Re: [tboot-devel] TPM 2.0 + TXT + EFI tboot

Thu, 08 Dec 2016 16:22:06 -0800

Is that likely to also help an issue I am having where it reboots after getsec[SENTER] every time I have EFI enabled? We are on a BIOS that has the AC Init module built into the BIOS. 

On 12/08/2016 05:00 PM, Sun, Ning wrote:



In grub.cfg, find the line “multiboot2  /boot/tboot.gz 
logging=serial,memory”,  add extpol=sha256 at end of the line.


*From:* travis.gilb...@dell.com [mailto:travis.gilb...@dell.com]
*Sent:* Thursday, December 08, 2016 2:23 PM
*To:* tboot-devel@lists.sourceforge.net
*Subject:* [tboot-devel] TPM 2.0 + TXT + EFI tboot


I am trying to perform a simple trusted boot on SLES 12 SP2 with TPM 
2.0 and EFI mode. I can verify that TXT works using getsec64.efi and 
performing SENTER, setting the secrets flag, rebooting and doing 
SENTER then SEXIT. When I select the “tboot 1.9.4” entry in grub2, my 
server pauses for a bit after the loading initial RAM disk step and 
then reboots. I then get an SINIT error notification from BIOS that 
points to a log error (ERR_BAD_LOG_POINTER_PTR2_MATCH).



I am working with a freshly provisioned TPM and a new install of SLES 
12 SP2. I added the tboot and tpm2.0-tools packages to that install 
and modified grub2 to give me a tboot prompt (I think I added a file 
grub-tboot to /etc/default/ to accomplish this).


Am I missing anything?



------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi


_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel



------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel






















					Reply via email to