Bug ID 1312225: System Integrity Status: Invalid with some Engineering Hotfixes

Last Modified: Nov 02, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.4,,,,,,, 14.1.5,,,,,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,, 17.0.0,,, 17.1.0,,,, 17.1.1

Opened: Jun 26, 2023

Severity: 3-Major


After installing an Engineering Hotfix, when to attempt to verify the TPM system integrity with either the "tpm-status" or "tmsh run sys integrity status-check" command, the following error massage may appear: System Integrity Status: Invalid Running the "tpm-status" command with a Verbosity of 1 (or greater) reveals the following detail: Verifying system integrity... ... The signature in 17 is valid Output wrong commandline parameters cmdline is *ro ima_hash=sha256 mce=ignore_ce * The pcr value in 17 is invalid. ... System Integrity Status: Invalid


The TPM System Integrity Status is shown as Invalid. This may incorrectly suggest that system integrity has been compromised.


This may occur if the Engineering Hotfix contains changes which cause the following packages to be included in the Engineering Hotfix ISO: -- sirr-tmos -- tboot But the Engineering Hotfix ISO does not contain the following package: -- nash-initrd The contents of the Engineering Hotfix ISO can be checked using the 'isoinfo' utility: isoinfo -Rf -i <path/to/Hotfix-*.iso> | grep -e sirr -e tboot -e nash



Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips