Hello,
I am seeing this launch failure on a Lenovo T510 laptop (attached is the output
of txt-stat with nonfatal policy).
Can someone take a look and let me know what the problem could be?
This looks suspect:
TBOOT: verifying module 1 of mbi (b54000 - 6e691ff) in e820 table
(range from 0000000000b54000 to 0000000006e69200 is in E820_MIXED)
TBOOT: : failed.
TBOOT: verification of post-launch failed.
What is this? Is this a grub module? Because I see verification for those
succeeding:
TBOOT: verifying policy
TBOOT: verifying module "
root=/dev/mapper/vg_system-lv_root ro libata.allow_tpm=1 intel_iommu=on"...
TBOOT: OK : 7a fa 7c 0f 94 87 68 51 cf 3e 30 61 bf 69 a0 7a be 08 0c 90
TBOOT: verifying module ""...
TBOOT: OK : b7 91 d0 50 5f aa 12 f7 c6 9a 7d b8 fa 16 ef 74 74 b4 b4 53
TBOOT: verifying module ""...
TBOOT: OK : e7 0a 66 8c 40 90 4d d5 05 31 cc 1b df 54 0e e6 d8 53 03 0e
TBOOT: all modules are verified
(all the hashes match the policy)
Also, do I have to include the SINIT ACM module in my VLP? That was my original
suspect, but I moved it below other modules in grub so I guess it should not
matter. My other platform works flawlessly, now I came back to trying it on a
laptop and hit this...
Thanks for any ideas...
Jan
Intel(r) TXT Configuration Registers:
STS: 0x000188c1
senter_done: TRUE
sexit_done: FALSE
mem_config_lock: TRUE
private_open: TRUE
locality_1_open: TRUE
locality_2_open: TRUE
ESTS: 0x00
txt_reset: FALSE
E2STS: 0x0000000000000006
secrets: TRUE
ERRORCODE: 0x00000000
DIDVID: 0x0000001fa0008086
vendor_id: 0x8086
device_id: 0xa000
revision_id: 0x1f
FSBIF: 0xffffffffffffffff
QPIIF: 0x000000009d003000
SINIT.BASE: 0xbf700000
SINIT.SIZE: 131072B (0x20000)
HEAP.BASE: 0xbf720000
HEAP.SIZE: 917504B (0xe0000)
DPR: 0x00000000bf800041
lock: TRUE
top: 0xbf800000
size: 4MB (4194304B)
PUBLIC.KEY:
54 de 8b 2b fc 79 39 df 68 75 9b 12 55 2d 01 c8
e0 2b e1 a0 99 68 16 c9 8e 9e b3 00 71 92 37 13
***********************************************************
TXT measured launch: TRUE
secrets flag set: TRUE
***********************************************************
TBOOT log:
max_size=32706
zip_count=0
curr_pos=24766
buf:
TBOOT: ******************* TBOOT *******************
TBOOT: 2016-05-26 14:28 +0200 449:6531a0eaf369
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory pcr_map=da
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009e800 (1)
TBOOT: 000000000009e800 - 00000000000a0000 (2)
TBOOT: 00000000000dc000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000bee7c000 (1)
TBOOT: 00000000bee7c000 - 00000000bee82000 (2)
TBOOT: 00000000bee82000 - 00000000bef5f000 (1)
TBOOT: 00000000bef5f000 - 00000000bef71000 (2)
TBOOT: 00000000bef71000 - 00000000beff2000 (4)
TBOOT: 00000000beff2000 - 00000000bf00f000 (2)
TBOOT: 00000000bf00f000 - 00000000bf06f000 (1)
TBOOT: 00000000bf06f000 - 00000000bf268000 (2)
TBOOT: 00000000bf268000 - 00000000bf2e8000 (4)
TBOOT: 00000000bf2e8000 - 00000000bf30f000 (2)
TBOOT: 00000000bf30f000 - 00000000bf317000 (1)
TBOOT: 00000000bf317000 - 00000000bf31f000 (2)
TBOOT: 00000000bf31f000 - 00000000bf36b000 (1)
TBOOT: 00000000bf36b000 - 00000000bf377000 (4)
TBOOT: 00000000bf377000 - 00000000bf37a000 (3)
TBOOT: 00000000bf37a000 - 00000000bf381000 (4)
TBOOT: 00000000bf381000 - 00000000bf382000 (3)
TBOOT: 00000000bf382000 - 00000000bf38b000 (4)
TBOOT: 00000000bf38b000 - 00000000bf38c000 (3)
TBOOT: 00000000bf38c000 - 00000000bf39f000 (4)
TBOOT: 00000000bf39f000 - 00000000bf3ff000 (3)
TBOOT: 00000000bf3ff000 - 00000000bf400000 (1)
TBOOT: 00000000bf800000 - 00000000c0000000 (2)
TBOOT: 00000000e0000000 - 00000000f0000000 (2)
TBOOT: 00000000feaff000 - 00000000feb00000 (2)
TBOOT: 00000000fec00000 - 00000000fec10000 (2)
TBOOT: 00000000fed00000 - 00000000fed00400 (2)
TBOOT: 00000000fed1c000 - 00000000fed90000 (2)
TBOOT: 00000000fee00000 - 00000000fee01000 (2)
TBOOT: 00000000ff000000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000138000000 (1)
TBOOT: checking if module is an SINIT for this platform...
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xa000, revision: 0x1f
TBOOT: processor family/model/stepping: 0x20655
TBOOT: platform id: 0x10000000000000
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xa000, flags: 0x1, revision: 0x1,
extended: 0x0
TBOOT: SINIT matches platform
TBOOT: TXT.SINIT.BASE: 0xbf700000
TBOOT: TXT.SINIT.SIZE: 0x20000 (131072)
TBOOT: copied SINIT (size=8bc0) to 0xbf700000
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: subtype: 0x0
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_id: 0xa000
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20111122
TBOOT: size*4: 0x8bc0 (35776)
TBOOT: txt_svn: 0x00000001
TBOOT: se_svn: 0x00000000
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:00006601
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 3
TBOOT: length: 0x28 (40)
TBOOT: chipset_id_list: 0x4e8
TBOOT: os_sinit_data_ver: 0x5
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x0000000e
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 1
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: acm_ver: 51
TBOOT: chipset list:
TBOOT: count: 1
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xa000
TBOOT: revision_id: 0x1
TBOOT: extended_id: 0x0
TBOOT: SGX:verify_IA32_se_svn_status is called
TBOOT: SGX is not enabled, cpuid.ebx: 0x0
TBOOT: TPM: FIFO_INF Locality 0 is open
TBOOT: TPM: discrete TPM1.2 Family 0x0
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
TBOOT: Wrong timeout B, fallback to 2000
TBOOT: Wrong timeout C, fallback to 75000
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: unsupported version (255)
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: :54 bytes read
TBOOT: in unwrap_lcp_policy
TBOOT: v2 LCP policy data found
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000000 ()
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: 17
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 7a fa 7c 0f 94 87 68 51 cf 3e 30 61 bf 69 a0 7a be
08 0c 90
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 4
TBOOT: hashes[0]: b7 91 d0 50 5f aa 12 f7 c6 9a 7d b8 fa 16 ef 74 74
b4 b4 53
TBOOT: hashes[1]: b7 91 d0 50 5f aa 12 f7 c6 9a 7d b8 fa 16 ef 74 74
b4 b4 53
TBOOT: hashes[2]: 38 ce 20 ed 55 a6 d3 9e d3 77 c4 d8 f0 c2 23 08 58
01 f4 f6
TBOOT: hashes[3]: 38 ce 20 ed 55 a6 d3 9e d3 77 c4 d8 f0 c2 23 08 58
01 f4 f6
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 20
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: e7 0a 66 8c 40 90 4d d5 05 31 cc 1b df 54 0e e6 d8
53 03 0e
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xbf720000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xbf720008, 0x2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 4
TBOOT: flags: 0x00000000
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: CR0 and EFLAGS OK
TBOOT: no machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
last boot has error.
TBOOT: file addresses:
TBOOT: &_start=0x804000
TBOOT: &_end=0xb53a60
TBOOT: &_mle_start=0x804000
TBOOT: &_mle_end=0x838000
TBOOT: &_post_launch_entry=0x804010
TBOOT: &_txt_wakeup=0x804200
TBOOT: &g_mle_hdr=0x81df80
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
{0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000010
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=4000
TBOOT: mle_end_off=38000
TBOOT: capabilities: 0x00000027
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: MLE start=0x804000, end=0x838000, size=0x34000
TBOOT: ptab_size=3000, ptab_base=0x801000
TBOOT: TXT.HEAP.BASE: 0xbf720000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xbf720008, 0x2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 4
TBOOT: flags: 0x00000000
TBOOT: discarding RAM above reserved regions: 0xbee82000 - 0xbef5f000
TBOOT: discarding RAM above reserved regions: 0xbf00f000 - 0xbf06f000
TBOOT: discarding RAM above reserved regions: 0xbf30f000 - 0xbf317000
TBOOT: discarding RAM above reserved regions: 0xbf31f000 - 0xbf36b000
TBOOT: discarding RAM above reserved regions: 0xbf3ff000 - 0xbf400000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbee7c000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x138000000
TBOOT: v2 LCP policy data found
TBOOT: os_sinit_data (@0xbf735154, 0x64):
TBOOT: version: 5
TBOOT: flags: 0
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x34000 (212992)
TBOOT: mle_hdr_base: 0x19f80
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xbee00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x38000000
TBOOT: lcp_po_base: 0xbf72014c
TBOOT: lcp_po_size: 0x30c (780)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: setting MTRRs for acmod: base=0xbf700000, size=0x8bc0, num_pages=9
TBOOT: The maximum allowed MTRR range size=256 Pages
TBOOT: executing GETSEC[SENTER]...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: ******************* TBOOT *******************
TBOOT: 2016-05-26 14:28 +0200 449:6531a0eaf369
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory pcr_map=da
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: SINIT ACM successfully returned...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009e800 (1)
TBOOT: 000000000009e800 - 00000000000a0000 (2)
TBOOT: 00000000000dc000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000bee7c000 (1)
TBOOT: 00000000bee7c000 - 00000000bee82000 (2)
TBOOT: 00000000bee82000 - 00000000bef5f000 (1)
TBOOT: 00000000bef5f000 - 00000000bef71000 (2)
TBOOT: 00000000bef71000 - 00000000beff2000 (4)
TBOOT: 00000000beff2000 - 00000000bf00f000 (2)
TBOOT: 00000000bf00f000 - 00000000bf06f000 (1)
TBOOT: 00000000bf06f000 - 00000000bf268000 (2)
TBOOT: 00000000bf268000 - 00000000bf2e8000 (4)
TBOOT: 00000000bf2e8000 - 00000000bf30f000 (2)
TBOOT: 00000000bf30f000 - 00000000bf317000 (1)
TBOOT: 00000000bf317000 - 00000000bf31f000 (2)
TBOOT: 00000000bf31f000 - 00000000bf36b000 (1)
TBOOT: 00000000bf36b000 - 00000000bf377000 (4)
TBOOT: 00000000bf377000 - 00000000bf37a000 (3)
TBOOT: 00000000bf37a000 - 00000000bf381000 (4)
TBOOT: 00000000bf381000 - 00000000bf382000 (3)
TBOOT: 00000000bf382000 - 00000000bf38b000 (4)
TBOOT: 00000000bf38b000 - 00000000bf38c000 (3)
TBOOT: 00000000bf38c000 - 00000000bf39f000 (4)
TBOOT: 00000000bf39f000 - 00000000bf3ff000 (3)
TBOOT: 00000000bf3ff000 - 00000000bf400000 (1)
TBOOT: 00000000bf800000 - 00000000c0000000 (2)
TBOOT: 00000000e0000000 - 00000000f0000000 (2)
TBOOT: 00000000feaff000 - 00000000feb00000 (2)
TBOOT: 00000000fec00000 - 00000000fec10000 (2)
TBOOT: 00000000fed00000 - 00000000fed00400 (2)
TBOOT: 00000000fed1c000 - 00000000fed90000 (2)
TBOOT: 00000000fee00000 - 00000000fee01000 (2)
TBOOT: 00000000ff000000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000138000000 (1)
TBOOT: TPM: FIFO_INF Locality 0 is open
TBOOT: TPM: discrete TPM1.2 Family 0x0
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
TBOOT: Wrong timeout B, fallback to 2000
TBOOT: Wrong timeout C, fallback to 75000
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: unsupported version (255)
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: :54 bytes read
TBOOT: in unwrap_lcp_policy
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000000 ()
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: 17
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 7a fa 7c 0f 94 87 68 51 cf 3e 30 61 bf 69 a0 7a be
08 0c 90
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 4
TBOOT: hashes[0]: b7 91 d0 50 5f aa 12 f7 c6 9a 7d b8 fa 16 ef 74 74
b4 b4 53
TBOOT: hashes[1]: b7 91 d0 50 5f aa 12 f7 c6 9a 7d b8 fa 16 ef 74 74
b4 b4 53
TBOOT: hashes[2]: 38 ce 20 ed 55 a6 d3 9e d3 77 c4 d8 f0 c2 23 08 58
01 f4 f6
TBOOT: hashes[3]: 38 ce 20 ed 55 a6 d3 9e d3 77 c4 d8 f0 c2 23 08 58
01 f4 f6
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 20
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: e7 0a 66 8c 40 90 4d d5 05 31 cc 1b df 54 0e e6 d8
53 03 0e
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0xc0000001
TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0xbf720000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xbf720008, 0x2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 4
TBOOT: flags: 0x00000000
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: Post_launch started ...
TBOOT: measured launch succeeded
TBOOT: TXT.HEAP.BASE: 0xbf720000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0xbf720008, 0x2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 4
TBOOT: flags: 0x00000000
TBOOT: os_mle_data (@0xbf720034, 0x15120):
TBOOT: version: 3
TBOOT: loader context addr: 0x10000
TBOOT: os_sinit_data (@0xbf735154, 0x64):
TBOOT: version: 5
TBOOT: flags: 0
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x34000 (212992)
TBOOT: mle_hdr_base: 0x19f80
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xbee00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x38000000
TBOOT: lcp_po_base: 0xbf72014c
TBOOT: lcp_po_size: 0x30c (780)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: sinit_mle_data (@0xbf7351b8, 0x1c0):
TBOOT: version: 7
TBOOT: bios_acm_id:
80 00 00 00 20 09 10 07 00 00 a0 00 ff ff ff ff ff ff ff ff
TBOOT: edx_senter_flags: 0x00000000
TBOOT: mseg_valid: 0x0
TBOOT: sinit_hash:
49 14 78 a5 ee 00 af cb fe 95 79 51 12 08 4a 25 61 ee f8 08
TBOOT: mle_hash:
3a d4 2c ac 6d a4 bf 3f f9 2c 46 4c 1a a4 34 0e b5 bc 25 37
TBOOT: stm_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: lcp_policy_hash:
35 f5 d3 8d 36 18 f1 26 6f 36 46 8b 5f 9f 31 ed 30 51 29 29
TBOOT: lcp_policy_control: 0x00000000
TBOOT: rlp_wakeup_addr: 0xbf701d20
TBOOT: num_mdrs: 7
TBOOT: mdrs_off: 0x98
TBOOT: num_vtd_dmars: 128
TBOOT: vtd_dmars_off: 0x140
TBOOT: sinit_mdrs:
TBOOT: 0000000000000000 - 00000000000a0000 (GOOD)
TBOOT: 0000000000100000 - 0000000000f00000 (GOOD)
TBOOT: 0000000001000000 - 00000000bf700000 (GOOD)
TBOOT: 0000000100000000 - 0000000138000000 (GOOD)
TBOOT: 0000000100000000 - 0000000138000000 (GOOD)
TBOOT: 00000000bf800000 - 00000000c0000000 (SMRAM NON-OVERLAY)
TBOOT: 00000000e0000000 - 00000000f0000000 (PCIE EXTENDED CONFIG)
TBOOT: CPU supports 36 phys address bits
TBOOT: RSDP (v2, LENOVO) @ 0x0f68
TBOOT: acpi_table_ioapic @ 0xbf3febd9, .address = 0xfec00000
TBOOT: acpi_table_mcfg @ 0xbf3fec49, .base_address = 0xe0000000
TBOOT: mtrr_def_type: e = 1, fe = 1, type = 0
TBOOT: mtrrs:
TBOOT: base mask type v
TBOOT: 00000000cf000 0000000fff200 01 00
TBOOT: 0000000000000 0000000f80000 06 01
TBOOT: 0000000080000 0000000fc0000 06 01
TBOOT: 0000000100000 0000000fc0000 06 01
TBOOT: 0000000138000 0000000ff8000 00 01
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: 0000000000000 0000000000000 00 00
TBOOT: discarding RAM above reserved regions: 0xbee82000 - 0xbef5f000
TBOOT: discarding RAM above reserved regions: 0xbf00f000 - 0xbf06f000
TBOOT: discarding RAM above reserved regions: 0xbf30f000 - 0xbf317000
TBOOT: discarding RAM above reserved regions: 0xbf31f000 - 0xbf36b000
TBOOT: discarding RAM above reserved regions: 0xbf3ff000 - 0xbf400000
TBOOT: reserving 0xbee00000 - 0xbee7c000, which was truncated for VT-d
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbee7c000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x138000000
TBOOT: MSR for SMM monitor control on BSP is 0x0.
TBOOT: verifying ILP is opt-out or has the same MSEG header with TXT.MSEG.BASE
opt-out
TBOOT: : succeeded.
TBOOT: enabling SMIs on BSP
TBOOT: mle_join.entry_point = 804200
TBOOT: mle_join.seg_sel = 8
TBOOT: mle_join.gdt_base = 805000
TBOOT: mle_join.gdt_limit = 3f
TBOOT: joining RLPs to MLE with MONITOR wakeup
TBOOT: rlp_wakeup_addr = 0xbf701d20
TBOOT: cpu 5 waking up from TXT sleep
TBOOT: waiting for all APs (3) to enter wait-for-sipi...
TBOOT: MSR for SMM monitor control on cpu 5 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 5
: succeeded.
TBOOT: enabling SMIs on cpu 5
TBOOT: .VMXON done for cpu 5
TBOOT:
TBOOT: cpu 4 waking up from TXT sleep
TBOOT: launching mini-guest for cpu 5
TBOOT: MSR for SMM monitor control on cpu 4 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 4
: succeeded.
TBOOT: enabling SMIs on cpu 4
TBOOT: VMXON done for cpu 4
TBOOT: launching mini-guest for cpu 4
TBOOT: cpu 1 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 1 is 0x0
TBOOT: .verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 1
. : succeeded.
TBOOT: .enabling SMIs on cpu 1
TBOOT: .VMXON done for cpu 1
TBOOT:
TBOOT: launching mini-guest for cpu 1
TBOOT: all APs in wait-for-sipi
TBOOT: saved IA32_MISC_ENABLE = 0x00850089
TBOOT: set TXT.CMD.SECRETS flag
TBOOT: opened TPM locality 1
TBOOT: DMAR table @ 0xbf381000 saved.
TBOOT: got sinit match on module #4
TBOOT: v2 LCP policy data found
TBOOT: protecting TXT heap (bf720000 - bf7fffff) in e820 table
TBOOT: protecting SINIT (bf700000 - bf71ffff) in e820 table
TBOOT: protecting TXT Private Space (fed20000 - fed2ffff) in e820 table
TBOOT: verifying e820 table against SINIT MDRs: verification succeeded.
TBOOT: verifying module 0 of mbi (105000 - 7b564f) in e820 table
(range from 0000000000105000 to 00000000007b5650 is in E820_RAM)
TBOOT: : succeeded.
TBOOT: verifying module 1 of mbi (b54000 - 6e691ff) in e820 table
(range from 0000000000b54000 to 0000000006e69200 is in E820_MIXED)
TBOOT: : failed.
TBOOT: verification of post-launch failed.
TBOOT: verifying tboot and its page table (800000 - b53a5f) in e820 table
(range from 0000000000800000 to 0000000000b53a60 is in E820_RAM)
TBOOT: : succeeded.
TBOOT: ELF magic number is not matched, image is not ELF format.
TBOOT: protecting tboot (800000 - b53fff) in e820 table
TBOOT: reserving tboot memory log (60000 - 67fff) in e820 table
TBOOT: adjusted e820 map:
TBOOT: 0000000000000000 - 0000000000060000 (1)
TBOOT: 0000000000060000 - 0000000000068000 (2)
TBOOT: 0000000000068000 - 000000000009e800 (1)
TBOOT: 000000000009e800 - 00000000000a0000 (2)
TBOOT: 00000000000dc000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 0000000000800000 (1)
TBOOT: 0000000000800000 - 0000000000b54000 (2)
TBOOT: 0000000000b54000 - 0000000000f00000 (1)
TBOOT: 0000000000f00000 - 0000000001000000 (2)
TBOOT: 0000000001000000 - 00000000bee00000 (1)
TBOOT: 00000000bee00000 - 00000000bee7c000 (2)
TBOOT: 00000000bee7c000 - 00000000bee82000 (2)
TBOOT: 00000000bee82000 - 00000000bef5f000 (2)
TBOOT: 00000000bef5f000 - 00000000bef71000 (2)
TBOOT: 00000000bef71000 - 00000000beff2000 (4)
TBOOT: 00000000beff2000 - 00000000bf00f000 (2)
TBOOT: 00000000bf00f000 - 00000000bf06f000 (2)
TBOOT: 00000000bf06f000 - 00000000bf268000 (2)
TBOOT: 00000000bf268000 - 00000000bf2e8000 (4)
TBOOT: 00000000bf2e8000 - 00000000bf30f000 (2)
TBOOT: 00000000bf30f000 - 00000000bf317000 (2)
TBOOT: 00000000bf317000 - 00000000bf31f000 (2)
TBOOT: 00000000bf31f000 - 00000000bf36b000 (2)
TBOOT: 00000000bf36b000 - 00000000bf377000 (4)
TBOOT: 00000000bf377000 - 00000000bf37a000 (3)
TBOOT: 00000000bf37a000 - 00000000bf381000 (4)
TBOOT: 00000000bf381000 - 00000000bf382000 (3)
TBOOT: 00000000bf382000 - 00000000bf38b000 (4)
TBOOT: 00000000bf38b000 - 00000000bf38c000 (3)
TBOOT: 00000000bf38c000 - 00000000bf39f000 (4)
TBOOT: 00000000bf39f000 - 00000000bf3ff000 (3)
TBOOT: 00000000bf3ff000 - 00000000bf400000 (2)
TBOOT: 00000000bf700000 - 00000000bf720000 (2)
TBOOT: 00000000bf720000 - 00000000bf800000 (2)
TBOOT: 00000000bf800000 - 00000000c0000000 (2)
TBOOT: 00000000e0000000 - 00000000f0000000 (2)
TBOOT: 00000000feaff000 - 00000000feb00000 (2)
TBOOT: 00000000fec00000 - 00000000fec10000 (2)
TBOOT: 00000000fed00000 - 00000000fed00400 (2)
TBOOT: 00000000fed1c000 - 00000000fed20000 (2)
TBOOT: 00000000fed20000 - 00000000fed30000 (2)
TBOOT: 00000000fed30000 - 00000000fed90000 (2)
TBOOT: 00000000fee00000 - 00000000fee01000 (2)
TBOOT: 00000000ff000000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000138000000 (1)
TBOOT: verifying policy
TBOOT: verifying module "
root=/dev/mapper/vg_system-lv_root ro libata.allow_tpm=1 intel_iommu=on"...
TBOOT: OK : 7a fa 7c 0f 94 87 68 51 cf 3e 30 61 bf 69 a0 7a be 08 0c 90
TBOOT: verifying module ""...
TBOOT: OK : b7 91 d0 50 5f aa 12 f7 c6 9a 7d b8 fa 16 ef 74 74 b4 b4 53
TBOOT: verifying module ""...
TBOOT: OK : e7 0a 66 8c 40 90 4d d5 05 31 cc 1b df 54 0e e6 d8 53 03 0e
TBOOT: all modules are verified
TBOOT: pre_k_s3_state:
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0xbee00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x38000000
TBOOT: pol_hash: 3d 9c 82 cb b3 06 c2 ac 15 93 05 30 05 4c 4b d4 0c 17 f7 9a
TBOOT: VL measurements:
TBOOT: PCR 17 (alg count 1):
TBOOT: alg 0004: d3 39 9b 72 62 fb 56 cb 9e d0 53 d6 8d b9 29 1c 41
08 39 c4
TBOOT: PCR 18 (alg count 1):
TBOOT: alg 0004: 7a fa 7c 0f 94 87 68 51 cf 3e 30 61 bf 69 a0 7a be
08 0c 90
TBOOT: PCR 17 (alg count 1):
TBOOT: alg 0004: 7a fa 7c 0f 94 87 68 51 cf 3e 30 61 bf 69 a0 7a be
08 0c 90
TBOOT: PCR 19 (alg count 1):
TBOOT: alg 0004: b7 91 d0 50 5f aa 12 f7 c6 9a 7d b8 fa 16 ef 74 74
b4 b4 53
TBOOT: PCR 20 (alg count 1):
TBOOT: alg 0004: e7 0a 66 8c 40 90 4d d5 05 31 cc 1b df 54 0e e6 d8
53 03 0e
TBOOT: tboot_shared data:
TBOOT: version: 6
TBOOT: log_addr: 0x00060000
TBOOT: shutdown_entry: 0x008041c0
TBOOT: shutdown_type: 0
TBOOT: tboot_base: 0x00804000
TBOOT: tboot_size: 0x34fa60
TBOOT: num_in_wfs: 3
TBOOT: flags: 0x00000000
TBOOT: ap_wake_addr: 0x00000000
TBOOT: ap_wake_trigger: 0
TBOOT: Error: image size is smaller than data size.
TBOOT: no LCP module found
TBOOT: ELF magic number is not matched, image is not ELF format.
TBOOT: assuming kernel is Linux format
TBOOT: Initrd from 0x79cea000 to 0x7ffff200
TBOOT: Kernel (protected mode) from 0x1000000 to 0x16ac050
TBOOT: Kernel (real mode) from 0x90000 to 0x94600
TBOOT: Linux cmdline placed in header: root=/dev/mapper/vg_system-lv_root ro
libata.allow_tpm=1 intel_iommu=o
TBOOT: n
TBOOT:
TBOOT: transfering control to kernel @0x1000000...
TBOOT: VMXOFF done for cpu 1
TBOOT: cpu 1 waking up, SIPI vector=99000
TBOOT: VMXOFF done for cpu 4
TBOOT: cpu 4 waking up, SIPI vector=99000
TBOOT: VMXOFF done for cpu 5
TBOOT: cpu 5 waking up, SIPI vector=99000
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
