Hi Martin. The error from your log is:
TBOOT: LT.ERRORCODE=c0002cd1
TBOOT: AC module error : acm_type=1, progress=0d, error=b
Progress 0xd, error 0xb is:
1011 TPM NV RAM is unlocked
I'm surprised it cares about this. The nonvolatile memory in the TPM
is shipped in a rather permissive, "unlocked" state. At some point it
is supposed to be "locked" after which time a degree of authentication
is necessary for certain instructions. Sounds like SINIT wants the TPM
to have been converted to the locked state.
The lcptools directory in tboot contains a command nvlock which will
lock the TPM. As the Readme.txt warns:
"Warning
The tools can only run on the machine with TPM 1.2 Device. And
be careful on using the nvlock command, because after the tpm device
is locked, it could not be unlocked again."
But I don't think there's probably any harm. I think you can still add
NV areas, like if you want to define a policy someday as to which
versions of tboot can load, etc. Maybe someone else can confirm that
(A) locking the NV RAM is necessary for the SINIT to run; and (B)
locking it won't cause any trouble with future things you might want
to do with the TPM.
Hal Finney
On Tue, Aug 18, 2009 at 8:03 AM, Martin
Pirker<martin.pir...@iaik.tugraz.at> wrote:
> Hi list....
>
> Trying tboot on a Intel DQ45CB,
> SENTER fails with - see attached log.
> What does the LT.ERRORCODE want to tell me?
>
> Any hints appreciated :-)
> Martin
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
