-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/20/2017 09:42 AM, [email protected] wrote: > On Thursday, 20 July 2017 15:18:26 UTC+8, Patrik Hagara wrote: > >> Try checking the tboot log (from dom0) for any obvious error >> messages: sudo txt-stat > > Thanks. I did this, but I'm not sure how to interpret the > information. It does say "TXT measures launch: FALSE". Does that > mean that TXT is not available? > > Here's the output of the command: > > Intel(r) TXT Configuration Registers: STS: 0x00000082 senter_done: > FALSE sexit_done: TRUE mem_config_lock: FALSE private_open: TRUE > locality_1_open: FALSE locality_2_open: FALSE ESTS: 0x00 txt_reset: > FALSE E2STS: 0x0000000000000004 secrets: FALSE ERRORCODE: > 0x00000000 DIDVID: 0x00000001b0068086 vendor_id: 0x8086 device_id: > 0xb006 revision_id: 0x1 FSBIF: 0xffffffffffffffff QPIIF: > 0x000000009d003000 SINIT.BASE: 0x00000000 SINIT.SIZE: 0B (0x0) > HEAP.BASE: 0x00000000 HEAP.SIZE: 0B (0x0) DPR: 0x0000000000000000 > lock: FALSE top: 0x00000000 size: 0MB (0B) PUBLIC.KEY: 2d 67 dd d7 > 5e f9 33 92 66 a5 6f 27 18 95 55 ae 77 a2 b0 de 77 42 22 e5 de 24 > 8d be b8 e3 3d d7 > > *********************************************************** TXT > measured launch: FALSE secrets flag set: FALSE > *********************************************************** unable > to find TBOOT log >
This looks to me like tboot either wasn't loaded at all or memory logging is disabled. Check the tboot cmdline used -- search for the following in /boot/grub2/grub.cfg: multiboot /tboot.gz placeholder logging=memory,serial If memory logging is enabled, try adding vga there too (plus a delay to be able to read the output): multiboot /tboot.gz placeholder logging=memory,serial,vga vga_delay=10 You'll have 10 seconds per screenfull of tboot log messages, may as well take photos. :) Cheers, Patrik -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZcGKQAAoJEFwecd8DH5rlzoIQAKVWGdgh0jy+eR6Lx292zmlb ZDFtbeQaothuOLw4O0ZhJojGObmQLBaXjH7L8tveTiBaa1P5GH49W9Vll4eVyeyo fQ9RicCUexvMBTxvZ/bpdGG+SJYirK6Ky2qVv4m/7aipMAf9aCbg4wZ25PBlMePn Brjg8vzFXoW+0n00EpDQ1EHdq8sUe2bfVNGQallnbgPwVm6SPQ2BWY3+LdXeMjKT Ra6cyt/iQHne0Iy6y0BCWhjSfk74KJ4Uy8Gs8CTvSUC3rIHAdBFoL30kZ5VMcRBe 4r7dFs1+a1DuzjMXySBxsbR1G6VgjVqikxYTvM+M6MuBWrr97wFHTOLEf0xQIcuV T0wSHoMjpqnd0OJUBWVe2bAFpvBRRRTeetc1P+J40QKQ73COBqpUF+Pohamw8ox8 bxzb68FdcfengVuskft843MCHgNMe4LCUCRK+yv0X586sSXSs+69yCe/JSWbtCmJ aU87+qvNeV4jZugWrZQ2THX+QOIyRJu0acUzJY2hGFMRBmAgY2NqD6x3MNq/Tpgx jk3+K8LoA/KGm2aBAnP5rqjLDsYHeVlTlX7fcWry9s1rfv+5jI6J2+yG0YxWNWPo m3BlOhK3rnoEqUf6/ERedtwkc3UxPtOszlvwhjxiUSTc0jo6ZU2EP9+phoTRpNcb /+cqdp81EapfFWbp9qnb =c6f7 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25b46087-ec45-d77a-9d16-bcd1220c79fa%40gmail.com. For more options, visit https://groups.google.com/d/optout.
0x031F9AE5.asc
Description: application/pgp-keys
0x031F9AE5.asc.sig
Description: PGP signature
