Re: [tboot-devel] TBOOT ERRORCODE: 0xc00020a1

Fri, 31 May 2013 07:11:09 -0700 

Hi Jimmy,

Thanks for your help. It works now!

I delete these two redundant space chars and set the new policy. Now all
the verification succeed.

Thanks,
Hu Hong


On Fri, May 31, 2013 at 9:41 PM, Wei, Gang <gang....@intel.com> wrote:

> What you need to do is make sure that only one space char is used to
> separate the cmdline options for kernel in below cmdline. I can see there
> are 3 space chars between "ro" and "quiet".
>
> 2.  tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
>     --cmdline "intel_iommu=on
> root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220
> ro   quiet splash vt.handoff=7"
>     --image /boot/vmlinuz-3.5.0-31-generic
>     vl.pol
>
> I know you are using the exact same command line as what occurred in the
> grub file. But I observed that grub2 will remove redundent space chars
> automatically before pass the cmdline to tboot or kernel, so that the
> command tboot got was not exactly the same with grub config file.
>
> BTW, FYI, old grub(in rhel or old fedora) will keep the redundent space
> chars.
>
> Thanks
> Jimmy
>
>
> > -----Original Message-----
> > From: Hong Hu [mailto:huhong...@gmail.com]
> > Sent: Friday, May 31, 2013 9:13 PM
> > To: Wei, Gang
> > Cc: tboot-devel@lists.sourceforge.net
> > Subject: Re: [tboot-devel] TBOOT ERRORCODE: 0xc00020a1
> >
> > Hi Jimmy,
> >
> > Thanks for your reply.
> >
> > Here is the command I used to generate tb policy ;
> >
> > 1.  tb_polgen/tb_polgen --create --type nonfatal vl.pol
> > 2.  tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
> >     --cmdline "intel_iommu=on
> > root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 ro   quiet splash
> > vt.handoff=7"
> >     --image /boot/vmlinuz-3.5.0-31-generic
> >     vl.pol
> > 3.  tb_polgen/tb_polgen --add --num 1 --pcr 19 --hash image
> >     --cmdline ""
> >     --image /boot/initrd.img-3.5.0-31-generic
> >     vl.pol
> >
> > The corresponding grub entry is :
> >
> > menuentry 'tboot: Ubuntu, with Linux 3.5.0-31-generic' --class ubuntu
> --class
> > gnu-linux --class gnu --class os {
> >         recordfail
> >         gfxmode $linux_gfx_mode
> >         insmod gzio
> >         insmod part_msdos
> >         insmod ext2
> >         set root='(hd0,msdos2)'
> >         search --no-floppy --fs-uuid --set=root
> > dbc9c7e6-d3f0-4b6a-9017-d43f70f09220
> > echo 'HHHHHHHHHHHHHHHHHHH: Loading tboot ...'
> > multiboot /tboot.gz /tboot.gz logging=memory,vga,serial
> > echo 'HHHHHHHHHHHHHHHHHHH: Loading vmlinuz ....'
> >         module /boot/vmlinuz-3.5.0-31-generic
> > /boot/vmlinuz-3.5.0-31-generic intel_iommu=on
> > root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 ro   quiet splash
> > vt.handoff=7
> > echo 'HHHHHHHHHHHHHHHHHHH: Loading initrd.img ...'
> >         module  /boot/initrd.img-3.5.0-31-generic
> > /boot/initrd.img-3.5.0-31-generic
> > echo 'HHHHHHHHHHHHHHHHHHH: Loading ACM ...'
> > module /boot/3rd_gen_i5_i7_SINIT_51.BIN
> > echo 'HHHHHHHHHHHHHHHHHHH: Loading policy data ...'
> > module /list.data
> > }
> >
> > The log file is also attached.
> >
> > Thanks,
> > Hu Hong
> >
> >
> > On Fri, May 31, 2013 at 8:59 PM, Wei, Gang <gang....@intel.com> wrote:
> >
> >
> >       Hong Hu wrote on 2013-05-31:
> >
> >       > Hi Jimmy,
> >       >
> >       > Thanks for you help.
> >       >
> >       > Now I can almost successfully run tboot on X220 tablet. The only
> > problem
> >       > is the verification of module 0 (linux kernel in my case) which
> is
> >       > extended to PCR-18 failed.
> >       >
> >       > I followed instructions in docs/policy_v2.txt and
> lcptools/lcptools2.txt
> >       to create
> >       > the LCP and VLP. The only difference is the second step in
> creating VLP:
> >       >
> >       > The original version:
> >       >
> >       > 2.  tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
> > --cmdline
> >       "the
> >       > command line for xen from grub.conf" --image /boot/xen.gz vl.pol
> >       >
> >       > and I changed it to :
> >       >
> >       > 2.   tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
> > --cmdline
> >       > "intel_iommu=on root=UUID=XX(my uuid)XXX ro quiet splash
> > vt.handoff=7"
> >       > --image /boot/vmlinuz-3.5.0.-31=generic vl.pol
> >       >
> >       > since there is no xen in my case.
> >       >
> >       > The result of module verification is that the verification for
> PCR
> 18
> >       failed while
> >       > the verification for PCR 19 (initrd.img) successed.
> >       >
> >       > Is there any specific command to hash linux kernel other than
> xen?
> Any
> >       help will
> >       > be much  appreciated.
> >
> >
> >       Please send me me the exact command line you are using for generate
> the
> > tb
> >       policy, as well as the grub config file.
> >
> >       Jimmy
> >
> >
>
>

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to