Hi Ross,
Sorry for the delay, got an issue with my email server ...
thanks for your hint.
Agree, basically I have the same indexes. Even one more ...
# tpmnv_getcap
The response data is:
10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01
4 indices have been defined
list of indices for defined NV storage areas:
0x10000001 0x1000f000 0x50000003 0x50000001
Guess those are created already by the BIOS when enabling the TPM.
Do you know further details on how to debug tboot in order to find the missing
(?) index?
Thanks a lot,
Dieter
-----Ursprüngliche Nachricht-----
Von: Ross Philipson [mailto:ross.philip...@citrix.com]
Gesendet: Montag, 28. April 2014 20:38
An: dknueppel; tboot-devel@lists.sourceforge.net
Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41
On 04/26/2014 02:09 AM, dknueppel wrote:
> Hi,
>
> I'm getting txt error code 0xc0001c41 with rebooting the system afterwards.
>
> Mainboard Intel S1200RPL
> CPU XEON E3-1265L
> TPM AXXTPME5
> Boot BIOS (i.e. no EFI, EFI boot shows identical behavior)
> Distribution Ubuntu 14.04 w/ tboot 1.8
> SINIT 4th_gen_i5_i7_SINIT_75.BIN
>
> Attached below how the TPM is set up and the tboot dump.
>
> I don't have any clue why I'm still getting the error.
> According to SINIT_Errors.pdf error indicates "Invalid TPM NV index"
You may be missing some NV indexes that the OEM is supposed to put there. For
example on my Dell 6430 where I am using the TXT/TPM I have:
# tpmnv_getcap
The response data is:
10 00 00 01 50 00 00 01 50 00 00 03
3 indices have been defined
list of indices for defined NV storage areas:
0x10000001 0x50000001 0x50000003
The second two need to be there - the are LCP related indexes
(0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are supposed to
be create by the OEM then locked in NV RAM to prevent removal.
>
> Help pretty much appreciated.
>
> Thanks,
> Dieter
>
>
> + tpm_takeownership -z
> Enter owner password:
> Confirm password:
> + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password
> Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b)
>
> Command DefIndex failed:
> TSS API failed
> + tpmnv_defindex -i owner -s 0x36 -p password
> Haven't input permission value, use default value 0x2
>
> Successfully defined index 0x40000001 as permission 0x2, data size is 54
> + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password
>
> Successfully defined index 0x20000001 as permission 0x2, data size is 512
> + rm -r tmp
> + mkdir tmp
> + cd tmp
> + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz
> + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out
> tboot_mle.elt tboot_hash
> + lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt
> + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol --data
> owner_list.data list_unsig.lst
> + lcp_writepol -i owner -f owner_list.pol -p password
>
> Successfully write policy into index 0x40000001
> + cp owner_list.data /boot
> + tb_polgen --create --type nonfatal tcb.pol
> + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline
> 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image
> /boot/vmlinuz-3.13.0-24-generic tcb.pol
> + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image
> /boot/initrd.img-3.13.0-24-generic tcb.pol
> + lcp_writepol -i 0x20000001 -f tcb.pol -p password
>
> Successfully write policy into index 0x20000001
>
>
>
>
> TBOOT: ******************* TBOOT *******************
> TBOOT: 2014-01-30 12:00 +0800 1.8.0
> TBOOT: *********************************************
> TBOOT: command line: logging=serial,vga,memory
> TBOOT: BSP is cpu 0
> TBOOT: original e820 map:
> TBOOT: 0000000000000000 - 000000000009bc00 (1)
> TBOOT: 000000000009bc00 - 00000000000a0000 (2)
> TBOOT: 00000000000e0000 - 0000000000100000 (2)
> TBOOT: 0000000000100000 - 00000000bbdc7000 (1)
> TBOOT: 00000000bbdc7000 - 00000000be782000 (2)
> TBOOT: 00000000be782000 - 00000000be788000 (4)
> TBOOT: 00000000be788000 - 00000000be8be000 (2)
> TBOOT: 00000000be8be000 - 00000000be8c2000 (4)
> TBOOT: 00000000be8c2000 - 00000000be8e3000 (2)
> TBOOT: 00000000be8e3000 - 00000000be8e4000 (4)
> TBOOT: 00000000be8e4000 - 00000000be905000 (2)
> TBOOT: 00000000be905000 - 00000000be915000 (4)
> TBOOT: 00000000be915000 - 00000000be925000 (2)
> TBOOT: 00000000be925000 - 00000000beb2f000 (4)
> TBOOT: 00000000beb2f000 - 00000000bebf0000 (3)
> TBOOT: 00000000bebf0000 - 00000000bec00000 (1)
> TBOOT: 00000000bec00000 - 00000000c0000000 (2)
> TBOOT: 00000000f8000000 - 00000000fc000000 (2)
> TBOOT: 00000000fec00000 - 00000000fec01000 (2)
> TBOOT: 00000000fed19000 - 00000000fed1a000 (2)
> TBOOT: 00000000fed1c000 - 00000000fed20000 (2)
> TBOOT: 00000000fee00000 - 00000000fee01000 (2)
> TBOOT: 00000000ff400000 - 0000000100000000 (2)
> TBOOT: 0000000100000000 - 0000000440000000 (1)
> TBOOT: TPM: TPM Family 0x3
> TBOOT: TPM is ready
> TBOOT: TPM nv_locked: TRUE
> TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
> TBOOT: Wrong timeout B, fallback to 2000
> TBOOT: Wrong timeout C, fallback to 75000
> TBOOT: reading Verified Launch Policy from TPM NV...
> TBOOT: :512 bytes read
> TBOOT: policy:
> TBOOT: version: 2
> TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
> TBOOT: hash_alg: TB_HALG_SHA1
> TBOOT: policy_control: 00000001 (EXTEND_PCR17)
> TBOOT: num_entries: 2
> TBOOT: policy entry[0]:
> TBOOT: mod_num: 0
> TBOOT: pcr: 18
> TBOOT: hash_type: TB_HTYPE_IMAGE
> TBOOT: num_hashes: 1
> TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 f6
> 46 51 ca da
> TBOOT: policy entry[1]:
> TBOOT: mod_num: 1
> TBOOT: pcr: 19
> TBOOT: hash_type: TB_HTYPE_IMAGE
> TBOOT: num_hashes: 1
> TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 8f
> 74 18 0f 60
> TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
> TBOOT: CPU is SMX-capable
> TBOOT: CPU is VMX-capable
> TBOOT: SMX is enabled
> TBOOT: TXT chipset and all needed capabilities present
> TBOOT: TXT.ERRORCODE: 0xc0001c41
> TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7
> TBOOT: TXT.ESTS: 0x0
> TBOOT: TXT.E2STS: 0xc
> TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
> TBOOT: CPU is SMX-capable
> TBOOT: CPU is VMX-capable
> TBOOT: SMX is enabled
> TBOOT: TXT chipset and all needed capabilities present
> TBOOT: TXT.HEAP.BASE: 0xbef20000
> TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
> TBOOT: bios_data (@0xbef20008, 0x56):
> TBOOT: version: 4
> TBOOT: bios_sinit_size: 0xce40 (52800)
> TBOOT: lcp_pd_base: 0x0
> TBOOT: lcp_pd_size: 0x0 (0)
> TBOOT: num_logical_procs: 8
> TBOOT: flags: 0x00000000
> TBOOT: ext_data_elts[]:
> TBOOT: BIOS_SPEC_VER:
> TBOOT: major: 0x2
> TBOOT: minor: 0x1
> TBOOT: rev: 0x0
> TBOOT: ACM:
> TBOOT: num_acms: 1
> TBOOT: acm_addrs[0]: 0xfff7d000
> TBOOT: CR0 and EFLAGS OK
> TBOOT: supports preserving machine check errors
> TBOOT: CPU is ready for SENTER
> TBOOT: checking previous errors on the last boot.
> last boot has error.
> TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this
> platform...
> TBOOT: chipset production fused: 1
> TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1
> TBOOT: processor family/model/stepping: 0x306c3
> TBOOT: platform id: 0x4000000000000
> TBOOT: 1 ACM chipset id entries:
> TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1,
> extended: 0x0
> TBOOT: 3 ACM processor id entries:
> TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0,
> platform_mask: 0x0
> TBOOT: SINIT matches platform
> TBOOT: TXT.SINIT.BASE: 0xbef00000
> TBOOT: TXT.SINIT.SIZE: 0x20000 (131072)
> TBOOT: BIOS has already loaded an SINIT module
> TBOOT: 1 ACM chipset id entries:
> TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1,
> extended: 0x0
> TBOOT: 3 ACM processor id entries:
> TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0,
> platform_mask: 0x0
> TBOOT: BIOS-provided SINIT is older: date=20130612
> TBOOT: copied SINIT (size=ce40) to 0xbef00000
> TBOOT: AC mod base alignment OK
> TBOOT: AC mod size OK
> TBOOT: AC module header dump for SINIT:
> TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
> TBOOT: subtype: 0x0
> TBOOT: length: 0xa1 (161)
> TBOOT: version: 0
> TBOOT: chipset_id: 0xb002
> TBOOT: flags: 0x0
> TBOOT: pre_production: 0
> TBOOT: debug_signed: 0
> TBOOT: vendor: 0x8086
> TBOOT: date: 0x20130712
> TBOOT: size*4: 0xce40 (52800)
> TBOOT: code_control: 0x0
> TBOOT: entry point: 0x00000008:000062dc
> TBOOT: scratch_size: 0x8f (143)
> TBOOT: info_table:
> TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
> {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
> TBOOT: ACM_UUID_V3
> TBOOT: chipset_acm_type: 0x1 (SINIT)
> TBOOT: version: 4
> TBOOT: length: 0x2c (44)
> TBOOT: chipset_id_list: 0x4ec
> TBOOT: os_sinit_data_ver: 0x6
> TBOOT: min_mle_hdr_ver: 0x00020000
> TBOOT: capabilities: 0x0000002e
> TBOOT: rlp_wake_getsec: 0
> TBOOT: rlp_wake_monitor: 1
> TBOOT: ecx_pgtbl: 1
> TBOOT: stm: 1
> TBOOT: pcr_map_no_legacy: 0
> TBOOT: pcr_map_da: 1
> TBOOT: platform_type: 0
> TBOOT: max_phy_addr: 0
> TBOOT: acm_ver: 75
> TBOOT: chipset list:
> TBOOT: count: 1
> TBOOT: entry 0:
> TBOOT: flags: 0x1
> TBOOT: vendor_id: 0x8086
> TBOOT: device_id: 0xb002
> TBOOT: revision_id: 0x1
> TBOOT: extended_id: 0x0
> TBOOT: processor list:
> TBOOT: count: 3
> TBOOT: entry 0:
> TBOOT: fms: 0x306c0
> TBOOT: fms_mask: 0xfff3ff0
> TBOOT: platform_id: 0x0
> TBOOT: platform_mask: 0x0
> TBOOT: entry 1:
> TBOOT: fms: 0x40660
> TBOOT: fms_mask: 0xfff3ff0
> TBOOT: platform_id: 0x0
> TBOOT: platform_mask: 0x0
> TBOOT: entry 2:
> TBOOT: fms: 0x40650
> TBOOT: fms_mask: 0xfff3ff0
> TBOOT: platform_id: 0x0
> TBOOT: platform_mask: 0x0
> TBOOT: file addresses:
> TBOOT: &_start=0x804000
> TBOOT: &_end=0xac6460
> TBOOT: &_mle_start=0x804000
> TBOOT: &_mle_end=0x834000
> TBOOT: &_post_launch_entry=0x804010
> TBOOT: &_txt_wakeup=0x8041f0
> TBOOT: &g_mle_hdr=0x81b5a0
> TBOOT: MLE header:
> TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
> {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
> TBOOT: length=34
> TBOOT: version=00020001
> TBOOT: entry_point=00000010
> TBOOT: first_valid_page=00000000
> TBOOT: mle_start_off=4000
> TBOOT: mle_end_off=34000
> TBOOT: capabilities: 0x00000027
> TBOOT: rlp_wake_getsec: 1
> TBOOT: rlp_wake_monitor: 1
> TBOOT: ecx_pgtbl: 1
> TBOOT: stm: 0
> TBOOT: pcr_map_no_legacy: 0
> TBOOT: pcr_map_da: 1
> TBOOT: platform_type: 0
> TBOOT: max_phy_addr: 0
> TBOOT: MLE start=804000, end=834000, size=30000
> TBOOT: ptab_size=3000, ptab_base=0x801000
> TBOOT: TXT.HEAP.BASE: 0xbef20000
> TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
> TBOOT: bios_data (@0xbef20008, 0x56):
> TBOOT: version: 4
> TBOOT: bios_sinit_size: 0xce40 (52800)
> TBOOT: lcp_pd_base: 0x0
> TBOOT: lcp_pd_size: 0x0 (0)
> TBOOT: num_logical_procs: 8
> TBOOT: flags: 0x00000000
> TBOOT: ext_data_elts[]:
> TBOOT: BIOS_SPEC_VER:
> TBOOT: major: 0x2
> TBOOT: minor: 0x1
> TBOOT: rev: 0x0
> TBOOT: ACM:
> TBOOT: num_acms: 1
> TBOOT: acm_addrs[0]: 0xfff7d000
> TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000
> TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000
> TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000
> TBOOT: no LCP module found
> TBOOT: os_sinit_data (@0xbef3517e, 0x7c):
> TBOOT: version: 6
> TBOOT: flags: 0
> TBOOT: mle_ptab: 0x801000
> TBOOT: mle_size: 0x30000 (196608)
> TBOOT: mle_hdr_base: 0x175a0
> TBOOT: vtd_pmr_lo_base: 0x0
> TBOOT: vtd_pmr_lo_size: 0xbbc00000
> TBOOT: vtd_pmr_hi_base: 0x100000000
> TBOOT: vtd_pmr_hi_size: 0x340000000
> TBOOT: lcp_po_base: 0x0
> TBOOT: lcp_po_size: 0x0 (0)
> TBOOT: capabilities: 0x00000002
> TBOOT: rlp_wake_getsec: 0
> TBOOT: rlp_wake_monitor: 1
> TBOOT: ecx_pgtbl: 0
> TBOOT: stm: 0
> TBOOT: pcr_map_no_legacy: 0
> TBOOT: pcr_map_da: 0
> TBOOT: platform_type: 0
> TBOOT: max_phy_addr: 0
> TBOOT: efi_rsdt_ptr: 0x0
> TBOOT: ext_data_elts[]:
> TBOOT: EVENT_LOG_POINTER:
> TBOOT: size: 16
> TBOOT: elog_addr: 0xbef30176
> TBOOT: Event Log Container:
> TBOOT: Signature: TXT Event Container
> TBOOT: ContainerVer: 1.0
> TBOOT: PCREventVer: 1.0
> TBOOT: Size: 20480
> TBOOT: EventsOffset: [48,48)
> TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, num_pages=13
> TBOOT: executing GETSEC[SENTER]...
>
>
>
>
> ------------------------------------------------------------------------------
> Start Your Social Network Today - Download eXo Platform
> Build your Enterprise Intranet with eXo Platform Software
> Java Based Open Source Intranet - Social, Extensible, Cloud Ready
> Get Started Now And Turn Your Intranet Into A Collaboration Platform
> http://p.sf.net/sfu/ExoPlatform
> _______________________________________________
> tboot-devel mailing list
> tboot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>
--
Ross Philipson
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
