Integrity Servers
1832592 Members
3311 Online
110043 Solutions
New Discussion

rx2660 EFI Message, system switch into unsecure mode

 
SOLVED
Go to solution
marcelkoedijk
Frequent Advisor

rx2660 EFI Message, system switch into unsecure mode

Hi all,

I try to understand a message that i see in de EFI at the new models integrity server (RX6600, RX2660, BL860. Everytime i see the follow "informational" message in de EFI log.

Informational mesg: System switch into unsecure mode.

Who can explain this message to me?

I see it at any server i install.

thx




10 REPLIES 10
Torsten.
Acclaimed Contributor
Solution

Re: rx2660 EFI Message, system switch into unsecure mode

Not sure about this, but it could be related to the trusted platform module - see
http://docs.hp.com/en/5992-0553/ar01s04.html

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
marcelkoedijk
Frequent Advisor

Re: rx2660 EFI Message, system switch into unsecure mode

At the first, thx for your fast response.


I have try it at a rx2660 without this TPM module, so i cant configure it.

Can somebody confirm that this efi message is related to this optional chip?

And anyway why i should need that "security chip" what is the function of it?

And at least, if the chip is optional, can i disable the efi information message "system set insecure mode" somewhere?

Customers scared about messages like this (even if its informational). So i want te explain why it happens, and why there is een OPTIONAL security chip not in it.

Marcel
Torsten.
Acclaimed Contributor

Re: rx2660 EFI Message, system switch into unsecure mode

Just for my interest: where exactly do you get this message?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
marcelkoedijk
Frequent Advisor

Re: rx2660 EFI Message, system switch into unsecure mode

In the EFI log files.

Login at webbrowser http://ip login default Admin/Admin, then at the left you can see the log button.

Otherwise, at Managment Console ctrl+b login default Admin/Admin. Then choose "SL" (showlog), then "e" for errorloging.

Isnt a error or a caution log but informational but i want exact to know what it means. And why you should advise use the securitychip.
marcelkoedijk
Frequent Advisor

Re: rx2660 EFI Message, system switch into unsecure mode

In the EFI log files.

Login at webbrowser ILO http://ip login default Admin/Admin, then at the left you can see the log button.

Otherwise, at Managment Console ctrl+b login default Admin/Admin. Then choose "SL" (showlog), then "e" for errorloging.

Isnt a error or a caution log but informational but i want exact to know what it means. And why you should advise use the securitychip.
Sameer_Nirmal
Honored Contributor

Re: rx2660 EFI Message, system switch into unsecure mode

The TPM chip is a microcontroller that stores digital keys, passwords, and certificates. It's implementation is more or less similar to h/w crypto cards if you know about them.

More information could be found about TPM at
http://docs.hp.com/en/5991-7466/index.html
http://www.trustedcomputinggroup.org/faq/TPMFAQ/
http://www.hpl.hp.com/techreports/2002/HPL-2002-221.pdf?jumpid=reg_R1002_USEN

The information message you see indeed related to TPM support on these systems.

I see in the latest firmware versions of these servers, there is a support added for Trusted Platform Module v1.1 and v1.2 in the system firmware.
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=3346452&swItem=ux-55780-1&prodNameId=3346456&swEnvOID=2080&swLang=13&taskId=135&mode=4&idx=0

So you might want to verify it by checking the firmware versions on those servers.

Now since there is a TPM support in the system firmware, the event is basically generated by SFW, picked and shown by iLO MP in SL.

I doubt if you can disable that message with implicit TPM support in SFW. But I would check for help on sacconfig in EFI shell to see if there is any option to do so.
kris rombauts
Honored Contributor

Re: rx2660 EFI Message, system switch into unsecure mode

Marcel,

your customer does not have to worry, this information indicates that the boot phaze left the System Abstraction Layer (SAL) and goes into EFI.


BOOT_SWITCH_INSECURE_MODE is a normal event on all systems supporting signed firmware (rx3660, rx6660, BL860C, rx2660). It indicates we are leaving SAL and entering EFI, and as a result we are leaving the trusted area of firmware.


EFI is a less secure environment since at shell level a user can interact and execute commands, so this is less secure then firmware level where no one can obviously access or interact.

HTH

Kris
marcelkoedijk
Frequent Advisor

Re: rx2660 EFI Message, system switch into unsecure mode

thx for all response, thread closed ;)
marcelkoedijk
Frequent Advisor

Re: rx2660 EFI Message, system switch into unsecure mode

read above for solution
Torsten.
Acclaimed Contributor

Re: rx2660 EFI Message, system switch into unsecure mode

Please read this too:
http://forums12.itrc.hp.com/service/forums/helptips.do?#33




The solution sounds reasonable - thank's Kris!




Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!