First, your TPM is reporting incorrect timeout values:

TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0

but tboot will detect this and set them to the defaults.

 

BIOS is not enabling TXT:

TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005

This indicates that only VT is enabled.  You need to enable TXT in the BIOS (assuming it supports TXT).

 

In your GRUB config, you should duplicate the module name so that tboot will get it (GRUB2 difference):

multiboot /boot/tboot.gz placeholder logging=serial,vga,memory

e.g. replace ‘placeholder’ with ‘tboot.gz’ and do this for every module entry.

 

gigabyte P55A-UD5

On the GIGABYTE website I wasn’t able to find any indication whether this mb/BIOS supports TXT.  The CPU and chipset do.  So you would need to contact GIGABTYE to find out whether this system supports TXT.

 

Joe

 

From: Jungho Song [mailto:jhsong@camars.kaist.ac.kr]
Sent: Wednesday, November 03, 2010 11:24 PM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] IA32_FEATURE_CONTROL_MSR problem

 

TBOOT: ******************* TBOOT *******************

TBOOT:    unavailable

TBOOT: *********************************************

TBOOT: command line: logging=serial,vga,memory

TBOOT: BSP is cpu 0

TBOOT: original e820 map:

TBOOT:        0000000000000000 - 000000000009f800  (1)

TBOOT:        000000000009f800 - 00000000000a0000  (2)

TBOOT:        00000000000f0000 - 0000000000100000  (2)

TBOOT:        0000000000100000 - 00000000df7a0000  (1)

TBOOT:        00000000df7a0000 - 00000000df7d2000  (4)

TBOOT:        00000000df7d2000 - 00000000df7e0000  (2)

TBOOT:        00000000df7e0000 - 00000000df800000  (2)

TBOOT:        00000000f4000000 - 00000000f8000000  (2)

TBOOT:        00000000fec00000 - 0000000100000000  (2)

TBOOT:        0000000100000000 - 0000000120000000  (1)

TBOOT: TPM is ready

TBOOT: TPM nv_locked: FALSE

TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0

TBOOT: reading Verified Launch Policy from TPM NV...

TBOOT:        :512 bytes read

TBOOT: policy:

TBOOT:        version: 2

TBOOT:        policy_type: TB_POLTYPE_CONT_NON_FATAL

TBOOT:        hash_alg: TB_HALG_SHA1

TBOOT:        policy_control: 00000001 (EXTEND_PCR17)

TBOOT:        num_entries: 4

TBOOT:        policy entry[0]:

TBOOT:                    mod_num: 0

TBOOT:                    pcr: none

TBOOT:                    hash_type: TB_HTYPE_IMAGE

TBOOT:                    num_hashes: 3

TBOOT:                    hashes[0]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35 49 

TBOOT:                    hashes[1]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35 49 

TBOOT:                    hashes[2]: db 47 fa 5f 2d 10 75 9b 82 fd 45 f6 7f 2c 85 8e f4 b1 71 86 

TBOOT:        policy entry[1]:

TBOOT:                    mod_num: 1

TBOOT:                    pcr: 19

TBOOT:                    hash_type: TB_HTYPE_IMAGE

TBOOT:                    num_hashes: 3

TBOOT:                    hashes[0]: 99 c8 25 17 7e de 00 14 61 04 f4 d7 48 fa a7 74 19 2d de 78 

TBOOT:                    hashes[1]: 8a 6e 89 56 e1 60 8f a1 27 20 dc f1 6a 0c c8 05 55 dd 85 0d 

TBOOT:                    hashes[2]: e7 d5 eb 17 7f cc 06 30 38 93 e3 95 2e 5a 63 e8 a3 f0 11 1e 

TBOOT:        policy entry[2]:

TBOOT:                    mod_num: 2

TBOOT:                    pcr: 19

TBOOT:                    hash_type: TB_HTYPE_IMAGE

TBOOT:                    num_hashes: 2

TBOOT:                    hashes[0]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf 49 

TBOOT:                    hashes[1]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf 49 

TBOOT:        policy entry[3]:

TBOOT:                    mod_num: 3

TBOOT:                    pcr: 20

TBOOT:                    hash_type: TB_HTYPE_IMAGE

TBOOT:                    num_hashes: 1

TBOOT:                    hashes[0]: 92 b8 4f 5b 0f 57 1a fd 7f 3a b3 67 af 43 06 60 a6 f4 f9 09 

TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005

TBOOT: CPU is SMX-capable

TBOOT: ERR: SENTER disabled by feature control MSR (5)

TBOOT: CPU is VMX-capable

TBOOT: ERR: VMXON disabled by feature control MSR (5)

TBOOT: SMX is enabled

TBOOT: TXT chipset and all needed capabilities present

TBOOT: TXT.ERRORCODE=0

TBOOT: LT.ESTS=0

TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005

TBOOT: CPU is SMX-capable

TBOOT: ERR: SENTER disabled by feature control MSR (5)

TBOOT: CPU is VMX-capable

TBOOT: ERR: VMXON disabled by feature control MSR (5)

TBOOT: SMX is enabled

TBOOT: TXT chipset and all needed capabilities present

TBOOT: unsupported BIOS data version (4026589891)

TBOOT: BIOS data specifies too many CPUs (4026597029)

TBOOT: generic fatal error.

TBOOT: TPM: tpm_validate_locality timeout

TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_HALT

TBOOT: ******************* TBOOT *******************

TBOOT:    unavailable

TBOOT: *********************************************

TBOOT: command line: logging=serial,vga,memory

TBOOT: BSP is cpu 0

TBOOT: original e820 map:

TBOOT:        0000000000000000 - 000000000009f800  (1)

TBOOT:        000000000009f800 - 00000000000a0000  (2)

TBOOT:        00000000000f0000 - 0000000000100000  (2)

TBOOT:        0000000000100000 - 00000000df7a0000  (1)

TBOOT:        00000000df7a0000 - 00000000df7d2000  (4)

TBOOT:        00000000df7d2000 - 00000000df7e0000  (2)

TBOOT:        00000000df7e0000 - 00000000df800000  (2)

TBOOT:        00000000f4000000 - 00000000f8000000  (2)

TBOOT:        00000000fec00000 - 0000000100000000  (2)

TBOOT:        0000000100000000 - 0000000120000000  (1)

TBOOT: TPM is ready

TBOOT: TPM nv_locked: FALSE

TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0

TBOOT: reading Verified Launch Policy from TPM NV...

TBOOT:        :512 bytes read

TBOOT: policy:

TBOOT:        version: 2

TBOOT:        policy_type: TB_POLTYPE_CONT_NON_FATAL

TBOOT:        hash_alg: TB_HALG_SHA1

TBOOT:        policy_control: 00000001 (EXTEND_PCR17)

TBOOT:        num_entries: 4

TBOOT:        policy entry[0]:

TBOOT:                    mod_num: 0

TBOOT:                    pcr: none

TBOOT:                    hash_type: TB_HTYPE_IMAGE

TBOOT:                    num_hashes: 3

TBOOT:                    hashes[0]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35 49 

TBOOT:                    hashes[1]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35 49 

TBOOT:                    hashes[2]: db 47 fa 5f 2d 10 75 9b 82 fd 45 f6 7f 2c 85 8e f4 b1 71 86 

TBOOT:        policy entry[1]:

TBOOT:                    mod_num: 1

TBOOT:                    pcr: 19

TBOOT:                    hash_type: TB_HTYPE_IMAGE

TBOOT:                    num_hashes: 3

TBOOT:                    hashes[0]: 99 c8 25 17 7e de 00 14 61 04 f4 d7 48 fa a7 74 19 2d de 78 

TBOOT:                    hashes[1]: 8a 6e 89 56 e1 60 8f a1 27 20 dc f1 6a 0c c8 05 55 dd 85 0d 

TBOOT:                    hashes[2]: e7 d5 eb 17 7f cc 06 30 38 93 e3 95 2e 5a 63 e8 a3 f0 11 1e 

TBOOT:        policy entry[2]:

TBOOT:                    mod_num: 2

TBOOT:                    pcr: 19

TBOOT:                    hash_type: TB_HTYPE_IMAGE

TBOOT:                    num_hashes: 2

TBOOT:                    hashes[0]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf 49 

TBOOT:                    hashes[1]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf 49 

TBOOT:        policy entry[3]:

TBOOT:                    mod_num: 3

TBOOT:                    pcr: 20

TBOOT:                    hash_type: TB_HTYPE_IMAGE

TBOOT:                    num_hashes: 1

TBOOT:                    hashes[0]: 92 b8 4f 5b 0f 57 1a fd 7f 3a b3 67 af 43 06 60 a6 f4 f9 09 

TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005

TBOOT: CPU is SMX-capable

TBOOT: ERR: SENTER disabled by feature control MSR (5)

TBOOT: SMX not supported.

TBOOT: no LCP module found

TBOOT: kernel is ELF format

TBOOT: transfering control to kernel @0x100000...

 

CPU : i7 860 (2.8)

M/B : gigabyte P55A-UD5

Tboot : 20101015 version

XEN : 4.0.1

 

grub.cfg (grub2)

menuentry 'Xen 4.0.1 / Debian Linux 2.6.32.23 / Intel(R) Trusted Execution Technology'

{

   insmod part_msdos

   insmod ext2

   set root='(hd0,msdos1)'

   search --no-floppy --fs-uuid --set 02d55450-a706-4474-8aec-f4632c1f0792

   echo    'tBoot with Xen 4.0.1 / Linux 2.6.32.23 ...'

   multiboot /boot/tboot.gz placeholder logging=serial,vga,memory

   module /boot/xen-4.0.1.gz console=com1,vga com1=115200,8n1

   module  /boot/vmlinuz-2.6.32.23 placeholder root=UUID=02d55450-a706-4474-8aec-f4632c1f0792 ro  quieti 

   echo  'Loading initial ramdisk ...'

   module  /boot/initrd.img-2.6.32.23

   echo 'SINIT ...'

   module /boot/i7_QUAD_SINIT_20.BIN

 }

 

 

--------------------------------------------------------------------------------------------------------------------------------

problem is that I can set up feature_control_msr to ff0f.

so, tboot can't execute 'SENTER' instruction.

I think it may be M/B or BIOS problem.

why feature_control_msr value is 5 ? 

I can't find reason of that..

 

thx to read

 

from jhSong