 dom0 TCSD[456]: TrouSerS trousers 0.3.13: TCSD up and running.
Dec 05 22:31:05 dom0 anti-evil-maid-unseal[359]: tcsd_changer_identify: TPM identity: 4da352e7751e78517b1f7d85711cd4bb92c6096d
Dec 05 22:31:07 dom0 TCSD[494]: TrouSerS Config file /etc/tcsd.conf not found, using defaults.
Dec 05 22:31:07 dom0 tcsd[494]: TCSD TDDL[494]: TrouSerS ioctl: (25) Inappropriate ioctl for device
Dec 05 22:31:07 dom0 tcsd[494]: TCSD TDDL[494]: TrouSerS Falling back to Read/Write device support.
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Unmounting /dev/disk/by-uuid/736ff43e-2ef5-4f72-b98c-41f70e13d3e5 ("aem")...
Dec 05 22:31:07 dom0 TCSD[496]: TrouSerS trousers 0.3.13: TCSD up and running.
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Extending PCR 13, value 64e1273093ca8258eb7d5a92bb11780887f60cc4, device 70d75207-efb8-4098-b6bf-b3c1bef2abae...
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: tpm_z_srk: detecting whether SRK is password protected
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: Tspi_Key_CreateKey failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: tpm_z_srk: yes, SRK is password protected
Dec 05 22:31:07 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Prompting for SRK password...
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: Enter SRK password: anti-evil-maid-unseal: Correct SRK password
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Unsealing freshness token...
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: Unable to write output file
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: Freshness token unsealing failed!
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: This is expected during the first boot from a particular
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: AEM media or after updating any of the boot components or
Dec 05 22:31:11 dom0 anti-evil-maid-unseal[359]: anti-evil-maid-unseal: changing their configuration.
Dec 05 22:31:11 dom0 systemd[1]: anti-evil-maid-unseal.service: Main process exited, code=exited, status=1/FAILURE
Dec 05 22:31:11 dom0 systemd[1]: Failed to start Anti Evil Maid unsealing.
Dec 05 22:31:11 dom0 systemd[1]: anti-evil-maid-unseal.service: Unit entered failed state.
Dec 05 22:31:11 dom0 systemd[1]: anti-evil-maid-unseal.service: Failed with result 'exit-code'.
Dec 05 22:31:37 dom0 systemd[1]: Starting Anti Evil Maid sealing...
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: Enter owner password: Tspi_TPM_SetStatus failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: tpm_z_srk: detecting whether SRK is password protected
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: Tspi_Key_CreateKey failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: tpm_z_srk: yes, SRK is password protected
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Dec 05 22:31:39 dom0 anti-evil-maid-seal[1865]: PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Dec 05 22:31:39 dom0 systemd[1]: anti-evil-maid-seal.service: Main process exited, code=exited, status=1/FAILURE
Dec 05 22:31:39 dom0 systemd[1]: Failed to start Anti Evil Maid sealing.
Dec 05 22:31:39 dom0 systemd[1]: anti-evil-maid-seal.service: Unit entered failed state.
Dec 05 22:31:39 dom0 systemd[1]: anti-evil-maid-seal.service: Failed with result 'exit-code'.

I hope you can help me

1 Like
2

Hi @sebuq. I’ve added some formatting to your post to make it easier to read. In the future you also can use markdown to format code in your posts.

2 Likes
3

I stuck in a non-stop boot loop. As I mentioned sinit file is the right one. I read some old posts in github and I think that I must change something in xen . I removed iommu=no-igfx (some people mentioned that qubes exit from boot loop after that) without success :frowning:

Any idea?

4

After many days and efforts anti-evil-maid not seem to work. Maybe the problem fix in a new version of qubes os or updates in anti-evil-maid. Also Tboot version automatically installed with anti-evil maid is a 2014 version (tboot-1:1.8.2-3.fc23.x86_64).

Anti evil maid guide is incomplete and missing some updates from tboot guide.

1 Like
5

After some searching I found at intel’s website that the problem has to do with the older versions of tboot (tboot-1:1.8.2-3.fc23.x86_64) and specifically for the sinit module that I use " 6th_7th_gen_i5_i7-SINIT_79.bin". Problem solved by upgrading to the new tboot version. I will wait for the tboot upgrade.

secret.txt sealed successfully.
anti-evil-maid.conf configured to new --pcr 20 --pcr 21 --pcr 22

2 Likes
6

I read the latest " [Intel® Trusted Execution Technology (Intel® TXT): Software Development Guide]" of January 2021 and in the section of PCR usage mentioned that “Legacy PCR usage is no longer supported by Intel ® TXT”.

What does that mean exactly?

1 Like