> From: Seiji Munetoh [mailto:[email protected]]
> Sent: Tuesday, April 05, 2011 6:13 AM
>
> Hi
>
> I'm looking at TXT boot log of my Fedora 15.
> It extended VL measurements hashes to PCR 17, 18 and 19 after check the
> Verified Launch policy.
>
> What is the value of VL measurements on the PCR17?
> I can't find the origin of this value extended to the PCR17.
> (My vl policy just set the hashes of the PCR 18 and 19.)
Good catch--the README has a typo:
- SHA-1 hash of: tboot policy control value (4 bytes) |
SHA-1 hash of tboot policy (20 bytes)
: where the hash of the tboot policy will be 0s if
TB_POLCTL_EXTEND_PCR17 is clear
Really goes in PCR 17 (and not 18 as README states).
> ---
> > TBOOT: ux=0 rhgb quiet xdriver=vesa nomodeset 1"...
> > TBOOT: OK : d2 5c 5b 18 2a 9a 62 ce 15 e4 6d 08 91 9d 4e fc 1b 7c fc ad
> => PCR18
>
> > TBOOT: verifying module "/initramfs-2.6.38.1-6.fc15.x86_64.img"...
> > TBOOT: OK : 0f 93 a8 2c 3b 3b 20 30 98 61 39 a2 03 2e 38 23 73 3f c6 42
> => PCR19
>
> > TBOOT: all modules are verified
> > TBOOT: pre_k_s3_state:
> > TBOOT: vtd_pmr_lo_base: 0x0
> > TBOOT: vtd_pmr_lo_size: 0x79800000
> > TBOOT: vtd_pmr_hi_base: 0x0
> > TBOOT: vtd_pmr_hi_size: 0x0
> > TBOOT: pol_hash: 5a 14 3f 34 f5 03 41 ff a2 01 34 0f b8 8e f9 98 73 b7 e0
> > 3d
> > TBOOT: VL measurements:
> > TBOOT: PCR 17: a8 21 ff be 39 69 21 f3 bd 8d 79 e7 70 ec 8f 75 41 ba 5c
> > 5e
> Where is this from?
See above.
> TBOOT: PCR 18: d2 5c 5b 18 2a 9a 62 ce 15 e4 6d 08 91 9d 4e fc 1b 7c fc ad
> TBOOT: PCR 19: 0f 93 a8 2c 3b 3b 20 30 98 61 39 a2 03 2e 38 23 73 3f c6 42
> TBOOT: PCRs before extending:
> TBOOT: PCR 17: 8a d7 6e cc d2 55 5b e0 d9 6f c8 61 a7 9e 8b b7 92 00 ed d9
> TBOOT: PCR 18: 83 f0 02 a7 4c d7 0d de d6 1a ca 09 0a a1 64 a6 0e 25 e2 75
> TBOOT: PCRs after extending:
> TBOOT: PCR 17: bb 0f 68 4f df 3a 42 b9 24 93 80 6d 5d a5 4e 36 62 c5 c5 52
> TBOOT: PCR 18: 5e 24 63 ef f8 ee 13 c3 28 1e 13 03 d2 0e d4 79 69 5f 15 d7
> Is PCR 19 missing?
The code just doesn't display it because this output is really intended to help
debug unseal failures and the integrity measurements are only sealed to PCRs 17
+ 18.
> > TBOOT: tboot_shared data:
> > TBOOT: version: 5
> > TBOOT: log_addr: 0x00060000
> > TBOOT: shutdown_entry: 0x008031b0
> > TBOOT: shutdown_type: 0
> > TBOOT: tboot_base: 0x00803000
> > TBOOT: tboot_size: 0x7be04
> > TBOOT: num_in_wfs: 1
> ---
>
> Thanks,
> --
> Seiji
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming smartphone on the nation's
> most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> tboot-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/tboot-devel
------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
tboot-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tboot-devel
