cancel
Showing results for 
Search instead for 
Did you mean: 
engineer17
Level 2
13 7 2 1
Message 1 of 4
2,688
Flag Post

Solved!

Intel Trusted Execution Technology

HP Recommended
Elitebook 1030 G3
Linux

Does anyone have any 8th generation (8350U or 8650U) based machine that has Intel Trusted Execution Technology working? It is offficially supported, however everytime my software (TBoot) runs the GETSEC instruction, the machine reboots, even without any policies or configuration setup... That usually boots right through.

 

I know historically HP has taken a few BIOS updates to get this working, however these machines have been out for almost 4-6 months now... I use the same exact flow I used on 7th gen machines (Kaby) and it works fine there. HP, please assist!

 

I know this is a professional feature, and usuallIy HP machines support it well... However I see little help in the forums because again, few people use this.

1 ACCEPTED SOLUTION

Accepted Solutions
engineer17
Author
Level 2
13 7 2 1
Message 4 of 4
Flag Post
HP Recommended

I thought I'd provide an update for those who run into this in the future.

 

I posted this issue to HP's security vulnerability site. HP investigated and found that the authentical code modules that Intel had on its web site did not match what HP's machines were expecting. HP worked with Intel and as of today new TXT ACMs are available at:

https://software.intel.com/en-us/articles/intel-trusted-execution-technology/

 

Looks like the issue is resolved now.

 

 

View solution in original post

3 REPLIES 3
engineer17
Author
Level 2
13 7 2 1
Message 2 of 4
Flag Post
HP Recommended

Greetings HP,

 

can you provide a response here? Intel Trusted Execution Technology is officially supported, though it usually seems like HP's first BIOS release always has problems with it. I often see a BIOS release down the line that says this fixes security or Intel ME or TXT that suddenly makes this work. However your machines with 8650U have been out for a while now and it still doesn't work. I've purchased multiple Elitebooks/ZBooks that have 8350U/8650U processors that should support this, but it reboots on all of them as soon as the GETSEC instruction is executed by TBOOT.

 

Is there a better support option here? It seems to be a BIOS issue (I get TBOOT error code that translates roughly into stating that the SMRR registers are not setup correctly). And all this works fine (same exact software image) on 8850H and Xeon E-2176M platforms, and those are newer machines. Please assist in enabling TXT flows on KabyLake-refresh platforms (8350U/8650U).

 

Note that the kaby lake refresh machines still use the 7th generation SINIT ACM 7th_gen_i5_i7_74.BIN and the 8850/E-2176M coffee lake platforms use 8th_gen_i5_i7_76.BIN SINIT ACM from Intel. Perhaps this is the difference?  

 

Please assist.

0 Kudos
David_J_W
Level 7
917 915 89 267
Message 3 of 4
Flag Post
HP Recommended

You are posting engineering questions in a forum that is primarily user-to-user. There are some HP employees and contractors that participate here, but more in a customer support scenario than entering into any sort of engineering discussion.

 

If you have any other route to escalate your issue within HP, I suggest you pursue that in parallel with your post here. It would be good if you fed back in the forums if you get a resolution.

 

 

TXT should work - but the reality is that firmware issues affecting an operating system factory image are far more likely to receive attention than firmware issues affecting a feature many people will not use.

0 Kudos
engineer17
Author
Level 2
13 7 2 1
Message 4 of 4
Flag Post
HP Recommended

I thought I'd provide an update for those who run into this in the future.

 

I posted this issue to HP's security vulnerability site. HP investigated and found that the authentical code modules that Intel had on its web site did not match what HP's machines were expecting. HP worked with Intel and as of today new TXT ACMs are available at:

https://software.intel.com/en-us/articles/intel-trusted-execution-technology/

 

Looks like the issue is resolved now.

 

 

View solution in original post

Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation