Nehal Bandi | 29 Jan 22:33 2014

tboot issue on an AMD machine

Hi,

 

Its written in the tboot docs that on the machine with no TXT support tboot launches the kernel without secure boot.

 

We were testing the behavior of tboot on variety of hardware and I found one issue on one of the AMD machine.

 

We are using tboot-1.7.3 for our environment.

 

Dell poweredge 415.
AMD 4130 processorDell poweredge 415.
AMD 4130 processor , BIOs version: 1.8.5

 

The machine never come out of tboot and keeps restarting.

 

Has anybody else seen this issue and any probable cause ?

 

Following is trace from the machine.  

 

Thanks in advance.

 

 

===================================================================

 

[2013-10-25 05:33:11 UTC] TBOOT: ******************* TBOOT *******************
[2013-10-25 05:33:11 UTC] TBOOT: 2013-09-05 17:05 -0400 160:1c1174e91a4d
[2013-10-25 05:33:11 UTC] TBOOT: *********************************************
[2013-10-25 05:33:11 UTC] TBOOT: command line: 
[2013-10-25 05:33:11 UTC] TBOOT: BSP is cpu 0
[2013-10-25 05:33:11 UTC] TBOOT: original e820 map:
[2013-10-25 05:33:11 UTC] TBOOT: 0000000000000000 - 00000000000a0000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: 0000000000100000 - 00000000df699000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df699000 - 00000000df6af000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df6af000 - 00000000df6ce000 (3)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df6ce000 - 00000000e0000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000f0000000 - 00000000f4000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fe000000 - 00000000fec90000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fec94000 - 00000000fecd0000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fecd4000 - 0000000100000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 0000000100000000 - 0000000220000000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: TPM is ready
[2013-10-25 05:33:11 UTC] TBOOT: TPM nv_locked: FALSE
[2013-10-25 05:33:11 UTC] TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
[2013-10-25 05:33:11 UTC] TBOOT: Wrong timeout B, fallback to 2000
[2013-10-25 05:33:11 UTC] TBOOT: reading Verified Launch Policy from TPM NV...
[2013-10-25 05:33:11 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
[2013-10-25 05:33:11 UTC] TBOOT: :reading failed
[2013-10-25 05:33:11 UTC] TBOOT: reading Launch Control Policy from TPM NV...
[2013-10-25 05:33:11 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
[2013-10-25 05:33:11 UTC] TBOOT: :reading failed
[2013-10-25 05:33:11 UTC] TBOOT: failed to read policy from TPM NV, using default
[2013-10-25 05:33:11 UTC] TBOOT: policy:
[2013-10-25 05:33:11 UTC] TBOOT: version: 2
[2013-10-25 05:33:11 UTC] TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
[2013-10-25 05:33:11 UTC] TBOOT: hash_alg: TB_HALG_SHA1
[2013-10-25 05:33:11 UTC] TBOOT: policy_control: 00000001 (EXTEND_PCR17)
[2013-10-25 05:33:11 UTC] TBOOT: num_entries: 2
[2013-10-25 05:33:11 UTC] TBOOT: policy entry[0]:
[2013-10-25 05:33:11 UTC] TBOOT: mod_num: 0
[2013-10-25 05:33:11 UTC] TBOOT: pcr: none
[2013-10-25 05:33:11 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:11 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:11 UTC] TBOOT: policy entry[1]:
[2013-10-25 05:33:11 UTC] TBOOT: mod_num: any
[2013-10-25 05:33:11 UTC] TBOOT: pcr: 19
[2013-10-25 05:33:11 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:11 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:11 UTC] TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: Error: write TPM error: 0x2.
[2013-10-25 05:33:11 UTC] TBOOT: no policy in TPM NV.
[2013-10-25 05:33:11 UTC] TBOOT: ******************* TBOOT *******************
[2013-10-25 05:33:11 UTC] TBOOT: 2013-09-05 17:05 -0400 160:1c1174e91a4d
[2013-10-25 05:33:11 UTC] TBOOT: *********************************************
[2013-10-25 05:33:11 UTC] TBOOT: command line: 
[2013-10-25 05:33:11 UTC] TBOOT: BSP is cpu 0
[2013-10-25 05:33:11 UTC] TBOOT: original e820 map:
[2013-10-25 05:33:11 UTC] TBOOT: 0000000000000000 - 00000000000a0000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: 0000000000100000 - 00000000df699000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df699000 - 00000000df6af000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df6af000 - 00000000df6ce000 (3)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df6ce000 - 00000000e0000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000f0000000 - 00000000f4000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fe000000 - 00000000fec90000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fec94000 - 00000000fecd0000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fecd4000 - 0000000100000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 0000000100000000 - 0000000220000000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: TPM is ready
[2013-10-25 05:33:11 UTC] TBOOT: TPM nv_locked: FALSE
[2013-10-25 05:33:11 UTC] TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
[2013-10-25 05:33:11 UTC] TBOOT: Wrong timeout B, fallback to 2000
[2013-10-25 05:33:11 UTC] TBOOT: reading Verified Launch Policy from TPM NV...
[2013-10-25 05:33:11 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
[2013-10-25 05:33:11 UTC] TBOOT: :reading failed
[2013-10-25 05:33:11 UTC] TBOOT: reading Launch Control Policy from TPM NV...
[2013-10-25 05:33:11 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
[2013-10-25 05:33:11 UTC] TBOOT: :reading failed
[2013-10-25 05:33:11 UTC] TBOOT: failed to read policy from TPM NV, using default
[2013-10-25 05:33:11 UTC] TBOOT: policy:
[2013-10-25 05:33:11 UTC] TBOOT: version: 2
[2013-10-25 05:33:11 UTC] TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
[2013-10-25 05:33:12 UTC] TBOOT: hash_alg: TB_HALG_SHA1
[2013-10-25 05:33:12 UTC] TBOOT: policy_control: 00000001 (EXTEND_PCR17)
[2013-10-25 05:33:12 UTC] TBOOT: num_entries: 2
[2013-10-25 05:33:12 UTC] TBOOT: policy entry[0]:
[2013-10-25 05:33:12 UTC] TBOOT: mod_num: 0
[2013-10-25 05:33:12 UTC] TBOOT: pcr: none
[2013-10-25 05:33:12 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:12 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:12 UTC] TBOOT: policy entry[1]:
[2013-10-25 05:33:12 UTC] TBOOT: mod_num: any
[2013-10-25 05:33:12 UTC] TBOOT: pcr: 19
[2013-10-25 05:33:12 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:12 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:12 UTC] TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002
[2013-10-25 05:33:12 UTC] TBOOT: Error: write TPM error: 0x2.
[2013-10-25 05:33:12 UTC] TBOOT: no policy in TPM NV.
[2013-10-25 05:33:12 UTC] TBOOT: ******************* TBOOT *******************
[2013-10-25 05:33:12 UTC] TBOOT: 2013-09-05 17:05 -0400 160:1c1174e91a4d
[2013-10-25 05:33:12 UTC] TBOOT: *********************************************
[2013-10-25 05:33:12 UTC] TBOOT: command line: 
[2013-10-25 05:33:12 UTC] TBOOT: BSP is cpu 0
[2013-10-25 05:33:12 UTC] TBOOT: original e820 map:
[2013-10-25 05:33:12 UTC] TBOOT: 0000000000000000 - 00000000000a0000 (1)
[2013-10-25 05:33:12 UTC] TBOOT: 0000000000100000 - 00000000df699000 (1)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000df699000 - 00000000df6af000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000df6af000 - 00000000df6ce000 (3)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000df6ce000 - 00000000e0000000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000f0000000 - 00000000f4000000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000fe000000 - 00000000fec90000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000fec94000 - 00000000fecd0000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000fecd4000 - 0000000100000000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 0000000100000000 - 0000000220000000 (1)
[2013-10-25 05:33:12 UTC] TBOOT: TPM is ready
[2013-10-25 05:33:12 UTC] TBOOT: TPM nv_locked: FALSE
[2013-10-25 05:33:12 UTC] TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
[2013-10-25 05:33:12 UTC] TBOOT: Wrong timeout B, fallback to 2000
[2013-10-25 05:33:12 UTC] TBOOT: reading Verified Launch Policy from TPM NV...
[2013-10-25 05:33:12 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:12 UTC] TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
[2013-10-25 05:33:12 UTC] TBOOT: :reading failed
[2013-10-25 05:33:12 UTC] TBOOT: reading Launch Control Policy from TPM NV...
[2013-10-25 05:33:12 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:12 UTC] TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
[2013-10-25 05:33:12 UTC] TBOOT: :reading failed
[2013-10-25 05:33:12 UTC] TBOOT: failed to read policy from TPM NV, using default
[2013-10-25 05:33:12 UTC] TBOOT: policy:
[2013-10-25 05:33:12 UTC] TBOOT: version: 2
[2013-10-25 05:33:12 UTC] TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
[2013-10-25 05:33:12 UTC] TBOOT: hash_alg: TB_HALG_SHA1
[2013-10-25 05:33:12 UTC] TBOOT: policy_control: 00000001 (EXTEND_PCR17)
[2013-10-25 05:33:12 UTC] TBOOT: num_entries: 2
[2013-10-25 05:33:12 UTC] TBOOT: policy entry[0]:
[2013-10-25 05:33:12 UTC] TBOOT: mod_num: 0
[2013-10-25 05:33:12 UTC] TBOOT: pcr: none
[2013-10-25 05:33:12 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:12 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:12 UTC] TBOOT: policy entry[1]:
[2013-10-25 05:33:12 UTC] TBOOT: mod_num: any
[2013-10-25 05:33:12 UTC] TBOOT: pcr: 19
[2013-10-25 05:33:12 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:12 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:12 UTC] TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002
[2013-10-25 05:33:12 UTC] TBOOT: Error: write TPM error: 0x2.
[2013-10-25 05:33:12 UTC] TBOOT: no policy in TPM NV.

 

-Regards,

Nehal

------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Wei, Gang | 30 Jan 11:23 2014
Picon

tboot 1.8.0 released

This major release is to provide EFI boot support, TPM NV measuring, and
TPM2.0 support. The EFI & TPM2 support are not fully completed yet, more
enhancements will coming in next minor release.

Source package tboot-1.8.0.tar.gz can be downloaded from sourceforge.net.

Major changes since 1.7.4 (20130705):
	Update README for TPM2 support
	tpm2 support
	Adding sha256 algorithm implementation
	Update README for TPM NV measuring
	Update README for EFI support
	Fix typo in tboot/Makefile
	Increase the supported maximum number of cpus from 256 to 512
	Extend tboot policy supporting measuring TPM NV
	EFI support via multiboot2 changes
	Fix typo in common/hash.c
	Fix verification for extended data elements in txt heap

Please help testing it, and enjoy it.

Thanks
Jimmy
Attachment (smime.p7s): application/pkcs7-signature, 12 KiB
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Nehal Bandi | 29 Jan 00:51 2014

Patch for inserting a hashtag in to TPM PCR from TPM NV location.

Hi,

 

I have a patch for tboot which reads a SHA1 from an index location from TPM NV ram and

Extend PCR-22 from the value within tboot.

 

This patch can be used for secure PCR  extention from TPM NV location.

 

Please let me know the feedback on the patch.

 

-Regards,

Nehal

Attachment (asset_tag.patch): application/octet-stream, 5423 bytes
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Martin Thiim | 10 Dec 19:04 2013
Picon

TXT vs SGX

Hi

A few months back, Intel released a lot of documentation on the upcoming security technology, Software Guard Extensions. There seems to be quite some overlap between the objectives of the two technologies, but they are not directly incompatible and according to the SGX manual it is possible to launch SGX enclaves from within TXT/SMX mode (but not the other way around). Does anyone know when SGX will become available and what is the future of TXT after this? Thanks!


Best regards,


Martin Thiim

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Qiaowei Ren | 10 Dec 07:16 2013
Picon

[PATCH] Documentation: move intel_txt.txt to Documentation/x86

Documentation/x86 is a more fitting place for intel_txt.txt.

Signed-off-by: Qiaowei Ren <qiaowei.ren <at> intel.com>
---
 Documentation/intel_txt.txt     |  210 ---------------------------------------
 Documentation/x86/intel_txt.txt |  210 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 210 insertions(+), 210 deletions(-)
 delete mode 100644 Documentation/intel_txt.txt
 create mode 100644 Documentation/x86/intel_txt.txt

diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt
deleted file mode 100644
index 91d89c5..0000000
--- a/Documentation/intel_txt.txt
+++ /dev/null
 <at>  <at>  -1,210 +0,0  <at>  <at> 
-Intel(R) TXT Overview:
-=====================
-
-Intel's technology for safer computing, Intel(R) Trusted Execution
-Technology (Intel(R) TXT), defines platform-level enhancements that
-provide the building blocks for creating trusted platforms.
-
-Intel TXT was formerly known by the code name LaGrande Technology (LT).
-
-Intel TXT in Brief:
-o  Provides dynamic root of trust for measurement (DRTM)
-o  Data protection in case of improper shutdown
-o  Measurement and verification of launched environment
-
-Intel TXT is part of the vPro(TM) brand and is also available some
-non-vPro systems.  It is currently available on desktop systems
-based on the Q35, X38, Q45, and Q43 Express chipsets (e.g. Dell
-Optiplex 755, HP dc7800, etc.) and mobile systems based on the GM45,
-PM45, and GS45 Express chipsets.
-
-For more information, see http://www.intel.com/technology/security/.
-This site also has a link to the Intel TXT MLE Developers Manual,
-which has been updated for the new released platforms.
-
-Intel TXT has been presented at various events over the past few
-years, some of which are:
-      LinuxTAG 2008:
-          http://www.linuxtag.org/2008/en/conf/events/vp-donnerstag.html
-      TRUST2008:
-          http://www.trust-conference.eu/downloads/Keynote-Speakers/
-          3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf
-      IDF, Shanghai:
-          http://www.prcidf.com.cn/index_en.html
-      IDFs 2006, 2007 (I'm not sure if/where they are online)
-
-Trusted Boot Project Overview:
-=============================
-
-Trusted Boot (tboot) is an open source, pre-kernel/VMM module that
-uses Intel TXT to perform a measured and verified launch of an OS
-kernel/VMM.
-
-It is hosted on SourceForge at http://sourceforge.net/projects/tboot.
-The mercurial source repo is available at http://www.bughost.org/
-repos.hg/tboot.hg.
-
-Tboot currently supports launching Xen (open source VMM/hypervisor
-w/ TXT support since v3.2), and now Linux kernels.
-
-
-Value Proposition for Linux or "Why should you care?"
-=====================================================
-
-While there are many products and technologies that attempt to
-measure or protect the integrity of a running kernel, they all
-assume the kernel is "good" to begin with.  The Integrity
-Measurement Architecture (IMA) and Linux Integrity Module interface
-are examples of such solutions.
-
-To get trust in the initial kernel without using Intel TXT, a
-static root of trust must be used.  This bases trust in BIOS
-starting at system reset and requires measurement of all code
-executed between system reset through the completion of the kernel
-boot as well as data objects used by that code.  In the case of a
-Linux kernel, this means all of BIOS, any option ROMs, the
-bootloader and the boot config.  In practice, this is a lot of
-code/data, much of which is subject to change from boot to boot
-(e.g. changing NICs may change option ROMs).  Without reference
-hashes, these measurement changes are difficult to assess or
-confirm as benign.  This process also does not provide DMA
-protection, memory configuration/alias checks and locks, crash
-protection, or policy support.
-
-By using the hardware-based root of trust that Intel TXT provides,
-many of these issues can be mitigated.  Specifically: many
-pre-launch components can be removed from the trust chain, DMA
-protection is provided to all launched components, a large number
-of platform configuration checks are performed and values locked,
-protection is provided for any data in the event of an improper
-shutdown, and there is support for policy-based execution/verification.
-This provides a more stable measurement and a higher assurance of
-system configuration and initial state than would be otherwise
-possible.  Since the tboot project is open source, source code for
-almost all parts of the trust chain is available (excepting SMM and
-Intel-provided firmware).
-
-How Does it Work?
-=================
-
-o  Tboot is an executable that is launched by the bootloader as
-   the "kernel" (the binary the bootloader executes).
-o  It performs all of the work necessary to determine if the
-   platform supports Intel TXT and, if so, executes the GETSEC[SENTER]
-   processor instruction that initiates the dynamic root of trust.
-   -  If tboot determines that the system does not support Intel TXT
-      or is not configured correctly (e.g. the SINIT AC Module was
-      incorrect), it will directly launch the kernel with no changes
-      to any state.
-   -  Tboot will output various information about its progress to the
-      terminal, serial port, and/or an in-memory log; the output
-      locations can be configured with a command line switch.
-o  The GETSEC[SENTER] instruction will return control to tboot and
-   tboot then verifies certain aspects of the environment (e.g. TPM NV
-   lock, e820 table does not have invalid entries, etc.).
-o  It will wake the APs from the special sleep state the GETSEC[SENTER]
-   instruction had put them in and place them into a wait-for-SIPI
-   state.
-   -  Because the processors will not respond to an INIT or SIPI when
-      in the TXT environment, it is necessary to create a small VT-x
-      guest for the APs.  When they run in this guest, they will
-      simply wait for the INIT-SIPI-SIPI sequence, which will cause
-      VMEXITs, and then disable VT and jump to the SIPI vector.  This
-      approach seemed like a better choice than having to insert
-      special code into the kernel's MP wakeup sequence.
-o  Tboot then applies an (optional) user-defined launch policy to
-   verify the kernel and initrd.
-   -  This policy is rooted in TPM NV and is described in the tboot
-      project.  The tboot project also contains code for tools to
-      create and provision the policy.
-   -  Policies are completely under user control and if not present
-      then any kernel will be launched.
-   -  Policy action is flexible and can include halting on failures
-      or simply logging them and continuing.
-o  Tboot adjusts the e820 table provided by the bootloader to reserve
-   its own location in memory as well as to reserve certain other
-   TXT-related regions.
-o  As part of its launch, tboot DMA protects all of RAM (using the
-   VT-d PMRs).  Thus, the kernel must be booted with 'intel_iommu=on'
-   in order to remove this blanket protection and use VT-d's
-   page-level protection.
-o  Tboot will populate a shared page with some data about itself and
-   pass this to the Linux kernel as it transfers control.
-   -  The location of the shared page is passed via the boot_params
-      struct as a physical address.
-o  The kernel will look for the tboot shared page address and, if it
-   exists, map it.
-o  As one of the checks/protections provided by TXT, it makes a copy
-   of the VT-d DMARs in a DMA-protected region of memory and verifies
-   them for correctness.  The VT-d code will detect if the kernel was
-   launched with tboot and use this copy instead of the one in the
-   ACPI table.
-o  At this point, tboot and TXT are out of the picture until a
-   shutdown (S<n>)
-o  In order to put a system into any of the sleep states after a TXT
-   launch, TXT must first be exited.  This is to prevent attacks that
-   attempt to crash the system to gain control on reboot and steal
-   data left in memory.
-   -  The kernel will perform all of its sleep preparation and
-      populate the shared page with the ACPI data needed to put the
-      platform in the desired sleep state.
-   -  Then the kernel jumps into tboot via the vector specified in the
-      shared page.
-   -  Tboot will clean up the environment and disable TXT, then use the
-      kernel-provided ACPI information to actually place the platform
-      into the desired sleep state.
-   -  In the case of S3, tboot will also register itself as the resume
-      vector.  This is necessary because it must re-establish the
-      measured environment upon resume.  Once the TXT environment
-      has been restored, it will restore the TPM PCRs and then
-      transfer control back to the kernel's S3 resume vector.
-      In order to preserve system integrity across S3, the kernel
-      provides tboot with a set of memory ranges (RAM and RESERVED_KERN
-      in the e820 table, but not any memory that BIOS might alter over
-      the S3 transition) that tboot will calculate a MAC (message
-      authentication code) over and then seal with the TPM. On resume
-      and once the measured environment has been re-established, tboot
-      will re-calculate the MAC and verify it against the sealed value.
-      Tboot's policy determines what happens if the verification fails.
-      Note that the c/s 194 of tboot which has the new MAC code supports
-      this.
-
-That's pretty much it for TXT support.
-
-
-Configuring the System:
-======================
-
-This code works with 32bit, 32bit PAE, and 64bit (x86_64) kernels.
-
-In BIOS, the user must enable:  TPM, TXT, VT-x, VT-d.  Not all BIOSes
-allow these to be individually enabled/disabled and the screens in
-which to find them are BIOS-specific.
-
-grub.conf needs to be modified as follows:
-        title Linux 2.6.29-tip w/ tboot
-          root (hd0,0)
-                kernel /tboot.gz logging=serial,vga,memory
-                module /vmlinuz-2.6.29-tip intel_iommu=on ro
-                       root=LABEL=/ rhgb console=ttyS0,115200 3
-                module /initrd-2.6.29-tip.img
-                module /Q35_SINIT_17.BIN
-
-The kernel option for enabling Intel TXT support is found under the
-Security top-level menu and is called "Enable Intel(R) Trusted
-Execution Technology (TXT)".  It is considered EXPERIMENTAL and
-depends on the generic x86 support (to allow maximum flexibility in
-kernel build options), since the tboot code will detect whether the
-platform actually supports Intel TXT and thus whether any of the
-kernel code is executed.
-
-The Q35_SINIT_17.BIN file is what Intel TXT refers to as an
-Authenticated Code Module.  It is specific to the chipset in the
-system and can also be found on the Trusted Boot site.  It is an
-(unencrypted) module signed by Intel that is used as part of the
-DRTM process to verify and configure the system.  It is signed
-because it operates at a higher privilege level in the system than
-any other macrocode and its correct operation is critical to the
-establishment of the DRTM.  The process for determining the correct
-SINIT ACM for a system is documented in the SINIT-guide.txt file
-that is on the tboot SourceForge site under the SINIT ACM downloads.
diff --git a/Documentation/x86/intel_txt.txt b/Documentation/x86/intel_txt.txt
new file mode 100644
index 0000000..91d89c5
--- /dev/null
+++ b/Documentation/x86/intel_txt.txt
 <at>  <at>  -0,0 +1,210  <at>  <at> 
+Intel(R) TXT Overview:
+=====================
+
+Intel's technology for safer computing, Intel(R) Trusted Execution
+Technology (Intel(R) TXT), defines platform-level enhancements that
+provide the building blocks for creating trusted platforms.
+
+Intel TXT was formerly known by the code name LaGrande Technology (LT).
+
+Intel TXT in Brief:
+o  Provides dynamic root of trust for measurement (DRTM)
+o  Data protection in case of improper shutdown
+o  Measurement and verification of launched environment
+
+Intel TXT is part of the vPro(TM) brand and is also available some
+non-vPro systems.  It is currently available on desktop systems
+based on the Q35, X38, Q45, and Q43 Express chipsets (e.g. Dell
+Optiplex 755, HP dc7800, etc.) and mobile systems based on the GM45,
+PM45, and GS45 Express chipsets.
+
+For more information, see http://www.intel.com/technology/security/.
+This site also has a link to the Intel TXT MLE Developers Manual,
+which has been updated for the new released platforms.
+
+Intel TXT has been presented at various events over the past few
+years, some of which are:
+      LinuxTAG 2008:
+          http://www.linuxtag.org/2008/en/conf/events/vp-donnerstag.html
+      TRUST2008:
+          http://www.trust-conference.eu/downloads/Keynote-Speakers/
+          3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf
+      IDF, Shanghai:
+          http://www.prcidf.com.cn/index_en.html
+      IDFs 2006, 2007 (I'm not sure if/where they are online)
+
+Trusted Boot Project Overview:
+=============================
+
+Trusted Boot (tboot) is an open source, pre-kernel/VMM module that
+uses Intel TXT to perform a measured and verified launch of an OS
+kernel/VMM.
+
+It is hosted on SourceForge at http://sourceforge.net/projects/tboot.
+The mercurial source repo is available at http://www.bughost.org/
+repos.hg/tboot.hg.
+
+Tboot currently supports launching Xen (open source VMM/hypervisor
+w/ TXT support since v3.2), and now Linux kernels.
+
+
+Value Proposition for Linux or "Why should you care?"
+=====================================================
+
+While there are many products and technologies that attempt to
+measure or protect the integrity of a running kernel, they all
+assume the kernel is "good" to begin with.  The Integrity
+Measurement Architecture (IMA) and Linux Integrity Module interface
+are examples of such solutions.
+
+To get trust in the initial kernel without using Intel TXT, a
+static root of trust must be used.  This bases trust in BIOS
+starting at system reset and requires measurement of all code
+executed between system reset through the completion of the kernel
+boot as well as data objects used by that code.  In the case of a
+Linux kernel, this means all of BIOS, any option ROMs, the
+bootloader and the boot config.  In practice, this is a lot of
+code/data, much of which is subject to change from boot to boot
+(e.g. changing NICs may change option ROMs).  Without reference
+hashes, these measurement changes are difficult to assess or
+confirm as benign.  This process also does not provide DMA
+protection, memory configuration/alias checks and locks, crash
+protection, or policy support.
+
+By using the hardware-based root of trust that Intel TXT provides,
+many of these issues can be mitigated.  Specifically: many
+pre-launch components can be removed from the trust chain, DMA
+protection is provided to all launched components, a large number
+of platform configuration checks are performed and values locked,
+protection is provided for any data in the event of an improper
+shutdown, and there is support for policy-based execution/verification.
+This provides a more stable measurement and a higher assurance of
+system configuration and initial state than would be otherwise
+possible.  Since the tboot project is open source, source code for
+almost all parts of the trust chain is available (excepting SMM and
+Intel-provided firmware).
+
+How Does it Work?
+=================
+
+o  Tboot is an executable that is launched by the bootloader as
+   the "kernel" (the binary the bootloader executes).
+o  It performs all of the work necessary to determine if the
+   platform supports Intel TXT and, if so, executes the GETSEC[SENTER]
+   processor instruction that initiates the dynamic root of trust.
+   -  If tboot determines that the system does not support Intel TXT
+      or is not configured correctly (e.g. the SINIT AC Module was
+      incorrect), it will directly launch the kernel with no changes
+      to any state.
+   -  Tboot will output various information about its progress to the
+      terminal, serial port, and/or an in-memory log; the output
+      locations can be configured with a command line switch.
+o  The GETSEC[SENTER] instruction will return control to tboot and
+   tboot then verifies certain aspects of the environment (e.g. TPM NV
+   lock, e820 table does not have invalid entries, etc.).
+o  It will wake the APs from the special sleep state the GETSEC[SENTER]
+   instruction had put them in and place them into a wait-for-SIPI
+   state.
+   -  Because the processors will not respond to an INIT or SIPI when
+      in the TXT environment, it is necessary to create a small VT-x
+      guest for the APs.  When they run in this guest, they will
+      simply wait for the INIT-SIPI-SIPI sequence, which will cause
+      VMEXITs, and then disable VT and jump to the SIPI vector.  This
+      approach seemed like a better choice than having to insert
+      special code into the kernel's MP wakeup sequence.
+o  Tboot then applies an (optional) user-defined launch policy to
+   verify the kernel and initrd.
+   -  This policy is rooted in TPM NV and is described in the tboot
+      project.  The tboot project also contains code for tools to
+      create and provision the policy.
+   -  Policies are completely under user control and if not present
+      then any kernel will be launched.
+   -  Policy action is flexible and can include halting on failures
+      or simply logging them and continuing.
+o  Tboot adjusts the e820 table provided by the bootloader to reserve
+   its own location in memory as well as to reserve certain other
+   TXT-related regions.
+o  As part of its launch, tboot DMA protects all of RAM (using the
+   VT-d PMRs).  Thus, the kernel must be booted with 'intel_iommu=on'
+   in order to remove this blanket protection and use VT-d's
+   page-level protection.
+o  Tboot will populate a shared page with some data about itself and
+   pass this to the Linux kernel as it transfers control.
+   -  The location of the shared page is passed via the boot_params
+      struct as a physical address.
+o  The kernel will look for the tboot shared page address and, if it
+   exists, map it.
+o  As one of the checks/protections provided by TXT, it makes a copy
+   of the VT-d DMARs in a DMA-protected region of memory and verifies
+   them for correctness.  The VT-d code will detect if the kernel was
+   launched with tboot and use this copy instead of the one in the
+   ACPI table.
+o  At this point, tboot and TXT are out of the picture until a
+   shutdown (S<n>)
+o  In order to put a system into any of the sleep states after a TXT
+   launch, TXT must first be exited.  This is to prevent attacks that
+   attempt to crash the system to gain control on reboot and steal
+   data left in memory.
+   -  The kernel will perform all of its sleep preparation and
+      populate the shared page with the ACPI data needed to put the
+      platform in the desired sleep state.
+   -  Then the kernel jumps into tboot via the vector specified in the
+      shared page.
+   -  Tboot will clean up the environment and disable TXT, then use the
+      kernel-provided ACPI information to actually place the platform
+      into the desired sleep state.
+   -  In the case of S3, tboot will also register itself as the resume
+      vector.  This is necessary because it must re-establish the
+      measured environment upon resume.  Once the TXT environment
+      has been restored, it will restore the TPM PCRs and then
+      transfer control back to the kernel's S3 resume vector.
+      In order to preserve system integrity across S3, the kernel
+      provides tboot with a set of memory ranges (RAM and RESERVED_KERN
+      in the e820 table, but not any memory that BIOS might alter over
+      the S3 transition) that tboot will calculate a MAC (message
+      authentication code) over and then seal with the TPM. On resume
+      and once the measured environment has been re-established, tboot
+      will re-calculate the MAC and verify it against the sealed value.
+      Tboot's policy determines what happens if the verification fails.
+      Note that the c/s 194 of tboot which has the new MAC code supports
+      this.
+
+That's pretty much it for TXT support.
+
+
+Configuring the System:
+======================
+
+This code works with 32bit, 32bit PAE, and 64bit (x86_64) kernels.
+
+In BIOS, the user must enable:  TPM, TXT, VT-x, VT-d.  Not all BIOSes
+allow these to be individually enabled/disabled and the screens in
+which to find them are BIOS-specific.
+
+grub.conf needs to be modified as follows:
+        title Linux 2.6.29-tip w/ tboot
+          root (hd0,0)
+                kernel /tboot.gz logging=serial,vga,memory
+                module /vmlinuz-2.6.29-tip intel_iommu=on ro
+                       root=LABEL=/ rhgb console=ttyS0,115200 3
+                module /initrd-2.6.29-tip.img
+                module /Q35_SINIT_17.BIN
+
+The kernel option for enabling Intel TXT support is found under the
+Security top-level menu and is called "Enable Intel(R) Trusted
+Execution Technology (TXT)".  It is considered EXPERIMENTAL and
+depends on the generic x86 support (to allow maximum flexibility in
+kernel build options), since the tboot code will detect whether the
+platform actually supports Intel TXT and thus whether any of the
+kernel code is executed.
+
+The Q35_SINIT_17.BIN file is what Intel TXT refers to as an
+Authenticated Code Module.  It is specific to the chipset in the
+system and can also be found on the Trusted Boot site.  It is an
+(unencrypted) module signed by Intel that is used as part of the
+DRTM process to verify and configure the system.  It is signed
+because it operates at a higher privilege level in the system than
+any other macrocode and its correct operation is critical to the
+establishment of the DRTM.  The process for determining the correct
+SINIT ACM for a system is documented in the SINIT-guide.txt file
+that is on the tboot SourceForge site under the SINIT ACM downloads.
--

-- 
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Binderman | 19 Nov 20:29 2013
Picon

tboot-1.7.3/tboot/common/hash.c:137: possible cut'n'paste error ?

hello there,

I recently ran the static analyser "cppcheck" over the source code of tboot-1.7.3

It said

[common/hash.c:137] -> [common/hash.c:137]: (style) Same expression on both sides of '||'.

Source code is

void copy_hash(tb_hash_t *dest_hash, const tb_hash_t *src_hash,
               uint8_t hash_alg)
{
    if ( dest_hash == NULL || dest_hash == NULL ) {
        printk(TBOOT_WARN"hashes are NULL\n");
        return;
    }

Suggest change the second mention of dest_hash to src_hash

Regards

David Binderman 		 	   		  
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
Wei, Gang | 23 Oct 04:24 2013
Picon

OpenAttestation project web and mailing list go live at 01.org

To facilitate easier ecosystem/community communication, a new home page was
created for OAT project  <at>  https://01.org/openattestation, and a mailing list
was created as oat-devel <at> lists.01.org. And the code tree is still hosted on
github.

You can subscribe in oat-devel list on
https://lists.01.org/mailman/listinfo/oat-devel. Look forward to more
discussions and contributions to OAT through oat-devel mailing list.

Thanks
Jimmy
Attachment (smime.p7s): application/pkcs7-signature, 12 KiB
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Khan | 16 Oct 14:48 2013
Picon

tboot- Is it slow or its just slow on my machine!

Hi,

I installed Tboot and it works fine. But one thing I noticed that my machine is annoyingly slow to work with. Is it normal or its just the case for my machine?

thanks & best,
Miki
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Charles York | 9 Oct 19:28 2013
Picon

Missing TXT Error Status/Errorcode

Hello tboot-devel. I'm posting this here because I'm not too confident in getting a reply from the Intel TXT developer forums.

I'm doing some experimenting with TXT in my own driver. When I issue the GETSEC[SENTER] command, the system crashes as I expect (since I don't think I have everything set up right yet), but confusingly there is no error code to tell me what I'm doing wrong and help me move forward.

I read physical memory addresses 0xFED3000 + 8 (TXT.ESTS - Error Status) and address 0xFED30000 + 0x30 (TXT.ERRORCODE) both before and after a soft reset. But both values are still set to 0.

Can you please explain under what conditions these fields would not be updated on SENTER crash?

I'm currently using the i5_i7_DUAL-SINIT_51 SINIT file.

Thank you very much.

V/r

Charles York

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Nehal Bandi | 28 Aug 16:18 2013

tboot memory allocation

Hi,

 

I am trying to safely allocate a page worth of memory within tboot for some Prototype PCR extensions from TPM NV RAM.

 

I could not find any function within tboot which lets me know which memory I can use safely.

 

I understand that there are function like  “get_txt_heap” to get the size and base of heap area but the heap seems to have

fix layout as defined in heap.h.

 

Also the tboot modules get relocated and erased within the “g_mbi” map so I  was not sure which area I can use safely.

 

The solution I ended up using was to add another  ‘.data ‘ area in the loader map after  “tboot_shared” section and

then access it from global variable . Which I think is just  a trick since I was not able to figure out any safe memory with the existing memory layout.

 

I am very new to tboot, Please let me know if I am missing something very obvious here.

 

-Regards,

Nehal

 

 

 

 

 

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Alexander Kjeldaas | 23 Aug 17:41 2013
Picon

tpmnv_defindex establish physical presence

I'm having the following issue on a Intel server board (Haswell): S1200V3RPS
tboot seems to indicate that nvram is locked.

Is my nvram locked?  How is it unlocked?  How do I establish physical presence, there is nothing in the BIOS except TPM ON/OFF.

$ tpmnv_defindex -i owner
Haven't input permission value, use default value 0x2
Haven't input data size, use default value 54
Tspi_NV_DefineSpace failed failed: Bad physical presence value (0x082d)

$ tpm_nvinfo
NVRAM index   : 0x10000001 (268435457)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00001002 (WRITEALL|OWNERWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 20 (0x14)

NVRAM index   : 0x1000f000 (268496896)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00020002 (OWNERREAD|OWNERWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 1129 (0x469)

NVRAM index   : 0x50000003 (1342177283)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : 0x18
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 96 (0x60)

NVRAM index   : 0x50000001 (1342177281)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00002000 (WRITEDEFINE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : TRUE
Size          : 54 (0x36)


$ txt-stat
Intel(r) TXT Configuration Registers:
        STS: 0x00000002
            senter_done: FALSE
            sexit_done: TRUE
            mem_config_lock: FALSE
            private_open: FALSE
            locality_1_open: FALSE
            locality_2_open: FALSE
        ESTS: 0x00
            txt_reset: FALSE
        E2STS: 0x0000000000000004
            secrets: FALSE
        ERRORCODE: 0x00000000
        DIDVID: 0x00000001b0028086
            vendor_id: 0x8086
            device_id: 0xb002
            revision_id: 0x1
        FSBIF: 0xffffffffffffffff
        QPIIF: 0x000000009d003000
        SINIT.BASE: 0x00000000
        SINIT.SIZE: 0B (0x0)
        HEAP.BASE: 0x00000000
        HEAP.SIZE: 0B (0x0)
        DPR: 0x0000000000000000
            lock: FALSE
            top: 0x00000000
            size: 0MB (0B)
        PUBLIC.KEY:
            ...

***********************************************************
         TXT measured launch: FALSE
         secrets flag set: FALSE
***********************************************************
TBOOT log:
         max_size=7fe8
         curr_pos=abd
         buf:
TBOOT: ******************* TBOOT *******************
TBOOT:    2013-07-05 12:00 +0800 1.7.4
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT:  0000000000000000 - 000000000009bc00  (1)
TBOOT:  000000000009bc00 - 00000000000a0000  (2)
TBOOT:  00000000000e0000 - 0000000000100000  (2)
TBOOT:  0000000000100000 - 000000009e828000  (1)
TBOOT:  000000009e828000 - 00000000ae8a9000  (4)
TBOOT:  00000000ae8a9000 - 00000000b21c8000  (1)
TBOOT:  00000000b21c8000 - 00000000b4d2f000  (2)
TBOOT:  00000000b4d2f000 - 00000000b4f2f000  (4)
TBOOT:  00000000b4f2f000 - 00000000b4ff0000  (3)
TBOOT:  00000000b4ff0000 - 00000000b5000000  (1)
TBOOT:  00000000b5000000 - 00000000c0000000  (2)
TBOOT:  00000000f8000000 - 00000000fc000000  (2)
TBOOT:  00000000fec00000 - 00000000fec01000  (2)
TBOOT:  00000000fed19000 - 00000000fed1a000  (2)
TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
TBOOT:  00000000fee00000 - 00000000fee01000  (2)
TBOOT:  00000000ff400000 - 0000000100000000  (2)
TBOOT:  0000000100000000 - 0000000440000000  (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
TBOOT: Wrong timeout B, fallback to 2000
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: TPM: get capability, return value = 00000002
TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
TBOOT:  :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: TPM: get capability, return value = 00000002
TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
TBOOT:  :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT:   version: 2
TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT:   hash_alg: TB_HALG_SHA1
TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
TBOOT:   num_entries: 2
TBOOT:   policy entry[0]:
TBOOT:           mod_num: 0
TBOOT:           pcr: none
TBOOT:           hash_type: TB_HTYPE_ANY
TBOOT:           num_hashes: 0
TBOOT:   policy entry[1]:
TBOOT:           mod_num: any
TBOOT:           pcr: 19
TBOOT:           hash_type: TB_HTYPE_ANY
TBOOT:           num_hashes: 0
TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002
TBOOT: Error: write TPM error: 0x2.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: SMX not supported.
TBOOT: no LCP module found
TBOOT: Error: ELF magic number is not matched.
TBOOT: assuming kernel is Linux format
TBOOT: Initrd from 0x7f06d000 to 0x7ffff800
TBOOT: Kernel (protected mode) from 0x1000000 to 0x1316860
TBOOT: Kernel (real mode) from 0x90000 to 0x94200
TBOOT: transfering control to kernel <at> 0x1000000...

Alexander
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Gmane