Re: [tboot-devel] Question about the difference between aux and aux2

Thu, 26 Apr 2012 11:38:29 -0700 

While the tboot Linux LCP tools provide the capability for defining 
OEM/manufacturer TPM NV indices, the recommended process for OEMs is to use our 
OEM tools.  The OEM tools and documentation for manufacturing and provisioning 
a TXT system are available under NDA, as there is much more to OEM support for 
TXT than covered in the MLE SDM.

Joe

From: charles.fis...@gdc4s.com [mailto:charles.fis...@gdc4s.com]
Sent: Thursday, April 26, 2012 11:06 AM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] Question about the difference between aux and aux2

I have a question about the Sandy Bridge SINIT module 
(2nd_gen_i5_i7_SINIT_51.BIN).

The developers kit has a set of programs for defining the default policy (NVRAM 
index 0x50000001) and aux2 (NVRAM index 0x50000003).

All of the Sandy Bridge Machines that we currently have, have aux predefined 
(0x50000002), and tboot and the SINIT module appear to work fine.

We are currently in the position of having to define the Platform Supplier 
indices before locking down the NVRAM.

The questions are:

Does it matter that AUX2 is not defined?

Is it a problem to define both the AUX and AUX2 indexes?

Given that there is nothing that is every written to AUX or AUX 2 by any of 
tboot programs, I am assuming that they are used by the SINIT module for 
internal scratch space.

Given that the SINIT module will not function with the NVRAM unlocked, and that 
locking the NVRAM is a one way street, we would like to be certain that we have 
the PS indices defined correctly before  taking that step.

Thanks for any help that you have available.

Charles

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to