Yes, your tpm nvram was already locked. No way to unlock it. But it is just fine.
To define the LCP policy “owner” index, you should install tpm-tools and execute “tpm_takeownership -z” first, then followed by “tpmnv_defindex -i owner -p <OWNERPWD>”. BTW, your booting with tboot failed because you didn’t enabled TXT in BIOS which is indicated by: TBOOT: ERR: SENTER disabled by feature control MSR (5) TBOOT: SMX not supported. Jimmy From: Alexander Kjeldaas [mailto:alexander.kjeld...@gmail.com] Sent: Friday, August 23, 2013 11:41 PM To: tboot-devel@lists.sourceforge.net Subject: [tboot-devel] tpmnv_defindex establish physical presence I'm having the following issue on a Intel server board (Haswell): S1200V3RPS tboot seems to indicate that nvram is locked. Is my nvram locked? How is it unlocked? How do I establish physical presence, there is nothing in the BIOS except TPM ON/OFF. $ tpmnv_defindex -i owner Haven't input permission value, use default value 0x2 Haven't input data size, use default value 54 Tspi_NV_DefineSpace failed failed: Bad physical presence value (0x082d) $ tpm_nvinfo NVRAM index : 0x10000001 (268435457) PCR read selection: Localities : ALL PCR write selection: Localities : ALL Permissions : 0x00001002 (WRITEALL|OWNERWRITE) bReadSTClear : FALSE bWriteSTClear : FALSE bWriteDefine : FALSE Size : 20 (0x14) NVRAM index : 0x1000f000 (268496896) PCR read selection: Localities : ALL PCR write selection: Localities : ALL Permissions : 0x00020002 (OWNERREAD|OWNERWRITE) bReadSTClear : FALSE bWriteSTClear : FALSE bWriteDefine : FALSE Size : 1129 (0x469) NVRAM index : 0x50000003 (1342177283) PCR read selection: Localities : ALL PCR write selection: Localities : 0x18 Permissions : 0x00000000 () bReadSTClear : FALSE bWriteSTClear : FALSE bWriteDefine : FALSE Size : 96 (0x60) NVRAM index : 0x50000001 (1342177281) PCR read selection: Localities : ALL PCR write selection: Localities : ALL Permissions : 0x00002000 (WRITEDEFINE) bReadSTClear : FALSE bWriteSTClear : FALSE bWriteDefine : TRUE Size : 54 (0x36) $ txt-stat Intel(r) TXT Configuration Registers: STS: 0x00000002 senter_done: FALSE sexit_done: TRUE mem_config_lock: FALSE private_open: FALSE locality_1_open: FALSE locality_2_open: FALSE ESTS: 0x00 txt_reset: FALSE E2STS: 0x0000000000000004 secrets: FALSE ERRORCODE: 0x00000000 DIDVID: 0x00000001b0028086 vendor_id: 0x8086 device_id: 0xb002 revision_id: 0x1 FSBIF: 0xffffffffffffffff QPIIF: 0x000000009d003000 SINIT.BASE: 0x00000000 SINIT.SIZE: 0B (0x0) HEAP.BASE: 0x00000000 HEAP.SIZE: 0B (0x0) DPR: 0x0000000000000000 lock: FALSE top: 0x00000000 size: 0MB (0B) PUBLIC.KEY: ... *********************************************************** TXT measured launch: FALSE secrets flag set: FALSE *********************************************************** TBOOT log: max_size=7fe8 curr_pos=abd buf: TBOOT: ******************* TBOOT ******************* TBOOT: 2013-07-05 12:00 +0800 1.7.4 TBOOT: ********************************************* TBOOT: command line: logging=serial,vga,memory TBOOT: BSP is cpu 0 TBOOT: original e820 map: TBOOT: 0000000000000000 - 000000000009bc00 (1) TBOOT: 000000000009bc00 - 00000000000a0000 (2) TBOOT: 00000000000e0000 - 0000000000100000 (2) TBOOT: 0000000000100000 - 000000009e828000 (1) TBOOT: 000000009e828000 - 00000000ae8a9000 (4) TBOOT: 00000000ae8a9000 - 00000000b21c8000 (1) TBOOT: 00000000b21c8000 - 00000000b4d2f000 (2) TBOOT: 00000000b4d2f000 - 00000000b4f2f000 (4) TBOOT: 00000000b4f2f000 - 00000000b4ff0000 (3) TBOOT: 00000000b4ff0000 - 00000000b5000000 (1) TBOOT: 00000000b5000000 - 00000000c0000000 (2) TBOOT: 00000000f8000000 - 00000000fc000000 (2) TBOOT: 00000000fec00000 - 00000000fec01000 (2) TBOOT: 00000000fed19000 - 00000000fed1a000 (2) TBOOT: 00000000fed1c000 - 00000000fed20000 (2) TBOOT: 00000000fee00000 - 00000000fee01000 (2) TBOOT: 00000000ff400000 - 0000000100000000 (2) TBOOT: 0000000100000000 - 0000000440000000 (1) TBOOT: TPM is ready TBOOT: TPM nv_locked: TRUE TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 TBOOT: Wrong timeout B, fallback to 2000 TBOOT: reading Verified Launch Policy from TPM NV... TBOOT: TPM: get capability, return value = 00000002 TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV TBOOT: :reading failed TBOOT: reading Launch Control Policy from TPM NV... TBOOT: TPM: get capability, return value = 00000002 TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV TBOOT: :reading failed TBOOT: failed to read policy from TPM NV, using default TBOOT: policy: TBOOT: version: 2 TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL TBOOT: hash_alg: TB_HALG_SHA1 TBOOT: policy_control: 00000001 (EXTEND_PCR17) TBOOT: num_entries: 2 TBOOT: policy entry[0]: TBOOT: mod_num: 0 TBOOT: pcr: none TBOOT: hash_type: TB_HTYPE_ANY TBOOT: num_hashes: 0 TBOOT: policy entry[1]: TBOOT: mod_num: any TBOOT: pcr: 19 TBOOT: hash_type: TB_HTYPE_ANY TBOOT: num_hashes: 0 TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002 TBOOT: Error: write TPM error: 0x2. TBOOT: no policy in TPM NV. TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005 TBOOT: CPU is SMX-capable TBOOT: ERR: SENTER disabled by feature control MSR (5) TBOOT: SMX not supported. TBOOT: no LCP module found TBOOT: Error: ELF magic number is not matched. TBOOT: assuming kernel is Linux format TBOOT: Initrd from 0x7f06d000 to 0x7ffff800 TBOOT: Kernel (protected mode) from 0x1000000 to 0x1316860 TBOOT: Kernel (real mode) from 0x90000 to 0x94200 TBOOT: transfering control to kernel @0x1000000... Alexander
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
