I do not believe the tpm_tis driver was loaded, however if I do load the
module I get the same error code.
It does seem the TPM has an active locality. I'm getting the debug
output from this snippet of code in tpm.c:
/*
* must ensure TPM_ACCESS_0.activeLocality bit is clear
* (: locality is not active)
*/
read_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
if ( reg_acc.active_locality != 0 ) {
dbg("(in tpm.c) reg_acc.active_locality != 0\n");
/* make inactive by writing a 1 */
reg_acc.active_locality = 1;
write_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
}
At this point in the code before it enters the if statement and after it
exits it reg_acc.active_locality is 1. I changed the line
reg_acc.active_locality = 1;
to
reg_acc.active_locality = 0;
but even after doing this the value of active_locality is 1. My guess is
that there is something else I need to do to make it inactive.
Thanks for the help, this has given me more of a direction to focus on.
-Jeff
On 01/14/2011 11:50 AM, Jonathan McCune wrote:
> Although there are some distinct error codes for locality access
> problems, you might check whether the Linux TPM driver is active. If
> the TPM has an active locality (which would be locality 1 with Linux's
> tpm_tis), then SENTER will not succeed. The easiest way to test if
> this makes a difference is to boot Linux without loading tpm_tis, then
> try a Flicker session, and see if it makes any difference.
>
> Also, with the SINIT module you're using, ACMOD_SIZE_MAX as defined in
> flicker.h is too small in flicker-0.2. I generally use 64K instead of
> 32K these days. Unfortunately the error handling in flicker-0.2 just
> prints a small warning message and blindly keeps going with an
> incomplete SINIT module if the buffer is too small. However, I would
> expect that you would observe a different failure mode under those
> conditions.
>
> Hope this helps,
> -Jon
>
>
>
> On Fri, Jan 14, 2011 at 10:54 AM, Jeff Cleveland<jclevel...@bbn.com> wrote:
>> Hi list,
>>
>> My question stems from a TXT error I'm getting while trying to run
>> Flicker. I have a dual core i5 laptop I'm testing on and using the sinit
>> module i5_i7_DUAL_SINIT_18.bin. During execution of Flicker my computer
>> reboots, upon startup I see the TXT ERRORCODE 0xc0003cd1, which parses
>> as acm_type=1, progress=0d, error=f, and according to sinit_errors.txt
>> that is "TPM PCR 17 was not properly initialized"
>>
>> The MLE Software Development Guide is pretty clear on how PCR 17 should
>> be initialized, and yet I can't find in the Flicker or tboot source code
>> where this initialization is happening. I was hoping to use the tboot
>> source as a reference because on this machine GETSEC[SENTER] does
>> successfully execute when I try launching tboot (loading the operating
>> system fails afterwards but I believe thats a kernel configuration issue
>> I haven't fixed yet).
>>
>> Any advice or pointers to where tboot initializes PCR 17 would be
>> greatly appreciated.
>>
>> Thanks,
>> Jeff
>>
>> ------------------------------------------------------------------------------
>> Protect Your Site and Customers from Malware Attacks
>> Learn about various malware tactics and how to avoid them. Understand
>> malware threats, the impact they can have on your business, and how you
>> can protect your company and customers by using code signing.
>> http://p.sf.net/sfu/oracle-sfdevnl
>> _______________________________________________
>> tboot-devel mailing list
>> tboot-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>>
--
Jeff Cleveland
Raytheon - BBN Technologies
617-873-2515
jclevel...@bbn.com
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
