According to the txt spec if "secrets in memory" and ungraceful shutdown happened, you need to either boot with a trusted IBB that can scrub memory or if the IBB isn't trusted any more pull the CMOS battery to clear the sticky bit.
If clearing the TPM 'fixes' that for you that's a hardware bug.
View Change
To view, visit change 42711. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit-Project: coreboot
Gerrit-Branch: 4.11_branch
Gerrit-Change-Id: I89f87f6ce187c50334c2d3c477d3042528e27fbe
Gerrit-Change-Number: 42711
Gerrit-PatchSet: 1
Gerrit-Owner: Jonathan Zhang <jonzhang@fb.com>
Gerrit-Reviewer: Andrey Petrov <anpetrov@fb.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Patrick Rudolph <siro@das-labor.org>
Gerrit-Comment-Date: Tue, 23 Jun 2020 05:44:10 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
Gerrit-MessageType: comment