Re: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

Sat, 01 Oct 2011 15:05:06 -0700 

In the case below, I wasn't passing any options in GRUB. As I noted in a later 
posting, I was able to get past the MLE error by doing a cold reboot after 
configuring things correctly.
Unfortunately now the machine reboots shortly after SENTER is called. Looking 
at the TXT error code on reboot, the progress code is 0xf and the error code is 
unlisted in sinit_errors.txt (can't remember the exact #). I looked around in 
the BIOS settings, but I don't see options that might help that situation.
I will be getting a Q67 system (Intel motherboard) next week, so hopefully I 
will have better luck with that.
Thanks for your help.
-mike
From: joseph.cih...@intel.com
To: miken...@hotmail.com; tboot-devel@lists.sourceforge.net
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
Date: Thu, 29 Sep 2011 17:49:08 +0000











You aren’t passing a command line string (-c “…”) to lcp_mlehash—is it the case 
that your grub.conf file doesn’t have any command line options for tboot?
 
Joe
 



From: Michael Nelson [mailto:miken...@hotmail.com]


Sent: Tuesday, September 27, 2011 7:06 PM

To: tboot-devel@lists.sourceforge.net

Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45


 


(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)


 


I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE 
measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a 
number of different things
 but I am stuck at this point trying to figure out what's wrong. 


 


Here are the commands that I have run (after taking ownership and creating the 
NV storage):


 


lcp_mlehash /boot/tboot.gz > mlehash


lcp_crtpol -t hashonly -m mle_hash -o lcp.pol


lcp_writepol -i owner -f lcp.pol -p password


 


I have also configured the tboot policy with tb_polgen (which tboot summarizes 
during bootup), but I don't think I am getting far enough for that to be 
relevant yet.


 


Any help would be appreciated.


 




Thanks,


-mike




 



                                          
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to