Re: [tboot-devel] tpmnv_defindex establish physical presence

Tue, 27 Aug 2013 02:16:04 -0700 

Thanks for your reply and help!

Now I'm getting

$ parse_err
ERRORCODE: 0xc0001c41
AC module error : acm_type=0x1, progress=0x04, error=0x7

I have turned on TXT, fixed the presence issue, setup owner, with LCP,
0x2000001 with verified boot policy, and defined 0x20000002.

I then *removed* all of those indexes so 'tpm_nvinfo' is identical to what
I quoted above, and I still get the same error code

According to the 3rd_gen_i5_i7-SINIT_67 documentation (which is not correct
for this system - I'm using Haswell on an Intel S1200V3RPS), class 4 = TPM
and error=7 is "Invalid TPM NV index".

Maybe the Haswell SINIT error codes are completely different or maybe there
is an NV index that is wrong.   Do you know where I can find documentation
on ERRORCODE for Haswell?

The system won't boot using tboot now.  It will always reboot on
GETSEC[SENTER].

Alexander



On Tue, Aug 27, 2013 at 10:07 AM, Wei, Gang <gang....@intel.com> wrote:

> Yes, your tpm nvram was already locked. No way to unlock it. But it is
> just fine.****
>
> ** **
>
> To define the LCP policy “owner” index, you should install tpm-tools and
> execute “tpm_takeownership -z” first, then followed by “tpmnv_defindex -i
> owner -p <OWNERPWD>”.****
>
> ** **
>
> BTW, your booting with tboot failed because you didn’t enabled TXT in BIOS
> which is indicated by:****
>
> ** **
>
> TBOOT: ERR: SENTER disabled by feature control MSR (5)
> TBOOT: SMX not supported.
>
> ****
>
> Jimmy****
>
> ** **
>
> *From:* Alexander Kjeldaas [mailto:alexander.kjeld...@gmail.com]
> *Sent:* Friday, August 23, 2013 11:41 PM
> *To:* tboot-devel@lists.sourceforge.net
> *Subject:* [tboot-devel] tpmnv_defindex establish physical presence****
>
> ** **
>
> I'm having the following issue on a Intel server board (Haswell):
> S1200V3RPS ****
>
> tboot seems to indicate that nvram is locked.****
>
> Is my nvram locked?  How is it unlocked?  How do I establish physical
> presence, there is nothing in the BIOS except TPM ON/OFF.****
>
> $ tpmnv_defindex -i owner
> Haven't input permission value, use default value 0x2
> Haven't input data size, use default value 54
> *Tspi_NV_DefineSpace failed failed: Bad physical presence value (0x082d)*
>
> $ tpm_nvinfo
> NVRAM index   : 0x10000001 (268435457)
> PCR read  selection:
>  Localities   : ALL
> PCR write selection:
>  Localities   : ALL
> Permissions   : 0x00001002 (WRITEALL|OWNERWRITE)
> bReadSTClear  : FALSE
> bWriteSTClear : FALSE
> bWriteDefine  : FALSE
> Size          : 20 (0x14)
>
> NVRAM index   : 0x1000f000 (268496896)
> PCR read  selection:
>  Localities   : ALL
> PCR write selection:
>  Localities   : ALL
> Permissions   : 0x00020002 (OWNERREAD|OWNERWRITE)
> bReadSTClear  : FALSE
> bWriteSTClear : FALSE
> bWriteDefine  : FALSE
> Size          : 1129 (0x469)
>
> NVRAM index   : 0x50000003 (1342177283)
> PCR read  selection:
>  Localities   : ALL
> PCR write selection:
>  Localities   : 0x18
> Permissions   : 0x00000000 ()
> bReadSTClear  : FALSE
> bWriteSTClear : FALSE
> bWriteDefine  : FALSE
> Size          : 96 (0x60)
>
> NVRAM index   : 0x50000001 (1342177281)
> PCR read  selection:
>  Localities   : ALL
> PCR write selection:
>  Localities   : ALL
> Permissions   : 0x00002000 (WRITEDEFINE)
> bReadSTClear  : FALSE
> bWriteSTClear : FALSE
> bWriteDefine  : TRUE
> Size          : 54 (0x36)
>
>
> $ txt-stat
> Intel(r) TXT Configuration Registers:
>         STS: 0x00000002
>             senter_done: FALSE
>             sexit_done: TRUE
>             mem_config_lock: FALSE
>             private_open: FALSE
>             locality_1_open: FALSE
>             locality_2_open: FALSE
>         ESTS: 0x00
>             txt_reset: FALSE
>         E2STS: 0x0000000000000004
>             secrets: FALSE
>         ERRORCODE: 0x00000000
>         DIDVID: 0x00000001b0028086
>             vendor_id: 0x8086
>             device_id: 0xb002
>             revision_id: 0x1
>         FSBIF: 0xffffffffffffffff
>         QPIIF: 0x000000009d003000
>         SINIT.BASE: 0x00000000
>         SINIT.SIZE: 0B (0x0)
>         HEAP.BASE: 0x00000000
>         HEAP.SIZE: 0B (0x0)
>         DPR: 0x0000000000000000
>             lock: FALSE
>             top: 0x00000000
>             size: 0MB (0B)
>         PUBLIC.KEY:
>             ...
>
> ***********************************************************
>          TXT measured launch: FALSE
>          secrets flag set: FALSE
> ***********************************************************
> TBOOT log:
>          max_size=7fe8
>          curr_pos=abd
>          buf:
> TBOOT: ******************* TBOOT *******************
> TBOOT:    2013-07-05 12:00 +0800 1.7.4
> TBOOT: *********************************************
> TBOOT: command line: logging=serial,vga,memory
> TBOOT: BSP is cpu 0
> TBOOT: original e820 map:
> TBOOT:  0000000000000000 - 000000000009bc00  (1)
> TBOOT:  000000000009bc00 - 00000000000a0000  (2)
> TBOOT:  00000000000e0000 - 0000000000100000  (2)
> TBOOT:  0000000000100000 - 000000009e828000  (1)
> TBOOT:  000000009e828000 - 00000000ae8a9000  (4)
> TBOOT:  00000000ae8a9000 - 00000000b21c8000  (1)
> TBOOT:  00000000b21c8000 - 00000000b4d2f000  (2)
> TBOOT:  00000000b4d2f000 - 00000000b4f2f000  (4)
> TBOOT:  00000000b4f2f000 - 00000000b4ff0000  (3)
> TBOOT:  00000000b4ff0000 - 00000000b5000000  (1)
> TBOOT:  00000000b5000000 - 00000000c0000000  (2)
> TBOOT:  00000000f8000000 - 00000000fc000000  (2)
> TBOOT:  00000000fec00000 - 00000000fec01000  (2)
> TBOOT:  00000000fed19000 - 00000000fed1a000  (2)
> TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
> TBOOT:  00000000fee00000 - 00000000fee01000  (2)
> TBOOT:  00000000ff400000 - 0000000100000000  (2)
> TBOOT:  0000000100000000 - 0000000440000000  (1)
> TBOOT: TPM is ready
> *TBOOT: TPM nv_locked: TRUE
> *TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
> TBOOT: Wrong timeout B, fallback to 2000
> TBOOT: reading Verified Launch Policy from TPM NV...
> TBOOT: TPM: get capability, return value = 00000002
> TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
> TBOOT:  :reading failed
> TBOOT: reading Launch Control Policy from TPM NV...
> TBOOT: TPM: get capability, return value = 00000002
> TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
> TBOOT:  :reading failed
> TBOOT: failed to read policy from TPM NV, using default
> TBOOT: policy:
> TBOOT:   version: 2
> TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
> TBOOT:   hash_alg: TB_HALG_SHA1
> TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
> TBOOT:   num_entries: 2
> TBOOT:   policy entry[0]:
> TBOOT:           mod_num: 0
> TBOOT:           pcr: none
> TBOOT:           hash_type: TB_HTYPE_ANY
> TBOOT:           num_hashes: 0
> TBOOT:   policy entry[1]:
> TBOOT:           mod_num: any
> TBOOT:           pcr: 19
> TBOOT:           hash_type: TB_HTYPE_ANY
> TBOOT:           num_hashes: 0
> TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return =
> 00000002
> TBOOT: Error: write TPM error: 0x2.
> TBOOT: no policy in TPM NV.
> TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
> TBOOT: CPU is SMX-capable
> TBOOT: ERR: SENTER disabled by feature control MSR (5)
> TBOOT: SMX not supported.
> TBOOT: no LCP module found
> TBOOT: Error: ELF magic number is not matched.
> TBOOT: assuming kernel is Linux format
> TBOOT: Initrd from 0x7f06d000 to 0x7ffff800
> TBOOT: Kernel (protected mode) from 0x1000000 to 0x1316860
> TBOOT: Kernel (real mode) from 0x90000 to 0x94200
> TBOOT: transfering control to kernel @0x1000000...****
>
> Alexander****
>

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to