It is fine to use kernel keyword to launch tboot in Grub v1 for non-uefi boot.
To me, the real issue is that the tpm module might not be properly provisioned.
Please check what nv indices were defined via tpm_nvinfo or tpmnv_getcap to see
what indices are defined.
Jimmy
From: Ahmed, Safayet (GE Global Research) [mailto:safayet.ah...@ge.com]
Sent: Wednesday, November 19, 2014 9:21 PM
To: tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] Tboot Installation Issues
Tboot doesn't launch like the Linux kernel. It uses a multiboot2 launch.
...
multiboot2 /tboot.gz /tboot.gz <tboot arguments>
module2 /vmlinuz /vmlinuz <kernel srguments>
module2 /initrd.img /initrd.img
Also, at least on Ubuntu, tboot should install its own menu entries in the GRUB
configuration file.
Good luck,
Safayet
From: Michael Perng [mailto:mpe...@us.ibm.com]
Sent: Tuesday, November 18, 2014 5:56 PM
To: tboot-devel@lists.sourceforge.net
Cc: Nikhil Gupta
Subject: [tboot-devel] Tboot Installation Issues
Hello,
I am trying to install tboot on 2 systems - one running RHEL 6.5 and one
running Ubuntu. I did the following steps, to no success:
#tpm_takeownership -z
# yum install trousers-devel tpm-tools tboot
modify /boot/grub/grub.conf so that the first line looks like this:
title tboot Red Hat Enterprise Linux Server (...)
root (hd0,0)
kernel /tboot.gz loglvl=all logging=serial,vga,memory vga_delay=1
module /vmlinuz ... (kernel)
module /initramfs ... (initrd)
(Both systems are equipped with SINIT in the BIOS, so there was no need to add
it as a module in the configuration above.)
I did equivalent steps on the Ubuntu machine.
Neither machine showed any signs of having successfully run tboot:
- txt-stat shows that 'TXT measured launch' is FALSE
- TPMs are owned, enabled, and active
- pcr values are as follows:
PCR-00 to PCR-07 contain values as expected
...
PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-21: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
The following errors were given by txt-stat as well:
...
TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
TBOOT: :reading failed
...
TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
TBOOT: :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
...
TBOOT: Error: write TPM error: 0x2.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000007
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSThR (7)
TBOOT: SMX not supported.
TBOOT: no LCP module found
TBOOT: Error: ELF magic number is not matched.
...
Both machines have similar output for txt-stat with the exception that the
'ERR: SENTER disabled by feature control...' error only showed up on the RHEL
machine.
One interesting thing that I noticed that might be connected to the problem is
that the 'tpm_tis.ko' module does not exist on either machine.
Does anyone have an idea of why tboot is not successfully activating the DRTMs
and what I could do to solve the problem?
Thanks,
Michael
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
