Pleasure to help, keep enjoying it. Jimmy
> -----Original Message----- > From: Hong Hu [mailto:huhong...@gmail.com] > Sent: Friday, May 31, 2013 10:10 PM > To: Wei, Gang > Cc: tboot-devel@lists.sourceforge.net > Subject: Re: [tboot-devel] TBOOT ERRORCODE: 0xc00020a1 > > Hi Jimmy, > > Thanks for your help. It works now! > > I delete these two redundant space chars and set the new policy. Now all the > verification succeed. > > Thanks, > Hu Hong > > > On Fri, May 31, 2013 at 9:41 PM, Wei, Gang <gang....@intel.com> wrote: > > > What you need to do is make sure that only one space char is used to > separate the cmdline options for kernel in below cmdline. I can see there > are 3 space chars between "ro" and "quiet". > > > 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image > --cmdline "intel_iommu=on > root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 > ro quiet splash vt.handoff=7" > --image /boot/vmlinuz-3.5.0-31-generic > vl.pol > > > I know you are using the exact same command line as what occurred in > the > grub file. But I observed that grub2 will remove redundent space chars > automatically before pass the cmdline to tboot or kernel, so that the > command tboot got was not exactly the same with grub config file. > > BTW, FYI, old grub(in rhel or old fedora) will keep the redundent space > chars. > > Thanks > > Jimmy > > > > -----Original Message----- > > From: Hong Hu [mailto:huhong...@gmail.com] > > > Sent: Friday, May 31, 2013 9:13 PM > > To: Wei, Gang > > Cc: tboot-devel@lists.sourceforge.net > > Subject: Re: [tboot-devel] TBOOT ERRORCODE: 0xc00020a1 > > > > > Hi Jimmy, > > > > Thanks for your reply. > > > > Here is the command I used to generate tb policy ; > > > > 1. tb_polgen/tb_polgen --create --type nonfatal vl.pol > > 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image > > --cmdline "intel_iommu=on > > root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 ro quiet splash > > vt.handoff=7" > > --image /boot/vmlinuz-3.5.0-31-generic > > vl.pol > > 3. tb_polgen/tb_polgen --add --num 1 --pcr 19 --hash image > > --cmdline "" > > --image /boot/initrd.img-3.5.0-31-generic > > vl.pol > > > > The corresponding grub entry is : > > > > menuentry 'tboot: Ubuntu, with Linux 3.5.0-31-generic' --class ubuntu > --class > > gnu-linux --class gnu --class os { > > recordfail > > gfxmode $linux_gfx_mode > > insmod gzio > > insmod part_msdos > > insmod ext2 > > set root='(hd0,msdos2)' > > search --no-floppy --fs-uuid --set=root > > dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 > > echo 'HHHHHHHHHHHHHHHHHHH: Loading tboot ...' > > multiboot /tboot.gz /tboot.gz logging=memory,vga,serial > > echo 'HHHHHHHHHHHHHHHHHHH: Loading vmlinuz ....' > > module /boot/vmlinuz-3.5.0-31-generic > > /boot/vmlinuz-3.5.0-31-generic intel_iommu=on > > root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 ro quiet splash > > vt.handoff=7 > > echo 'HHHHHHHHHHHHHHHHHHH: Loading initrd.img ...' > > module /boot/initrd.img-3.5.0-31-generic > > /boot/initrd.img-3.5.0-31-generic > > echo 'HHHHHHHHHHHHHHHHHHH: Loading ACM ...' > > module /boot/3rd_gen_i5_i7_SINIT_51.BIN > > echo 'HHHHHHHHHHHHHHHHHHH: Loading policy data ...' > > module /list.data > > } > > > > The log file is also attached. > > > > Thanks, > > Hu Hong > > > > > > On Fri, May 31, 2013 at 8:59 PM, Wei, Gang <gang....@intel.com> > wrote: > > > > > > Hong Hu wrote on 2013-05-31: > > > > > Hi Jimmy, > > > > > > Thanks for you help. > > > > > > Now I can almost successfully run tboot on X220 tablet. The > only > > problem > > > is the verification of module 0 (linux kernel in my case) which is > > > extended to PCR-18 failed. > > > > > > I followed instructions in docs/policy_v2.txt and > lcptools/lcptools2.txt > > to create > > > the LCP and VLP. The only difference is the second step in > creating VLP: > > > > > > The original version: > > > > > > 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash > image > > --cmdline > > "the > > > command line for xen from grub.conf" --image /boot/xen.gz > vl.pol > > > > > > and I changed it to : > > > > > > 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash > image > > --cmdline > > > "intel_iommu=on root=UUID=XX(my uuid)XXX ro quiet splash > > vt.handoff=7" > > > --image /boot/vmlinuz-3.5.0.-31=generic vl.pol > > > > > > since there is no xen in my case. > > > > > > The result of module verification is that the verification for PCR > 18 > > failed while > > > the verification for PCR 19 (initrd.img) successed. > > > > > > Is there any specific command to hash linux kernel other than > xen? > Any > > help will > > > be much appreciated. > > > > > > Please send me me the exact command line you are using for > generate > the > > tb > > policy, as well as the grub config file. > > > > Jimmy > > > > > > >
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
