> From: Jeff Cleveland [mailto:jclevel...@bbn.com]
> Sent: Thursday, January 27, 2011 2:14 PM
>
> It looks like it was the active locality. The function "bool
> is_tpm_ready(uint32_t locality)" in flicker-02/intel/kmod-2.6.30/tpm.c
> was not setting the locality to inactive properly. I replaced this with
> a call to "bool release_locality(uint32_t locality)" from
> "tboot/common/tpm.c" and it seemed to have fixed it.
>
> I'm now getting a weird issue where if I run go.sh twice, the second
> time SENTER fails. I'll be investigating and post what I find.
>
> On a separate note, in the future should I keep flicker related
> discoveries and issues off this mailing list? I don't want to wear out
> my welcome by posting unwanted messages related to a different project.
If Jonathan has a mailing list for Flicker then it would be best to post there
and anyone on this list that was interested could just subscribe to it (as I
will do ;-). If he does not, then I am fine with continuing to post here, as
there is not so much traffic that it should cause problems and I am personally
interested in all uses of TXT.
Joe
>
> -Jeff
>
> On 01/14/2011 02:39 PM, Jeff Cleveland wrote:
> > I do not believe the tpm_tis driver was loaded, however if I do load the
> > module I get the same error code.
> >
> > It does seem the TPM has an active locality. I'm getting the debug
> > output from this snippet of code in tpm.c:
> >
> > /*
> > * must ensure TPM_ACCESS_0.activeLocality bit is clear
> > * (: locality is not active)
> > */
> > read_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
> > if ( reg_acc.active_locality != 0 ) {
> > dbg("(in tpm.c) reg_acc.active_locality != 0\n");
> > /* make inactive by writing a 1 */
> > reg_acc.active_locality = 1;
> > write_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
> > }
> >
> > At this point in the code before it enters the if statement and after it
> > exits it reg_acc.active_locality is 1. I changed the line
> >
> > reg_acc.active_locality = 1;
> >
> > to
> >
> > reg_acc.active_locality = 0;
> >
> > but even after doing this the value of active_locality is 1. My guess is
> > that there is something else I need to do to make it inactive.
> >
> > Thanks for the help, this has given me more of a direction to focus on.
> > -Jeff
> >
> > On 01/14/2011 11:50 AM, Jonathan McCune wrote:
> >> Although there are some distinct error codes for locality access
> >> problems, you might check whether the Linux TPM driver is active. If
> >> the TPM has an active locality (which would be locality 1 with Linux's
> >> tpm_tis), then SENTER will not succeed. The easiest way to test if
> >> this makes a difference is to boot Linux without loading tpm_tis, then
> >> try a Flicker session, and see if it makes any difference.
> >>
> >> Also, with the SINIT module you're using, ACMOD_SIZE_MAX as defined in
> >> flicker.h is too small in flicker-0.2. I generally use 64K instead of
> >> 32K these days. Unfortunately the error handling in flicker-0.2 just
> >> prints a small warning message and blindly keeps going with an
> >> incomplete SINIT module if the buffer is too small. However, I would
> >> expect that you would observe a different failure mode under those
> >> conditions.
> >>
> >> Hope this helps,
> >> -Jon
> >>
> >>
> >>
> >> On Fri, Jan 14, 2011 at 10:54 AM, Jeff Cleveland<jclevel...@bbn.com>
> >> wrote:
> >>> Hi list,
> >>>
> >>> My question stems from a TXT error I'm getting while trying to run
> >>> Flicker. I have a dual core i5 laptop I'm testing on and using the sinit
> >>> module i5_i7_DUAL_SINIT_18.bin. During execution of Flicker my computer
> >>> reboots, upon startup I see the TXT ERRORCODE 0xc0003cd1, which parses
> >>> as acm_type=1, progress=0d, error=f, and according to sinit_errors.txt
> >>> that is "TPM PCR 17 was not properly initialized"
> >>>
> >>> The MLE Software Development Guide is pretty clear on how PCR 17 should
> >>> be initialized, and yet I can't find in the Flicker or tboot source code
> >>> where this initialization is happening. I was hoping to use the tboot
> >>> source as a reference because on this machine GETSEC[SENTER] does
> >>> successfully execute when I try launching tboot (loading the operating
> >>> system fails afterwards but I believe thats a kernel configuration issue
> >>> I haven't fixed yet).
> >>>
> >>> Any advice or pointers to where tboot initializes PCR 17 would be
> >>> greatly appreciated.
> >>>
> >>> Thanks,
> >>> Jeff
> >>>
> >>> ------------------------------------------------------------------------------
> >>> Protect Your Site and Customers from Malware Attacks
> >>> Learn about various malware tactics and how to avoid them. Understand
> >>> malware threats, the impact they can have on your business, and how you
> >>> can protect your company and customers by using code signing.
> >>> http://p.sf.net/sfu/oracle-sfdevnl
> >>> _______________________________________________
> >>> tboot-devel mailing list
> >>> tboot-devel@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel
> >>>
> >
>
>
> --
> Jeff Cleveland
> Raytheon - BBN Technologies
> 617-873-2515
> jclevel...@bbn.com
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> tboot-devel mailing list
> tboot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tboot-devel
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
