Hello all,
I am trying to boot a tboot 1.7, xen 4.1 x86_64, Linux 3.1.1 x86_64
combination. I think I have a very basic problem, but I am not sure how to
fix it and I was wondering if someone could point me in the right direction.
When I try to boot with tboot, the tboot process goes through to the point
of 'TBOOT: executing GETSEC[SENTER]...' and then resets the system to repeat
the process. In looking at the serial output log, two things stick out.
1) Txt.errorcode
a. TBOOT: TXT.ERRORCODE: 0xc0005d01
b. TBOOT: AC module error : acm_type=0x1, progress=0x10,
error=0x17
c. Which maps to: ' Owner policy is of type LCP_POLTYPE_LIST but
no policy data has been provided'
2) TBOOT: no LCP module found
Please see the attached document for the diagnostics.
Thanks for the help
Jeff
//Setup and policy creation
tpm_takeownership -z
tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxxxxxx
tpmnv_defindex -i owner -s 0x36 -p xxxxxxxx
tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p xxxxxxxx
lcp_mlehash -c "logging=serial,vga,memory" /boot/tboot.gz > tboot_hash
lcp_crtpol -t hashonly -m tboot_hash -o lcp.pol
lcp_writepol -i owner -f lcp.pol -p xxxxxxxx
tb_polgen --create --type nonfatal tcb.pol
tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "no-real-mode"
--image /boot/xen-4.1.gz tcb.pol
tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "ro
root=/dev/mapper/vg_xentest1-lv_root rd_LVM_LV=vg_xentest1/lv_root
rd_LVM_LV=vg_xentest1/lv_swap" --image /boot/vmlinuz-3.1.1-xxx tcb.pol
tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image
/boot/initramfs-3.1.1-xxx.img tcb.pol
lcp_writepol -i 0x20000001 -f tcb.pol -p xxxxxxxx
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
/*****************************
*/
//cat /boot/grub/menu.lst
title tboot - Xen - 3.1.1
root (hd0,0)
kernel /tboot.gz logging=serial,vga,memory
module /xen-4.1.gz no-real-mode
module /vmlinuz-3.1.1-xxx ro root=/dev/mapper/vg_xentest1-lv_root
rd_LVM_LV=vg_xentest1/lv_root rd_LVM_LV=vg_xentest1/lv_swap
module /initramfs-3.1.1-xxx.img
module /i7_QUAD_SINIT_51.BIN
//Serial output log
TBOOT: ******************* TBOOT *******************
TBOOT: 2012-01-24 15:11 -0800 299:950fec11ef90
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009fc00 (1)
TBOOT: 00000000000f0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000e33cfc00 (1)
TBOOT: 00000000e33cfc00 - 00000000e3423c00 (4)
TBOOT: 00000000e3423c00 - 00000000e3425c00 (3)
TBOOT: 00000000e3425c00 - 00000000e4000000 (2)
TBOOT: 00000000f8000000 - 00000000fc000000 (2)
TBOOT: 00000000fed00000 - 00000000fed00400 (2)
TBOOT: 00000000fed20000 - 00000000feda0000 (2)
TBOOT: 00000000fec00000 - 00000000fed00000 (2)
TBOOT: 00000000fee00000 - 00000000fef00000 (2)
TBOOT: 00000000ffb00000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000118000000 (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
TBOOT: Wrong timeout B, fallback to 2000
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: 18
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 8d 3b b6 66 92 34 87 73 f9
6e 7c 1f 12 7c 3a ff b5 a5 13 05
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 0d f8 ad d2 2e d9 c3 6d d3
56 e6 2f e7 47 55 b6 2d 11 fe e0
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 22 82 23 8d 65 ba 32 95 a8
ac 9e d6 9c fb 4d aa d4 ec 88 2b
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0xc0005d01
TBOOT: AC module error : acm_type=0x1, progress=0x10, error=0x17
TBOOT: LCP2 error: minor error = 0xd, index = 0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x8
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xe3720000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xe3720008, 0x2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: CR0.NE not set
TBOOT: CR0 and EFLAGS OK
TBOOT: no machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
last boot has error.
TBOOT: checking if module /i7_QUAD_SINIT_51.BIN is an SINIT for this platform...
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xc002, revision: 0x1
TBOOT: processor family/model/stepping: 0x106e5
TBOOT: platform id: 0x4000000000000
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xc002, flags: 0x1,
revision: 0x7, extended: 0x0
TBOOT: SINIT matches platform
TBOOT: TXT.SINIT.BASE: 0xe3700000
TBOOT: TXT.SINIT.SIZE: 0x20000 (131072)
TBOOT: copied SINIT (size=adc0) to 0xe3700000
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: subtype: 0x0
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_id: 0xd130
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20111109
TBOOT: size*4: 0xadc0 (44480)
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:000089fb
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db,
0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 3
TBOOT: length: 0x28 (40)
TBOOT: chipset_id_list: 0x4e8
TBOOT: os_sinit_data_ver: 0x5
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x0000000e
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: acm_ver: 51
TBOOT: chipset list:
TBOOT: count: 1
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xc002
TBOOT: revision_id: 0x7
TBOOT: extended_id: 0x0
TBOOT: file addresses:
TBOOT: &_start=0x804000
TBOOT: &_end=0x96fe60
TBOOT: &_mle_start=0x804000
TBOOT: &_mle_end=0x824000
TBOOT: &_post_launch_entry=0x804010
TBOOT: &_txt_wakeup=0x8041e0
TBOOT: &g_mle_hdr=0x81a260
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
{0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000010
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=4000
TBOOT: mle_end_off=24000
TBOOT: capabilities: 0x00000027
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: MLE start=804000, end=824000, size=20000
TBOOT: ptab_size=3000, ptab_base=0x801000
TBOOT: TXT.HEAP.BASE: 0xe3720000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xe3720008, 0x2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xe33cfc00
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x118000000
TBOOT: no LCP module found
TBOOT: os_sinit_data (@0xe3731154, 0x64):
TBOOT: version: 5
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x20000 (131072)
TBOOT: mle_hdr_base: 0x16260
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xe3200000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x18000000
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: setting MTRRs for acmod: base=0xe3700000, size=0xadc0, num_pages=11
TBOOT: executing GETSEC[SENTER]...
//txt-stat
Intel(r) TXT Configuration Registers:
STS: 0x00000002
senter_done: FALSE
sexit_done: TRUE
mem_config_lock: FALSE
private_open: FALSE
locality_1_open: FALSE
locality_2_open: FALSE
ESTS: 0x00
txt_reset: FALSE
E2STS: 0x0000000000000008
secrets: FALSE
ERRORCODE: 0xc0005d01
DIDVID: 0x00000001c0028086
vendor_id: 0x8086
device_id: 0xc002
revision_id: 0x1
FSBIF: 0x0000000000000000
QPIIF: 0x0000000084482000
SINIT.BASE: 0xe3700000
SINIT.SIZE: 131072B (0x20000)
HEAP.BASE: 0xe3720000
HEAP.SIZE: 917504B (0xe0000)
DPR: 0x00000000e3800031
lock: TRUE
top: 0xe3800000
size: 3MB (3145728B)
//tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.8.8
Spec Level: 2
Errata Revision: 2
TPM Vendor ID: STM
TPM Version: 01010000
Manufacturer Info: 53544d20
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
