Problem solved, it turns out that I was missing "-v 1" option to
lcp_ctrpol. Command line for creating LCP policy is: lcp_ctrpol -t hashonly -m
mle_hash -v 1 -o lcp.pol It seems that tb_polgen and vl.pol had nothing to do
with the problem. Best Regards, Michael Widlok
Dnia 28 sierpnia 2017 12:56 michalwd1979
<michalwd1...@o2.pl> napisał(a):
Dear Members, I'm testing tboot on very old system
(Lenovo t400) that supports only v1 policy versions. After creating policy
according to "policy_v1.txt" I've got SINIT module error
"unsupported policy version". It seems that tb_polgen can create only
v2 policy now and this is not supported by my pc. Running: tb_polgen
--create --type nonfatal vl.pol tb_polgen --add --num 0 --hash image --cmdlin
"kernel cmdline" --image "kernel image" vl.pol tb_polgen
--verbose --show vl.pol clearly shows that "version: 2" policy was
created. Is there a way to create v1 Verified Launch control policy? I'm
almost sure that I am missing something, maybe I should generate policy without
using tb_polgen? Anyway is that means that there is an error in instructions
given in "policy_v1.txt" or I just don't understand something
correctly? Thank You in advance, Michael Widlok
------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! sdm.link sdm.link
______________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.
lists.sourceforge.net lists.sourceforge.net
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
