HCL reports for the TrenchBoot Project.
In order to have a slight chance of success, you must meet the minimum hardware requirements. They will be briefly described here. The goal of this section is not to describe all of the requirements and details about them. It focuses on the most important ones and easiest to check by a regular user.
You need a Trusted Platform Module (TPM) of some sort. It may come as a discrete module attached to the board (dTPM), or as a firmware TPM (fTPM). Usually it's configurable in BIOS settings and enabled by default. In case of no TPM being detected by the tools, check the BIOS settings.
There are no prerequisites to check. AMD Zen or newer CPUs will likely not work in the current stage of development. Refer to this issue for further progress on this.
- Identify the model of your CPU by any means available:
- physical inspection
- Windows (e.g.
My Computer) - Linux (e.g.
lscpu) command
- Go to Intel Products page
and enter the CPU model name in the search bar (
e.g. i5-8500T) - Check whether the
Intel® Trusted Execution TechnologyinSecurity & Reliabilitytable is marked asYes. If you cannot find such entry, your CPU does not supportTXT, and you will not be able to use TrenchBoot. - Go into the BIOS settings of your machine and look for the
Trusted Execution Technology (TXT)option. It is usually disabled and must be enabled first. - With this set of preparation, you are good to try the HCL tools to see if your system is applicable for TrenchBoot.
- Go into meta-trenchboot releases and download the latest image.
- Flash the image to USB stick.
- Boot the image.
- Select
Boot Linux with TrenchBoot- login as:
root - execute
trenchboot-hcl-reportcommand
- login as:
- Select
Boot Linux with Xen (EFI)- login as:
root - execute
trenchboot-hcl-reportcommand
- login as:
You may either hava a Success (entry booted into Linux prompt), or a Failed
(typicaly rebooted into GRUB auomatically) test case. Please refer to the
explanation below.
By Success cases cases we mean those resulting in booting TrenchBoot
entries into Linux login prompt. If it fails to boot (e.g. platform reboots
automatically after selection), please refer to the next section.
Note: A bunch of
error: SINIT ACM does not match platform.or similar errors appearing on the screen after you select boot menu entry is still considered a success, as long asPress any key to continue...appears, and you will be able to boot into Linux prompt after that action.
Send a Pull Request with resulting .yml file and (optionally) .cpio.gz file
to this repository. The desired directory structure is automatically created by
the reporting tool.
The failure will usually result in a platform automatically rebooting after
selecting one of the TrenchBoot boot entries.
The directory structure must be altered manually right now. We cannot detect that the previous attempt was failed, as we do with Intel TXT.
- enter
Boot Linux normallyboot menu entry - login as:
root - execute
trenchboot-hcl-reportcommand - send a Pull Request with resulting
.ymlfile and (optionally).cpio.gzfile to:<version>/failure/linuxor<version>/failure/xendirectory in this repository, depending on which of the options failed to boot
In such a case:
- important - do not reboot or otherwise power cycle the platform by yourself; if you do, select the failing entry once again, and simply wait for the platform to reboot by itself
- enter
Boot Linux normallyboot menu entry - login as:
root - execute
trenchboot-hcl-reportcommand- at this point, the tool should detect that the previous attempt failed (Intel TXT error detected), and will suggest reporting a failure
Send a Pull Request with resulting .yml file and (optionally) .cpio.gz file
to this repository. The desired directory structure is automatically created by
the reporting tool.
In case of a different failures or problems regarding this HCL process, feel free to ask in the trenchboot-issues repository.