Open
Description
Affected component(s) or functionality
Trenchboot AEM.
Brief summary
On my T14, after booting Qubes with AEM is selected, Grub will attempt to load in the SINIT file CFL_SINIT_20221220_PRODUCTION_REL_NT_O1_1.10.1_signed. As it is loading it in, the system reboots, and if I choose Qubes with AEM again, I get the following error:
I have verified that
- The Thinkpad is booting in legacy boot mode
- The SINIT binary one is the correct one (the CPU is an i7-10610U)
- Intel TXT is enabled
- Hyperthreading is enabled in firmware settings (Lenovo firmware does not require Hyperthreading to be enabled for TXT to work, but I know on Dell firmware it is a requirement so I kept it enabled there)
Version
p4-rc1
To Reproduce
Steps to reproduce the behavior:
- Import the signature at https://dl.3mdeb.com/open-source-firmware/QubesOS/p4-rc1/RPM-GPG-KEY-aem to rpm in dom0
- Add the repo at https://dl.3mdeb.com/open-source-firmware/QubesOS/p4-rc1/ to dom0
- qubes-dom0-update
- qubes-dom0-update anti-evil-maid
- Add the SINIT file to /boot, setup the TPM and installing AEM to the boot drive
- Reboot
Expected behavior
The system boots properly and I can setup AEM.
Actual behavior
The system reboots and I get TXT_ERRORCODE reports failure: 0xc00014f1.