You aren't passing a command line string (-c "...") to lcp_mlehash-is it the
case that your grub.conf file doesn't have any command line options for tboot?
Joe
From: Michael Nelson [mailto:miken...@hotmail.com]
Sent: Tuesday, September 27, 2011 7:06 PM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)
I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE
measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a
number of different things but I am stuck at this point trying to figure out
what's wrong.
Here are the commands that I have run (after taking ownership and creating the
NV storage):
lcp_mlehash /boot/tboot.gz > mlehash
lcp_crtpol -t hashonly -m mle_hash -o lcp.pol
lcp_writepol -i owner -f lcp.pol -p password
I have also configured the tboot policy with tb_polgen (which tboot summarizes
during bootup), but I don't think I am getting far enough for that to be
relevant yet.
Any help would be appreciated.
Thanks,
-mike
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
