Last Modified: Dec 05, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2
Fixed In:
16.1.5
Opened: Jun 26, 2023 Severity: 3-Major
After installing an Engineering Hotfix, when to attempt to verify the TPM system integrity with either the "tpm-status" or "tmsh run sys integrity status-check" command, the following error massage may appear: System Integrity Status: Invalid Running the "tpm-status" command with a Verbosity of 1 (or greater) reveals the following detail: Verifying system integrity... ... The signature in 17 is valid Output wrong commandline parameters cmdline is *ro ima_hash=sha256 mce=ignore_ce * The pcr value in 17 is invalid. ... System Integrity Status: Invalid
The TPM System Integrity Status is shown as Invalid. This may incorrectly suggest that system integrity has been compromised.
This may occur if the Engineering Hotfix contains changes which cause the following packages to be included in the Engineering Hotfix ISO: -- sirr-tmos -- tboot But the Engineering Hotfix ISO does not contain the following package: -- nash-initrd The contents of the Engineering Hotfix ISO can be checked using the 'isoinfo' utility: isoinfo -Rf -i <path/to/Hotfix-*.iso> | grep -e sirr -e tboot -e nash
None
None