subject:"\[tboot\-devel\] no console will be available to OS"

Re: [tboot-devel] no console will be available to OS

2016-08-11 Thread Sun, Ning

There is an Intel TXT enabling guide from Intel website: 
https://software.intel.com/en-us/articles/intel-trusted-execution-technology-intel-txt-enabling-guide#_Toc383534400.

-ning


-Original Message-
From: Jason Zaman [mailto:ja...@perfinion.com] 
Sent: Wednesday, August 10, 2016 10:36 PM
To: Brian E Luckau 
Cc: 'tboot-devel@lists.sourceforge.net' 
Subject: Re: [tboot-devel] no console will be available to OS

On Wed, Aug 10, 2016 at 07:51:16PM -0600, Brian E Luckau wrote:
> Hey, 1.9.4 worked a lot better for me! I had tried a similar exercise 
> ca few weeks ago with whatever was the latest build at the time, but 
> could have been doing something else wrong for all I know.
> 
> This time, I took the same configuration that I mentioned from 30 
> minutes ago but with tboot 1.9.4 and now it is booting. Hopefully I 
> can move on to the next steps in using Trusted Boot.

The documentation for this all is a bit all over the place. I tried to document 
it all in the gentoo wiki when I got things working from help from this ML.
https://wiki.gentoo.org/wiki/Trusted_Boot

> On 08/10/2016 07:26 PM, Brian E Luckau wrote:
> > Thank you for the tips.  I had indeed been trying to get output on 
> > serial as well but not getting anything.
> > I got serial output to happen successfully this time; this is my 
> > current line in grub.cfg:
> >
> > multiboot2  /tboot.gz /tboot.gz logging=serial,memory,vga 
> > loglvl=all serial=115200,8n1,0x2f8
> >
> > Now I'm able to get more information on serial (after adding that 
> > serial= entry)
> >
> > It turns out it is hanging at
> >
> > TBOOT: transfering control to kernel @0x100...
> >
> > SO... I would venture to say people who write in with the "no 
> > console will be available to OS" problem are barking up the wrong 
> > tree, like I was. If you can get the serial output then more might 
> > come to light about what is really happening.
> >
> > We may need to try this on better TXT-enabled hardware with the 
> > right BIOS. However, I'm confused at the fact that it hangs here if 
> > we are using UEFI but not if we are using legacy grub.

Tboot isnt a UEFI aware thing, so you still need to have some compat stuff 
turned on. In my Thinkpad T440s, I have to enable "CSM" otherwise it just dies. 
With CSM enabled, UEFI+grub2+multiboot2 works fine tho.
https://wiki.gentoo.org/wiki/Trusted_Boot#BIOS_configuration

Another thing you can try, if it is resetting and you want to be sure that its 
happening after tboot, put a while(1) {} in tboot right before the jump to the 
kernel and see if it hangs.

You can also boot into the UEFI shell after a reset and run "mem fed30030 4" 
and see what the error code was set to when it died.

-- Jason

> >
> > I'm accustomed to the system booting regardless of whether you have 
> > the hardware, bios, etc. for it. You just would not get a measured 
> > boot.  So, still scratching my head here.
> >
> >
> > -- Brian
> >
> > On 07/31/2016 01:54 PM, Brian Luckau wrote:
> >> Re: [tboot-devel] no console will be available to OS Will try that 
> >> when I Wade back onto it again. Last week tried we could get it to 
> >> work with legacy bios but not EFI
> >>
> >> -Original Message-
> >> *From: *Jason Zaman [ja...@perfinion.com 
> >> ]
> >> *Sent: *Sunday, July 31, 2016 09:51 AM Central Standard Time
> >> *To: *Justin King-Lacroix
> >> *Cc: *tboot-devel@lists.sourceforge.net
> >> *Subject: *Re: [tboot-devel] no console will be available to OS
> >>
> >> On Fri, Jul 29, 2016 at 01:01:46PM -0700, Justin King-Lacroix wrote:
> >> > Nope, doesn't work on (at least) recent Lenovo laptops. Tried it 
> >> > a few weeks back.
> >> >
> >> > Getting the same "WARNING: no console will be available to OS" on
> >> 1.9.4,
> >> > too.
> >> >
> >> > On 29 July 2016 at 09:26, Sun, Ning  wrote:
> >> >
> >> > > There is a latest tboot 1.9.4 to download on sourceforge 
> >> > > https://sourceforge.net/projects/tboot/
> >> > > You can collect tboot output through serial port in a UEFI boot.
> >> > > For install and run tboot in UEFI, you also can follow the wiki 
> >> > > here https://sourceforge.net/p/tboot/wiki/Home/.
> >> > > README in tboot source code tree is very helpful as well.
> >> > > Hope this helps.
> >> > >
> >> > > -ning
> >> > >
> >> > > -Original Message-
> >> > > From: Brian E Luckau [mailto:bluc...@sgi.com]
> >> > > Sent: Thursday, July 28, 2016 3:21 PM
> >> > > To: tboot-devel@lists.sourceforge.net
> >> > > Subject: [tboot-devel] no console will be available to OS
> >> > >
> >> > > Hi,
> >> > >
> >> > > I have tried searching the archives with no luck. When I try to
> >> use tboot
> >> > > with UEFI, it gives me:
> >> > >
> >> > > Loading tboot 1.8.1
> >> > > WARNING: no console will be available to OS Loading Linux
> >> > > 3.10.0-327.el7.x86_64 Loading initial ramdisk ...
> >> > >
> >> > > Then nowhere.  I have tried

[tboot-devel] no console will be available to OS

2016-08-11 Thread Ahmed, Safayet (GE Global Research, US)

I believe the message "WARNING: no console will be available to OS Loading 
Linux" appears because UEFI does not support text-mode graphics, which was a 
graphics mode supported by legacy BIOS. This issue should only prevent messages 
from being displayed on the screen until the kernel configures the graphics 
hardware. This issue should not prevent the system from booting.

If tboot is printing " TBOOT: transfering control to kernel @0x100...", 
then it is likely that TBoot does what it's supposed to do without problems and 
then the system is crashing while booting the kernel. I would recommend booting 
the Linux kernel with a serial console and see the kernel messages for where 
and why the kernel crashes. The serial console can be enabled with the kernel 
command-line argument "console=ttyS0,115200n8".

One thing to note is that with tboot and UEFI boot, the Linux kernel had to be 
passed the "noefi" argument. This argument is added by default on Ubuntu. 
Failing to provide this argument, I've seen the Linux kernel crash in the past. 
Although, "noefi" does not appear to be a valid kernel command-line argument in 
newer kernels (v3.18 onwards).

Based on the code, I'm not entirely sure that "TBoot isn't UEFI aware". TBoot 
is launched using the multiboot or multiboot2 protocol. As a part of the 
protocol, TBoot is passed relevant information through the multiboot and 
multiboot2 information structures, respectively. TBoot has a function called 
"is_loader_launch_efi" in "tboot/common/loader.c". This function checks if the 
function "get_loader_efi_ptr" (also in "tboot/common/loader.c") can find 
EFI-related tags and variables in the multiboot2 information structure. So, 
from what I understand, TBoot can detect an EFI launch if TBoot is booted using 
the multiboot2 command. I try to explain below how the boot process works 
(based on my understanding of the code).

The main function responsible for launching the follow-on kernel is 
"launch_kernel" in "tboot/common/loader.c". If the first module (the follow-on 
kernel) loaded after TBoot is NOT  an ELF binary, TBoot attempts to boot the 
kernel with the Linux boot protocol. As a part of the protocol TBoot unpacks 
and places parts of the Linux image in memory and the populates a data 
structure called "boot_params_t". TBoot passes the Linux kernel EFI-related 
information by populating the appaopriate field in this data structure.

If the first module (the follow-on kernel) loaded after tboot IS an ELF binary 
(not a Linux kernel image), TBoot will attempt to launch the kernel using the 
multiboot or multiboot2 protocol. Which protocol is used depends on which 
protocol is supported by the kernel (which magic number is present in the 
kernel image) and how TBoot was launched. However, there are restrictions. The 
six different cases are summarized below:

If the follow-on kernel only supports multiboot (not multiboot2)
If TBoot was launched with multiboot2
If TBoot detects an EFI launch
Fail the measured launch (case 1)
Else if TBoot detects no EFI launch
Launch the kernel (case 2)
Fi
Else if TBoot was launched with multiboot
Launch the kernel (case 3)
Fi
Else if the follow-on kernel supports only multiboot2
If TBoot was launched with multiboot2
Launch the kernel (case 4)
Else if TBoot was launched with multiboot
Fail the measured launch (case 5)
Fi
Else if the follow-on kernel supports both multiboot and multiboot2
Launch the kernel (case 6)
Fi

Since this affects the usage of TBoot, it might be useful to document the above.

Safayet N. Ahmed
Computer Engineer
Software, Sciences & Analytics
GE Global Research Center
One Research Circle,
Niskayuna, NY 12309  United States
General Electric Company, GE Global Research

GE imagination at work

-Original Message-
From: Jason Zaman [mailto:ja...@perfinion.com] 
Sent: Thursday, August 11, 2016 1:36 AM
To: Brian E Luckau 
Cc: 'tboot-devel@lists.sourceforge.net' 
Subject: EXT: Re: [tboot-devel] no console will be available to OS

On Wed, Aug 10, 2016 at 07:51:16PM -0600, Brian E Luckau wrote:
> Hey, 1.9.4 worked a lot better for me! I had tried a similar exercise 
> ca few weeks ago with whatever was the latest build at the time, but 
> could have been doing something else wrong for all I know.
> 
> This time, I took the same configuration that I mentioned from 30 
> minutes ago but with tboot 1.9.4 and now it is booting. Hopefully I 
> can move on to the next steps in using Trusted Boot.

The documentation for this all is a bit all over the place. I tried to document 
it all in the gentoo wiki

Re: [tboot-devel] no console will be available to OS

2016-08-11 Thread Jason Zaman

On Wed, Aug 10, 2016 at 07:51:16PM -0600, Brian E Luckau wrote:
> Hey, 1.9.4 worked a lot better for me! I had tried a similar exercise ca 
> few weeks ago with whatever was the latest build at the time, but could 
> have been doing something else wrong for all I know.
> 
> This time, I took the same configuration that I mentioned from 30 
> minutes ago but with tboot 1.9.4 and now it is booting. Hopefully I can 
> move on to the next steps in using Trusted Boot.

The documentation for this all is a bit all over the place. I tried to
document it all in the gentoo wiki when I got things working from help
from this ML.
https://wiki.gentoo.org/wiki/Trusted_Boot

> On 08/10/2016 07:26 PM, Brian E Luckau wrote:
> > Thank you for the tips.  I had indeed been trying to get output on 
> > serial as well but not getting anything.
> > I got serial output to happen successfully this time; this is my 
> > current line in grub.cfg:
> >
> > multiboot2  /tboot.gz /tboot.gz logging=serial,memory,vga 
> > loglvl=all serial=115200,8n1,0x2f8
> >
> > Now I'm able to get more information on serial (after adding that 
> > serial= entry)
> >
> > It turns out it is hanging at
> >
> > TBOOT: transfering control to kernel @0x100...
> >
> > SO... I would venture to say people who write in with the "no console 
> > will be available to OS" problem are barking up the wrong tree, like I 
> > was. If you can get the serial output then more might come to light 
> > about what is really happening.
> >
> > We may need to try this on better TXT-enabled hardware with the right 
> > BIOS. However, I'm confused at the fact that it hangs here if we are 
> > using UEFI but not if we are using legacy grub.

Tboot isnt a UEFI aware thing, so you still need to have some compat
stuff turned on. In my Thinkpad T440s, I have to enable "CSM" otherwise
it just dies. With CSM enabled, UEFI+grub2+multiboot2 works fine tho.
https://wiki.gentoo.org/wiki/Trusted_Boot#BIOS_configuration

Another thing you can try, if it is resetting and you want to be sure
that its happening after tboot, put a while(1) {} in tboot right before
the jump to the kernel and see if it hangs.

You can also boot into the UEFI shell after a reset and run
"mem fed30030 4" and see what the error code was set to when it died.

-- Jason

> >
> > I'm accustomed to the system booting regardless of whether you have 
> > the hardware, bios, etc. for it. You just would not get a measured 
> > boot.  So, still scratching my head here.
> >
> >
> > -- Brian
> >
> > On 07/31/2016 01:54 PM, Brian Luckau wrote:
> >> Re: [tboot-devel] no console will be available to OS Will try that 
> >> when I Wade back onto it again. Last week tried we could get it to 
> >> work with legacy bios but not EFI
> >>
> >> -Original Message-
> >> *From: *Jason Zaman [ja...@perfinion.com ]
> >> *Sent: *Sunday, July 31, 2016 09:51 AM Central Standard Time
> >> *To: *Justin King-Lacroix
> >> *Cc: *tboot-devel@lists.sourceforge.net
> >> *Subject: *Re: [tboot-devel] no console will be available to OS
> >>
> >> On Fri, Jul 29, 2016 at 01:01:46PM -0700, Justin King-Lacroix wrote:
> >> > Nope, doesn't work on (at least) recent Lenovo laptops. Tried it a few
> >> > weeks back.
> >> >
> >> > Getting the same "WARNING: no console will be available to OS" on 
> >> 1.9.4,
> >> > too.
> >> >
> >> > On 29 July 2016 at 09:26, Sun, Ning  wrote:
> >> >
> >> > > There is a latest tboot 1.9.4 to download on sourceforge
> >> > > https://sourceforge.net/projects/tboot/
> >> > > You can collect tboot output through serial port in a UEFI boot.
> >> > > For install and run tboot in UEFI, you also can follow the wiki here
> >> > > https://sourceforge.net/p/tboot/wiki/Home/.
> >> > > README in tboot source code tree is very helpful as well.
> >> > > Hope this helps.
> >> > >
> >> > > -ning
> >> > >
> >> > > -Original Message-
> >> > > From: Brian E Luckau [mailto:bluc...@sgi.com]
> >> > > Sent: Thursday, July 28, 2016 3:21 PM
> >> > > To: tboot-devel@lists.sourceforge.net
> >> > > Subject: [tboot-devel] no console will be available to OS
> >> > >
> >> > > Hi,
> >> > >
> >> > > I have tried searching the archives with no luck. When I try to 
> >> use tboot
> >> > > with UEFI, it gives me:
> >> > >
> >> > > Loading tboot 1.8.1
> >> > > WARNING: no console will be available to OS Loading Linux
> >> > > 3.10.0-327.el7.x86_64 Loading initial ramdisk ...
> >> > >
> >> > > Then nowhere.  I have tried using console=tty0, 
> >> console=ttyS1,115200 and
> >> > > various different variations of this.
> >>
> >> You need to use something like this:
> >> loglvl=all logging=memory,serial serial=115200,8n1,0x30b0
> >>
> >> console= is a linux cmdline option. tboot needs serial=. also you need
> >> to find the hex addr of the serial port which Ive forgotten how to do.
> >> that addr is for my the AMT serial thing on my Lenovo T440s
> >>
> >> -- Jason
> >>
> >> > >
> >> > > My colleagues and

Re: [tboot-devel] no console will be available to OS

2016-08-10 Thread Brian E Luckau

Thank you for the tips.  I had indeed been trying to get output on 
serial as well but not getting anything.
I got serial output to happen successfully this time; this is my current 
line in grub.cfg:


multiboot2  /tboot.gz /tboot.gz logging=serial,memory,vga loglvl=all 
serial=115200,8n1,0x2f8


Now I'm able to get more information on serial (after adding that 
serial= entry)


It turns out it is hanging at

TBOOT: transfering control to kernel @0x100...

SO... I would venture to say people who write in with the "no console 
will be available to OS" problem are barking up the wrong tree, like I 
was. If you can get the serial output then more might come to light 
about what is really happening.


We may need to try this on better TXT-enabled hardware with the right 
BIOS. However, I'm confused at the fact that it hangs here if we are 
using UEFI but not if we are using legacy grub.


I'm accustomed to the system booting regardless of whether you have the 
hardware, bios, etc. for it. You just would not get a measured boot.  
So, still scratching my head here.



-- Brian

On 07/31/2016 01:54 PM, Brian Luckau wrote:
Re: [tboot-devel] no console will be available to OS Will try that 
when I Wade back onto it again. Last week tried we could get it to 
work with legacy bios but not EFI


-Original Message-
*From: *Jason Zaman [ja...@perfinion.com ]
*Sent: *Sunday, July 31, 2016 09:51 AM Central Standard Time
*To: *Justin King-Lacroix
*Cc: *tboot-devel@lists.sourceforge.net
*Subject: *Re: [tboot-devel] no console will be available to OS

On Fri, Jul 29, 2016 at 01:01:46PM -0700, Justin King-Lacroix wrote:
> Nope, doesn't work on (at least) recent Lenovo laptops. Tried it a few
> weeks back.
>
> Getting the same "WARNING: no console will be available to OS" on 1.9.4,
> too.
>
> On 29 July 2016 at 09:26, Sun, Ning  wrote:
>
> > There is a latest tboot 1.9.4 to download on sourceforge
> > https://sourceforge.net/projects/tboot/
> > You can collect tboot output through serial port in a UEFI boot.
> > For install and run tboot in UEFI, you also can follow the wiki here
> > https://sourceforge.net/p/tboot/wiki/Home/.
> > README in tboot source code tree is very helpful as well.
> > Hope this helps.
> >
> > -ning
> >
> > -Original Message-
> > From: Brian E Luckau [mailto:bluc...@sgi.com]
> > Sent: Thursday, July 28, 2016 3:21 PM
> > To: tboot-devel@lists.sourceforge.net
> > Subject: [tboot-devel] no console will be available to OS
> >
> > Hi,
> >
> > I have tried searching the archives with no luck. When I try to 
use tboot

> > with UEFI, it gives me:
> >
> > Loading tboot 1.8.1
> > WARNING: no console will be available to OS Loading Linux
> > 3.10.0-327.el7.x86_64 Loading initial ramdisk ...
> >
> > Then nowhere.  I have tried using console=tty0, 
console=ttyS1,115200 and

> > various different variations of this.

You need to use something like this:
loglvl=all logging=memory,serial serial=115200,8n1,0x30b0

console= is a linux cmdline option. tboot needs serial=. also you need
to find the hex addr of the serial port which Ive forgotten how to do.
that addr is for my the AMT serial thing on my Lenovo T440s

-- Jason

> >
> > My colleagues and I have not been able to get tboot to work on EFI
> > platforms.  I am sure there may be something wrong with our config 
but we

> > are flying blind.  How do others deal with this when it occurs?
> >
> >
> >
> > 
--

> > ___
> > tboot-devel mailing list
> > tboot-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/tboot-devel
> >
> >
> > 
--

> > ___
> > tboot-devel mailing list
> > tboot-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/tboot-devel
> >

> 
--


> ___
> tboot-devel mailing list
> tboot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tboot-devel


--
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel



--


___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols

[tboot-devel] no console will be available to OS

2016-07-28 Thread Brian E Luckau

Hi,

I have tried searching the archives with no luck. When I try to use 
tboot with UEFI, it gives me:

Loading tboot 1.8.1
WARNING: no console will be available to OS
Loading Linux 3.10.0-327.el7.x86_64
Loading initial ramdisk ...

Then nowhere.  I have tried using console=tty0, console=ttyS1,115200 and 
various different variations of this.

My colleagues and I have not been able to get tboot to work on EFI 
platforms.  I am sure there may be something wrong with our config but 
we are flying blind.  How do others deal with this when it occurs?


--
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Re: [tboot-devel] no console will be available to OS

[tboot-devel] no console will be available to OS

Re: [tboot-devel] no console will be available to OS

Re: [tboot-devel] no console will be available to OS

[tboot-devel] no console will be available to OS

5 matches

Site Navigation

Mail list logo

Footer information