It would be helpful to get a system with serial port to try tboot and capture the serial log for two continuous booting while the later booting will contain some error code from SINIT for why it reset the platform.
Otherwise, it also will help to add option "vga_delay=5" to tboot cmdline,
to get a slowdown print speed on the display screen, and it would be helpful
to record the error code like below:
TBOOT: TXT.ERRORCODE: 0x0
Jimmy
Justin King-Lacroix wrote onĀ 2012-09-24:
> Hi Ren,
>
> Flicker doesn't require tboot; in fact, they can't be used together. If
> you try doing a Flicker launch from a kernel that's been booted with
> tboot, the launch will fail.
> Flicker and tboot are, however, based on the same technology: Intel
> Trusted Execution Technology.
>
> The upshot: if you want to experiment with Flicker, stop here and give
> up with tboot. If you're nonetheless still interested in getting tboot
> working, read on.
>
> Setting up tboot with a 32-bit non-PAE kernel is the same as for any
> other kernel -- tboot doesn't care which paging mode your kernel prefers.
> Your GRUB2 configuration looks reasonable, except for a probably
> irrelevant typo (missing '/') on the "module /boot/vmlinuz..." line.
> The failure you're getting is a TXT-shutdown. Unfortunately, that can be
> caused by absolutely any failure at all in the TXT late-launch process.
> The only clue left behind is the contents of the TXT error code
> register. The Intel MLE Developer's Guide tells you where that is, and
> contains the table you need to decode it.
> Things to try:
> * Hard power-cycle the machine. Some TXT failure conditions cause the
> hardware to refuse to try any more TXT invocations until this happens.
> * Read the tboot README. (It's the only documentation you've got, and
> it's not bad.)
> * Make sure you have the right SINIT module for your CPU and chipset.
> * Turn on serial console logging, and attach a serial console (or use
> Intel AMT). * Check that your Launch Control Policy is either a)
> correct, or b) nonexistent. * Check that your kernel and tboot
> arguments are right -- in
> particular, ap_wake_mwait.(Based on advice from the tboot README.)
>
> Hope that helps...
>
> Justin
>
>
> Bauer, Ren wrote:
>> Hey,
>>
>> I'm trying to do some work with flicker, and it's my understanding that
this
> software requires tboot and a 32-bit non-PAE kernel, but I haven't been
able to
> find any help on setting up tboot with a kernel that matches these
> requirements. (Additionally, I'd like to be able to use GRUB2 as I don't
have any
> experience with GRUB)
>>
>> If anyone could point me to a kernel that fits these requirements and
>> that could be set up relatively easily with tboot, I'd appreciate it.
>>
>> Currently I have the following set up:
>>
>> Lenovo W520 Fedora 17 32-bit Custom built 32 bit kernel based on
>> vmlinuz-3.5.4 with TXT options enabled and PAE disabled (I think)
>> @/boot/vmlinuz-3.5.4-txt tboot 1.7.1 @/boot/tboot.gz
>> 2nd_gen_i5_i7-SINIT_51 module @/SINIT_51.bin
>>
>> The following GRUB2 menu entry:
>>
>> menuentry 'Fedora 17 32-bit with tboot'{
>> load_video
>> set gfxpayload=keep
>> insmod gzio
>> insmod part_msdos
>> insmod ext2
>> set root='(hd0,msdos4)'
>> if [ x$feature_platform_search_hint = xy ]; then
>> search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos4
> --hint-efi=hd0,msdos4 --hint-baremetal=ahci0,msdos4 --hint='hd0,msd
>> os4' f5b2de9b-74da-4ac9-8345-b99dde1b46a0
>> else
>> search --no-floppy --fs-uuid --set=root
> f5b2de9b-74da-4ac9-8345-b99dde1b46a0
>> fi echo 'Loading tboot multiboot...' multiboot /boot/tboot.gz
>> /boot/tboot.gz logging=vga,memory,serial echo 'Loading Fedora
>> (3.5.4-txt)' module /boot/vmlinuz-3.5.4-txt/
>> boot/vmlinuz-3.5.4-txt
> root=UUID=f5b2de9b-74da-4ac9-8345-b99dde1b46a0 ro rd.md=0 rd.lvm=0
> rd.dm=0 S
>> YSFONT=True KEYTABLE=us rd.luks=0 LANG=en_US.UTF-8 rhgb
>> echo 'Loading initial ramdisk ...' module
>> /boot/initramfs-3.5.4-txt.img /boot/initramfs-3.5.4-txt.img
>> echo 'Loading SINIT module...' module /SINIT_51.BIN
>> /SINIT_51.BIN
>> }
>>
>> (Most of this is taken from the functional menuentry that boots into
>> Fedora 17 with the custom kernel without tboot)
>>
>> When I select this menu entry, the TBOOT setup seems to complete
> successfully, but after a bunch of [TBOOT] text flies by, the screen goes
black
> for a second and the system loses power and reboots. My intuition is that
when
> TBOOT tries to transfer control to the host OS, there is some failure that
> causes a crash, but there is no memory dump or kernel panic displayed on
> screen. If anybody could provide any insight into what's wrong with my
setup,
> or point me towards a kernel/distro that might be easier to build, I'd
appreciate
> it.
>>
>> PS when booting into the custom kernel without tboot, everything works
>> except for Wi-Fi, as far as I can tell. I was also previously able to
>> boot into a 64-bit linux mint distro with tboot and
> xen, but when I tried to use a 32-bit kernel/distro I got some kernel
panic about
> not being able to establish the dom0 kernel. I read that linux kernels
after
> ~2.35 could boot directly from tboot without xen, so I've been trying to
leave it
> out since then, but I don't mind using it if I need to.
>>
>> Thanks in advance for any help,
>>
>> Ren
>>
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
