There are a couple of issues. See below:
From: Jeffrey James Karrels [mailto:jkarr...@islinc.com]
Sent: Thursday, January 26, 2012 9:23 AM
To: tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] Reset after GETSEC[SENTER]
Hello all,
Sorry, it looks like html formatting sort of messed up my last post... I am
trying to boot a tboot 1.7, xen 4.1 x86_64, Linux 3.1.1 x86_64 combination. I
think I have a very basic problem, but I am not sure how to fix it and I was
wondering if someone could point me in the right direction. When I try to boot
with tboot, the tboot process goes through to the point of 'TBOOT: executing
GETSEC[SENTER]...' and then resets the system to repeat the process. In looking
at the serial output log, two things stick out.
1) Txt.errorcode
a. TBOOT: TXT.ERRORCODE: 0xc0005d01
b. TBOOT: AC module error : acm_type=0x1, progress=0x10, error=0x17
c. Which maps to: ' Owner policy is of type LCP_POLTYPE_LIST but no
policy data has been provided'
2) TBOOT: no LCP module found
Please see the first post for the diagnostics.
Thanks for the help
Jeff
//Setup and policy creation
tpm_takeownership -z
tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxxxxxx
tpmnv_defindex -i owner -s 0x36 -p xxxxxxxx
tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p xxxxxxxx
lcp_mlehash -c "logging=serial,vga,memory" /boot/tboot.gz > tboot_hash
lcp_crtpol -t hashonly -m tboot_hash -o lcp.pol
lcp_writepol -i owner -f lcp.pol -p xxxxxxxx
[JC] For the platform you have (i7 quad), you need to use a v2 policy. Look
at docs/policy_v2.txt for an example. You create it with lcp_crtpol2 and
similar tools. Because you want to have MLE verification, you will need to
have it of type 'list' (v2 policies don't have the hashonly type). This means
you will be creating (using lcp_crtpollist) a policy data file. That file
needs to be loaded by GRUB (e.g. after the SINIT), where tboot will then find
it and put in into the right pace for SINIT to use.
tb_polgen --create --type nonfatal tcb.pol
tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "no-real-mode" --image
/boot/xen-4.1.gz tcb.pol
tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "ro
root=/dev/mapper/vg_xentest1-lv_root rd_LVM_LV=vg_xentest1/lv_root
rd_LVM_LV=vg_xentest1/lv_swap" --image /boot/vmlinuz-3.1.1-xxx tcb.pol
tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image
/boot/initramfs-3.1.1-xxx.img tcb.pol
lcp_writepol -i 0x20000001 -f tcb.pol -p xxxxxxxx
[JC] This looks OK.
CONFIDENTIALITY NOTICE:This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
