m900 tower port + TPM1 counter auth and defend lock fixes#2118
m900 tower port + TPM1 counter auth and defend lock fixes#2118tlaurion wants to merge 15 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR ports the Lenovo M900 Tower (Skylake/Kaby Lake LGA1151 mini-tower) to Heads with two board variants (maximized, hotp-maximized), plus targeted TPM1 reliability fixes in tpmr.sh so that auth-failure detection and tpm1_reset() recover from the TPM_DEFEND_LOCK_RUNNING state after multiple bad passphrases. Documentation in doc/tpm.md is expanded with TPM1 vs TPM2 error-stream conventions, auth grep patterns, and the defend-lock recovery flow.
Changes:
- New
EOL_m900_tower-{maximized,hotp-maximized}boards with shared coreboot/linux configs and an ME blob preparation pipeline (download → me_cleaner → deguard). - TPM1 auth grep patterns extended to include
defend/0x98e/0x149;tpm1_reset()cycles physical presence ondefend lock runningafterforceclear. - CircleCI: two new build jobs (depend on the existing
EOL_t480-hotp-maximized25.09 seed).
Reviewed changes
Copilot reviewed 10 out of 14 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| boards/EOL_m900_tower-maximized/EOL_m900_tower-maximized.config | New maximized board config (no HOTP). |
| boards/EOL_m900_tower-hotp-maximized/EOL_m900_tower-hotp-maximized.config | New hotp-maximized variant. |
| config/coreboot-m900-maximized.config | Coreboot 25.09 config for Lenovo M900. |
| config/linux-m900.config | Linux 6.1.8 kernel config for the board. |
| targets/m900_me_blobs.mk | Make rules tying the ME blob script into the board build. |
| blobs/m900/m900_download_clean_deguard_me.sh | Downloads ASRock BIOS, neuters/deguards ME 11.6.0.1126. |
| blobs/m900/README.md | Blob layout, sources and integrity notes. |
| blobs/m900/hashes.txt | SHA256 of ME/IFD/GBE blobs. |
| blobs/m900/.gitignore | Ignores generated me.bin/m900_me.bin. |
| initrd/bin/tpmr.sh | Adds defend-lock detection in auth-retry grep and tpm1_reset() recovery sequence. |
| doc/tpm.md | New sections on TPM1/TPM2 auth error patterns and defend-lock recovery. |
| .circleci/config.yml | Adds the two M900 board build jobs (depending on the 25.09 seed). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tlaurion
force-pushed
the
m900_with_tpm1_fixes
branch
2 times, most recently
from
78366db to
a9cd1fc
Compare
tlaurion
force-pushed
the
m900_with_tpm1_fixes
branch
from
a9cd1fc to
d8d7665
Compare
tlaurion
force-pushed
the
m900_with_tpm1_fixes
branch
3 times, most recently
from
863c9b7 to
6919d44
Compare
|
the fix did not help. |
PR #2068 (tpm_reseal_ux-integrity_report-detect_disk_and_tpm_swap, merged at d3d8053) changed increment_tpm_counter from hardcoded -pwdc '' (empty counter auth) to -pwdc "${tpm_passphrase:-}" (owner passphrase from cache/prompt), but left check_tpm_counter using empty -pwdc when called from kexec-sign-config.sh without a $3 passphrase argument. This caused every counter increment to compute SHA1(owner_pass) while the counter was created with SHA1("") - persistent TPM_AUTH_FAIL. Per TCG TPM Main Spec Part 3, TPM_CreateCounter uses owner auth (-pwdo) but TPM_IncrementCounter uses the counter's own authData, not the owner password. The correct design for Heads' rollback counter is empty auth: rollback security comes from the signed /boot/kexec_rollback.txt and TPM sealing, not counter access control. The repeated auth failures (3 per boot x ~5 boots via the _tpm_auth_retry loop) triggered TPM 1.2 dictionary-attack lockout (TPM_DEFEND_LOCK_RUNNING), which persisted through forceclear on some implementations, causing tpm takeown to fail and TPM reset to abort - a cascade failure from the counter auth mismatch. Changes: - initrd/bin/tpmr.sh (_tpm_auth_retry, tpm2_counter_inc, tpm2_seal, tpm1_seal): add 'defend' and '0x98e|0x149' to auth detection grep patterns so defend lock and TPM2 RC codes are treated as retryable auth failures rather than fatal errors - initrd/bin/tpmr.sh (tpm1_reset): detect defend lock after takeown failure and cycle physical presence to clear the lock state before retrying; full AC power cycle remains the fallback if software presence is insufficient - initrd/bin/tpmr.sh (tpm1_counter_increment): detect -pwdc '' and call tpm directly, bypassing _tpm_auth_retry which injected the owner passphrase. Use || return to survive set -e on expected auth failure. - initrd/etc/functions.sh (check_tpm_counter): pass -pwdc '' instead of -pwdc "${tpm_passphrase:-}" so counters use SHA1("") per TCG spec. Document that $3 is intentionally ignored. - initrd/etc/functions.sh (increment_tpm_counter): try -pwdc '' first for TPM1. If that fails on a readable counter (created by PR #2068 era code), prompt for owner passphrase and retry as migration fallback with clear WARN explaining the one-time migration and TPM reset option. - initrd/etc/functions.sh (increment_tpm_counter): remove the TPM1-specific owner-passphrase prompt block added by PR #2068 - initrd/etc/functions.sh (increment_tpm_counter): DIE-path fallback counter_create: -pwdc '' for consistency - initrd/bin/oem-factory-reset.sh: counter_create -pwdc '' for consistency with the empty-auth design - doc/tpm.md: document TPM1 boot chain, tpmtotp tool selection, auth retry patterns, defend lock recovery, and physical presence Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
force-pushed
the
m900_with_tpm1_fixes
branch
from
6919d44 to
9d1e115
Compare
tlaurion
changed the title
went down the rabbit hole and found the regression and created fix pushed onto #2117 and rebased on top of it. |
tlaurion
force-pushed
the
m900_with_tpm1_fixes
branch
2 times, most recently
from
31e8838 to
3e31d39
Compare
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…900_tower board Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: notgivenby <notgivenby@gmail.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- blobs/m900/README.md: fix blob filenames, spelling (paritally->partially, Unfourtunatly->Unfortunately, layot->layout) - blobs/m900/m900_download_clean_deguard_me.sh: fix Dell->ASRock comment - boards/EOL_m900_tower-*: fix m900_tiny->m900_tower, fix ME script path, add 'tower' to CONFIG_BOARD_NAME - targets/m900_me_blobs.mk: rewrite header with accurate instructions Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
force-pushed
the
m900_with_tpm1_fixes
branch
from
3e31d39 to
22ca620
Compare
m900 ME blob download/deguard script was not wired into the x86_blobs CI job. Add it after the xx80 steps, following the same pattern as other board families. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
force-pushed
the
m900_with_tpm1_fixes
branch
from
8838b18 to
3ef9c50
Compare
|
@notgivenby hopefully this works. Added m900 blobs download in circleci so it downloads it once and reuses cache if already there and checksums match, reworked the script to reuse lib added, and fixups for tpm1. Keep me posted. Hopefully #2117 (we are based on it here) fixes your issue. |
|
You invested really a lot of time into debugging...I do not want to misuse you and your time here. Please let me known if @tlaurion you think we need to stop the attempts to port let us say not most popular board for only few people. The issue still maybe releveant for other ports who knows. For future attemps, perhaps I need to select a desktop board from other vendor perhaps with tpm2? |
@notgivenby this has nothing specific to m900, outside of the fact aht as opposed to tpm2, we do not configure the dictionary attack config (how many attempt per timeframe nor resolution period). As said under #2117 , master contains a regression for how we do counter create and how we increment the counter. |
Supersedes #2111, rebased on #2117 (tpm1_fixes).
This PR merges the m900 tower board port with the TPM1 fixes from PR #2117.
Board port (notgivenby's commits):
TPM1 fixes from PR #2117 (included via rebase on tpm1_fixes):
@notgivenby so you can test artifacts.