Hi Jimmy, Thanks for your reply.
Here is the command I used to generate tb policy ;
1. tb_polgen/tb_polgen --create --type nonfatal vl.pol
2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
--cmdline "intel_iommu=on
root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 ro quiet splash
vt.handoff=7"
--image /boot/vmlinuz-3.5.0-31-generic
vl.pol
3. tb_polgen/tb_polgen --add --num 1 --pcr 19 --hash image
--cmdline ""
--image /boot/initrd.img-3.5.0-31-generic
vl.pol
The corresponding grub entry is :
menuentry 'tboot: Ubuntu, with Linux 3.5.0-31-generic' --class ubuntu
--class gnu-linux --class gnu --class os {
recordfail
gfxmode $linux_gfx_mode
insmod gzio
insmod part_msdos
insmod ext2
set root='(hd0,msdos2)'
search --no-floppy --fs-uuid --set=root
dbc9c7e6-d3f0-4b6a-9017-d43f70f09220
echo 'HHHHHHHHHHHHHHHHHHH: Loading tboot ...'
multiboot /tboot.gz /tboot.gz logging=memory,vga,serial
echo 'HHHHHHHHHHHHHHHHHHH: Loading vmlinuz ....'
module /boot/vmlinuz-3.5.0-31-generic
/boot/vmlinuz-3.5.0-31-generic intel_iommu=on
root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 ro quiet splash
vt.handoff=7
echo 'HHHHHHHHHHHHHHHHHHH: Loading initrd.img ...'
module /boot/initrd.img-3.5.0-31-generic
/boot/initrd.img-3.5.0-31-generic
echo 'HHHHHHHHHHHHHHHHHHH: Loading ACM ...'
module /boot/3rd_gen_i5_i7_SINIT_51.BIN
echo 'HHHHHHHHHHHHHHHHHHH: Loading policy data ...'
module /list.data
}
The log file is also attached.
Thanks,
Hu Hong
On Fri, May 31, 2013 at 8:59 PM, Wei, Gang <gang....@intel.com> wrote:
> Hong Hu wrote on 2013-05-31:
> > Hi Jimmy,
> >
> > Thanks for you help.
> >
> > Now I can almost successfully run tboot on X220 tablet. The only problem
> > is the verification of module 0 (linux kernel in my case) which is
> > extended to PCR-18 failed.
> >
> > I followed instructions in docs/policy_v2.txt and lcptools/lcptools2.txt
> to create
> > the LCP and VLP. The only difference is the second step in creating VLP:
> >
> > The original version:
> >
> > 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image --cmdline
> "the
> > command line for xen from grub.conf" --image /boot/xen.gz vl.pol
> >
> > and I changed it to :
> >
> > 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image --cmdline
> > "intel_iommu=on root=UUID=XX(my uuid)XXX ro quiet splash vt.handoff=7"
> > --image /boot/vmlinuz-3.5.0.-31=generic vl.pol
> >
> > since there is no xen in my case.
> >
> > The result of module verification is that the verification for PCR 18
> failed while
> > the verification for PCR 19 (initrd.img) successed.
> >
> > Is there any specific command to hash linux kernel other than xen? Any
> help will
> > be much appreciated.
>
> Please send me me the exact command line you are using for generate the tb
> policy, as well as the grub config file.
>
> Jimmy
>
txt-stat.result
Description: Binary data
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
