Hi Ren,
Flicker doesn't require tboot; in fact, they can't be used together. If
you try doing a Flicker launch from a kernel that's been booted with
tboot, the launch will fail.
Flicker and tboot are, however, based on the same technology: Intel
Trusted Execution Technology.
The upshot: if you want to experiment with Flicker, stop here and give
up with tboot. If you're nonetheless still interested in getting tboot
working, read on.
Setting up tboot with a 32-bit non-PAE kernel is the same as for any
other kernel -- tboot doesn't care which paging mode your kernel prefers.
Your GRUB2 configuration looks reasonable, except for a probably
irrelevant typo (missing '/') on the "module /boot/vmlinuz..." line.
The failure you're getting is a TXT-shutdown. Unfortunately, that can be
caused by absolutely any failure at all in the TXT late-launch process.
The only clue left behind is the contents of the TXT error code
register. The Intel MLE Developer's Guide tells you where that is, and
contains the table you need to decode it.
Things to try:
* Hard power-cycle the machine. Some TXT failure conditions cause the
hardware to refuse to try any more TXT invocations until this happens.
* Read the tboot README. (It's the only documentation you've got, and
it's not bad.)
* Make sure you have the right SINIT module for your CPU and chipset.
* Turn on serial console logging, and attach a serial console (or use
Intel AMT).
* Check that your Launch Control Policy is either a) correct, or b)
nonexistent.
* Check that your kernel and tboot arguments are right -- in
particular, ap_wake_mwait.(Based on advice from the tboot README.)
Hope that helps...
Justin
Bauer, Ren wrote:
> Hey,
>
> I'm trying to do some work with flicker, and it's my understanding that this
> software requires tboot and a 32-bit non-PAE kernel, but I haven't been able
> to find any help on setting up tboot with a kernel that matches these
> requirements. (Additionally, I'd like to be able to use GRUB2 as I don't have
> any experience with GRUB)
>
> If anyone could point me to a kernel that fits these requirements and that
> could be set up relatively easily with tboot, I'd appreciate it.
>
> Currently I have the following set up:
>
> Lenovo W520
> Fedora 17 32-bit
> Custom built 32 bit kernel based on vmlinuz-3.5.4 with TXT options enabled
> and PAE disabled (I think) @/boot/vmlinuz-3.5.4-txt
> tboot 1.7.1 @/boot/tboot.gz
> 2nd_gen_i5_i7-SINIT_51 module @/SINIT_51.bin
>
> The following GRUB2 menu entry:
>
> menuentry 'Fedora 17 32-bit with tboot'{
> load_video
> set gfxpayload=keep
> insmod gzio
> insmod part_msdos
> insmod ext2
> set root='(hd0,msdos4)'
> if [ x$feature_platform_search_hint = xy ]; then
> search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos4
> --hint-efi=hd0,msdos4 --hint-baremetal=ahci0,msdos4 --hint='hd0,msd
> os4' f5b2de9b-74da-4ac9-8345-b99dde1b46a0
> else
> search --no-floppy --fs-uuid --set=root
> f5b2de9b-74da-4ac9-8345-b99dde1b46a0
> fi
> echo 'Loading tboot multiboot...'
> multiboot /boot/tboot.gz /boot/tboot.gz logging=vga,memory,serial
> echo 'Loading Fedora (3.5.4-txt)'
> module /boot/vmlinuz-3.5.4-txt/ boot/vmlinuz-3.5.4-txt
> root=UUID=f5b2de9b-74da-4ac9-8345-b99dde1b46a0 ro rd.md=0 rd.lvm=0 rd.dm=0 S
> YSFONT=True KEYTABLE=us rd.luks=0 LANG=en_US.UTF-8 rhgb
> echo 'Loading initial ramdisk ...'
> module /boot/initramfs-3.5.4-txt.img /boot/initramfs-3.5.4-txt.img
> echo 'Loading SINIT module...'
> module /SINIT_51.BIN /SINIT_51.BIN
> }
>
> (Most of this is taken from the functional menuentry that boots into Fedora
> 17 with the custom kernel without tboot)
>
> When I select this menu entry, the TBOOT setup seems to complete
> successfully, but after a bunch of [TBOOT] text flies by, the screen goes
> black for a second and the system loses power and reboots. My intuition is
> that when TBOOT tries to transfer control to the host OS, there is some
> failure that causes a crash, but there is no memory dump or kernel panic
> displayed on screen. If anybody could provide any insight into what's wrong
> with my setup, or point me towards a kernel/distro that might be easier to
> build, I'd appreciate it.
>
> PS when booting into the custom kernel without tboot, everything works except
> for Wi-Fi, as far as I can tell.
> I was also previously able to boot into a 64-bit linux mint distro with tboot
> and xen, but when I tried to use a 32-bit kernel/distro I got some kernel
> panic about not being able to establish the dom0 kernel. I read that linux
> kernels after ~2.35 could boot directly from tboot without xen, so I've been
> trying to leave it out since then, but I don't mind using it if I need to.
>
> Thanks in advance for any help,
>
> Ren
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://ad.doubleclick.net/clk;258768047;13503038;j?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> tboot-devel mailing list
> tboot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tboot-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
