ESXi host platform reset behavior with Intel TPM/TXT's reset attack protection feature
Article ID: 319550
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
- In ESXi 7.0, TPM/TXT's reset attack protection is enabled by default. If TXT is enabled, when a platform is reset in an ungraceful manner either by reset attack or a sudden warm reset, during subsequent warm boot, BIOS can detect the ungraceful reset and flag an UEFI error similar to the following:
UEFI0046: An issue is observed in the previous invocation of TXT SINIT Authenticated Code Module (ACM) because the TXT information stored in the TPM chip may be corrupted. Do one of the following:
1) Update the BIOS firmware.
2) Go to System Setup >System Security page, click the "Clear" option under TPM command. Restart the system, go to System Setup > System Security page, click the "Activate" option under TPM command, and then enable TXT.
1) Update the BIOS firmware.
2) Go to System Setup >System Security page, click the "Clear" option under TPM command. Restart the system, go to System Setup > System Security page, click the "Activate" option under TPM command, and then enable TXT.
- The following error is observed in iDRAC, iLO, or similar interfaces:
SINIT Authenticated Code Module detected an Intel Trusted Execution Technology(TXT) problem at boot.
Environment
VMware vSphere ESXi 7.0.x
VMware vSphere ESXi 8.0.x
Cause
Intel's TPM/TXT technology provides features to launch a trusted environment on a platform. Reset attack protection is one among them. It is implemented in ESXi 7.0. With reset attack protection feature, MLE sets a secrets flag in TPM security memory when secrets are stored in TPM. With secrets in TPM, when a platform is reset in an ungraceful manner either by reset attack or a sudden warm reset, during subsequent warm boot, BIOS can detect that the secrets bit is never de-asserted and perform either of the following action:
- BIOS interprets the related TXT error code, calls into the ACM to clear the memory contents before unlocking memory, clears the TXT Error code, then enters the normal boot flow. The MLE launch will proceed as normal. This is Intel’s desired workflow for BIOS implementation.
- BIOS does not clear TXT error code and de assert secrets bit for TPM. Instead it flags the error code, stops the boot flow until user intervenes and performs either a cold reset or continues boot flow with TXT error. In latter case, trusted launch will not be allowed due to TXT error. In the former case, cold reset will clear the error, reset secrets and allow trusted boot to continue. This is the behavior if BIOS implementation does not address the TXT error code.
Error message noted in the previous section is due to BIOS flagging the error per (2).
Resolution
- The error message is the expected behavior when platform is reset in an ungraceful manner and BIOS does not implement Intel's desired workflow.
- By performing a "cold reboot" after a sudden reboot, TPM/TXT error can be cleared and ESXi can perform a normal, trusted launch.
Feedback
Yes
No
Powered by
