I am trying to perform a simple trusted boot on SLES 12 SP2 with TPM 2.0 and
EFI mode. I can verify that TXT works using getsec64.efi and performing SENTER,
setting the secrets flag, rebooting and doing SENTER then SEXIT. When I select
the "tboot 1.9.4" entry in grub2, my server pauses for a bit
Dell - Internal Use - Confidential
> -Original Message-
> From: Dr. Greg Wettstein [mailto:g...@wind.enjellic.com]
> Sent: Friday, December 9, 2016 02:33
> To: Gilbert, Travis ; tboot-
> de...@lists.sourceforge.net
> Cc: bluc...@sgi.com
> Subject: Re: [tboot-devel] TPM 2.0 + TXT + EFI tb
> -Original Message-
> From: Dr. Greg Wettstein [mailto:g...@wind.enjellic.com]
> Sent: Wednesday, December 14, 2016 03:21
> To: Gilbert, Travis ; tboot-
> de...@lists.sourceforge.net
> Subject: Re: [tboot-devel] TPM 2.0 + TXT + EFI tboot
>
> On Dec 13, 7:56pm, wrote:
> } Subject: Re:
Okay new update. I tracked the issue down to the ACM saying the PO hash
algorithm mask is 0. Here is the script I'm running to create and write the
policy.
I'm passing the algorithm in to the lcp2_crtpol command. Why isn't it writing
that to the algorithm mask?
I'm currently analyzing the poli
> -Original Message-
> From: Gilbert, Travis
> Sent: Thursday, December 15, 2016 11:38
> To: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] TPM 2.0 + TXT + EFI tboot
>
> Okay new update. I tracked the issue down to the ACM saying the PO hash
> algorithm mask is 0. Here is t
Housekeeping patch to ignore TPM 2.0 LCP tool binaries.
Signed-off-by: Travis Gilbert
--- a/.hgignore Tue Jun 20 10:03:48 2017 -0700
+++ b/.hgignore Mon Jul 03 14:17:19 2017 -0500
@@ -44,6 +44,11 @@
^lcptools/lcp_crtpolelt$
^lcptools/lcp_crtpollist$
^lcptools/trousers_dep$
+^lcptools-v2/lcp2_
This patch adds a check for the grub2 location of grub-mkconfig_lib. I'm not
sure this is the best place to be patching this based on my perusing of grub2's
files, but I couldn't see a better way. At least for a default Xen SLES 12 SP2
this fixes errors with grub2-mkconfig after a "make install"
I found during my investigations that the TPM 2.0 versions of the LCP tools (in
lcptools-v2) aren’t writing fully valid policies. One of the first things I
encountered is that with a newer Intel ACM, it noticed that my generated
policies had their algorithm set (SHA-256 = 0xB), but the allowed a
Dell - Internal Use - Confidential
This is a significant patch that corrects omissions I found in the lcptools-v2
utilities. It adds definitions based on the Intel TXT Software Development
Guide
(https://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development-guide.
> -Original Message-
> From: Gilbert, Travis
> Sent: Wednesday, July 19, 2017 12:02
> To: tboot-devel@lists.sourceforge.net
> Subject: [tboot-devel] [patch] TPM2.0 LCPv2 Tool Patch
>
> This is a significant patch that corrects omissions I found in the lcptools-v2
> utilities. It adds defin
Dell - Internal Use - Confidential
> -Original Message-
> From: Xiao Li [mailto:xiao.li@gmail.com]
> Sent: Sunday, July 23, 2017 19:53
> To: Gilbert, Travis
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] [patch] TPM2.0 LCPv2 Tool Patch
>
> Hi Travis,
>
> Than
>From: Sant Y [mailto:satish.va...@gmail.com]
>Sent: Friday, July 20, 2018 05:03
>To: tboot-devel@lists.sourceforge.net
>Subject: [tboot-devel] Fwd: TXT/TPM 2.0 and tboot Launch control policy
>
>Hello tboot devs!
>
>I wish to revive this old discussion, on generating LCP for TPM2. There were
>a
> -Original Message-
> From: Sant Y [mailto:satish.va...@gmail.com]
> Sent: Monday, July 30, 2018 07:41
> To: Gilbert, Travis
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] Fwd: TXT/TPM 2.0 and tboot Launch control
> policy
>
> On Sat, Jul 21, 2018 at 6:54 PM, Sant Y
> -Original Message-
> From: Sant Y [mailto:satish.va...@gmail.com]
> Sent: Thursday, August 2, 2018 10:59
> To: Gilbert, Travis
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] Fwd: TXT/TPM 2.0 and tboot Launch control
> policy
>
> On Thu, Aug 2, 2018 at 3:35 AM, wro
> -Original Message-
> From: Paul Moore (pmoore2) via tboot-devel de...@lists.sourceforge.net>
> Sent: Tuesday, November 5, 2019 16:50
> To: lukasz.hawry...@linux.intel.com; tboot-devel@lists.sourceforge.net
> Subject: [tboot-devel] Creating a TXT/tboot policy suitable for a modern
> syste
> -Original Message-
> From: Paul Moore (pmoore2)
> Sent: Tuesday, November 5, 2019 19:28
> To: Gilbert, Travis
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: Creating a TXT/tboot policy suitable for a modern system with
> TXT+TPM2
>
> On Tue, 2019-11-05 at 23:02 +, travis.gil
> -Original Message-
> From: Paul Moore (pmoore2)
> Sent: Friday, November 8, 2019 11:19
> To: lukasz.hawry...@linux.intel.com; Gilbert, Travis
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] Creating a TXT/tboot policy suitable for a modern
> system with TXT+TPM2
>
>
> -Original Message-
> From: Lukasz Hawrylko
> Sent: Wednesday, November 13, 2019 08:24
> To: Gilbert, Travis; pmoo...@cisco.com
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] Creating a TXT/tboot policy suitable for a modern
> system with TXT+TPM2
>
>
> Thank you f
> -Original Message-
> From: Paul Moore (pmoore2)
> Sent: Wednesday, November 13, 2019 09:51
> To: lukasz.hawry...@linux.intel.com; Gilbert, Travis
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] Creating a TXT/tboot policy suitable for a modern
> system with TXT+TPM2
19 matches
Mail list logo
