Charles Bushong wrote onĀ 2013-03-25: > Hi all, > > > I'm trying to get tboot up and running for my first time, and this list > has been a great help. However it seems I'm running into some problems > when actually validating the modules. I was hoping someone might have > some insight as to what I'm doing wrong. I'm using tboot 1.7.3 and > legacy grub if it makes a difference. > > > I get ownership and define the nvram indicies without much issue (finally). > Then I create and write the v1 policy with this: > > tb_polgen --create --type nonfatal vl_ver1.pol > tb_polgen --add --num 0 --pcr 18 --hash image --cmdline > "logging=vga,serial,memory loglvl=all" --image /boot/tboot.gz vl_ver1.pol > tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$kernel_cmdline" > --image /boot/vmlinuz-2.6.32-279.5.1.el6.x86_64 vl_ver1.pol > tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image > /boot/initramfs-2.6.32-279.5.1.el6.x86_64.img vl_ver1.pol > lcp_writepol -i 0x20000001 -f vl_ver1.pol -p $TPM_PASS > > > There are a few red flags that are sticking out to me. > > > 1) Does this post-GETSEC[SENTER] error code mean anything? > > TBOOT: TXT.ERRORCODE: 0xc0000001 > TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0
This just mean everything is ok, sinit executed successfully. > > > 2) Modules failing. TBOOT: verifying module " > /vmlinuz-2.6.32-279.5.1.el6.x86_64 (kernel command line)"... TBOOT: > verification failed TBOOT: verifying module against policy failed. > TBOOT: verifying module " /initramfs-2.6.32-279.5.1.el6.x86_64.img"... > TBOOT: verification failed TBOOT: verifying module against policy > failed. TBOOT: all modules are verified Please send the gruc.cfg & attach a serial port cable(or just use txt-stat if already booted up) to get an entire booting log for tboot and send it out. Jimmy > > > I can't figure out why it's reading the policy without issue, getting into > GETSEC[SENTER], and then still failing the policy check. Any help or points in > the right direction would be appreciated. Thanks! > > > -Charles
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
