First, your TPM is reporting incorrect timeout values:
TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0
but tboot will detect this and set them to the defaults.
BIOS is not enabling TXT:
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
This indicates that only VT is enabled. You need to enable TXT in the BIOS
(assuming it supports TXT).
In your GRUB config, you should duplicate the module name so that tboot will
get it (GRUB2 difference):
multiboot /boot/tboot.gz placeholder logging=serial,vga,memory
e.g. replace 'placeholder' with 'tboot.gz' and do this for every module entry.
gigabyte P55A-UD5
On the GIGABYTE website I wasn't able to find any indication whether this
mb/BIOS supports TXT. The CPU and chipset do. So you would need to contact
GIGABTYE to find out whether this system supports TXT.
Joe
From: Jungho Song [mailto:jhs...@camars.kaist.ac.kr]
Sent: Wednesday, November 03, 2010 11:24 PM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] IA32_FEATURE_CONTROL_MSR problem
TBOOT: ******************* TBOOT *******************
TBOOT: unavailable
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009f800 (1)
TBOOT: 000000000009f800 - 00000000000a0000 (2)
TBOOT: 00000000000f0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000df7a0000 (1)
TBOOT: 00000000df7a0000 - 00000000df7d2000 (4)
TBOOT: 00000000df7d2000 - 00000000df7e0000 (2)
TBOOT: 00000000df7e0000 - 00000000df800000 (2)
TBOOT: 00000000f4000000 - 00000000f8000000 (2)
TBOOT: 00000000fec00000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000120000000 (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: FALSE
TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 4
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb
9d f4 ce 73 35 49
TBOOT: hashes[1]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb
9d f4 ce 73 35 49
TBOOT: hashes[2]: db 47 fa 5f 2d 10 75 9b 82 fd 45 f6 7f 2c
85 8e f4 b1 71 86
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 99 c8 25 17 7e de 00 14 61 04 f4 d7 48 fa
a7 74 19 2d de 78
TBOOT: hashes[1]: 8a 6e 89 56 e1 60 8f a1 27 20 dc f1 6a 0c
c8 05 55 dd 85 0d
TBOOT: hashes[2]: e7 d5 eb 17 7f cc 06 30 38 93 e3 95 2e 5a
63 e8 a3 f0 11 1e
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 2
TBOOT: hashes[0]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0
11 13 89 e9 bf 49
TBOOT: hashes[1]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0
11 13 89 e9 bf 49
TBOOT: policy entry[3]:
TBOOT: mod_num: 3
TBOOT: pcr: 20
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 92 b8 4f 5b 0f 57 1a fd 7f 3a b3 67 af 43
06 60 a6 f4 f9 09
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: CPU is VMX-capable
TBOOT: ERR: VMXON disabled by feature control MSR (5)
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE=0
TBOOT: LT.ESTS=0
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: CPU is VMX-capable
TBOOT: ERR: VMXON disabled by feature control MSR (5)
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: unsupported BIOS data version (4026589891)
TBOOT: BIOS data specifies too many CPUs (4026597029)
TBOOT: generic fatal error.
TBOOT: TPM: tpm_validate_locality timeout
TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_HALT
TBOOT: ******************* TBOOT *******************
TBOOT: unavailable
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009f800 (1)
TBOOT: 000000000009f800 - 00000000000a0000 (2)
TBOOT: 00000000000f0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000df7a0000 (1)
TBOOT: 00000000df7a0000 - 00000000df7d2000 (4)
TBOOT: 00000000df7d2000 - 00000000df7e0000 (2)
TBOOT: 00000000df7e0000 - 00000000df800000 (2)
TBOOT: 00000000f4000000 - 00000000f8000000 (2)
TBOOT: 00000000fec00000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000120000000 (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: FALSE
TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 4
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb
9d f4 ce 73 35 49
TBOOT: hashes[1]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb
9d f4 ce 73 35 49
TBOOT: hashes[2]: db 47 fa 5f 2d 10 75 9b 82 fd 45 f6 7f 2c
85 8e f4 b1 71 86
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 99 c8 25 17 7e de 00 14 61 04 f4 d7 48 fa
a7 74 19 2d de 78
TBOOT: hashes[1]: 8a 6e 89 56 e1 60 8f a1 27 20 dc f1 6a 0c
c8 05 55 dd 85 0d
TBOOT: hashes[2]: e7 d5 eb 17 7f cc 06 30 38 93 e3 95 2e 5a
63 e8 a3 f0 11 1e
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 2
TBOOT: hashes[0]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0
11 13 89 e9 bf 49
TBOOT: hashes[1]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0
11 13 89 e9 bf 49
TBOOT: policy entry[3]:
TBOOT: mod_num: 3
TBOOT: pcr: 20
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 92 b8 4f 5b 0f 57 1a fd 7f 3a b3 67 af 43
06 60 a6 f4 f9 09
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: SMX not supported.
TBOOT: no LCP module found
TBOOT: kernel is ELF format
TBOOT: transfering control to kernel @0x100000...
CPU : i7 860 (2.8)
M/B : gigabyte P55A-UD5
Tboot : 20101015 version
XEN : 4.0.1
grub.cfg (grub2)
menuentry 'Xen 4.0.1 / Debian Linux 2.6.32.23 / Intel(R) Trusted Execution
Technology'
{
insmod part_msdos
insmod ext2
set root='(hd0,msdos1)'
search --no-floppy --fs-uuid --set 02d55450-a706-4474-8aec-f4632c1f0792
echo 'tBoot with Xen 4.0.1 / Linux 2.6.32.23 ...'
multiboot /boot/tboot.gz placeholder logging=serial,vga,memory
module /boot/xen-4.0.1.gz console=com1,vga com1=115200,8n1
module /boot/vmlinuz-2.6.32.23 placeholder
root=UUID=02d55450-a706-4474-8aec-f4632c1f0792 ro quieti
echo 'Loading initial ramdisk ...'
module /boot/initrd.img-2.6.32.23
echo 'SINIT ...'
module /boot/i7_QUAD_SINIT_20.BIN
}
--------------------------------------------------------------------------------------------------------------------------------
problem is that I can set up feature_control_msr to ff0f.
so, tboot can't execute 'SENTER' instruction.
I think it may be M/B or BIOS problem.
why feature_control_msr value is 5 ?
I can't find reason of that..
thx to read
from jhSong
------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a
Billion" shares his insights and actions to help propel your
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
