This is a Q35 Express system and the SINIT for this chipset does not enforce the TPM NV lock (and the boot never gets that far).  It is a BIOS issue with the version of the BiosData structure being used.  You could try putting a workaround in the tboot code that not only sets the version field to 2 but also puts in the appropriate value of the num_logical_procs field for your CPU.

 

I will forward this to our person who works with Lenovo, but it would be best if you (Jonathan) could contact them as well (or whatever source you purchased the system through).

 

Joe

 

From: Karthik . [mailto:tresko1@gmail.com]
Sent: Monday, January 12, 2009 1:19 PM
To: tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] Buying a machine that will actually work

 

Looks like the TPM is not locked and that could be the reason for failure in your case.


From: "Jonathan M. McCune" <jonmccune@cmu.edu>
Subject: Re: [tboot-devel] Buying a machine that will actually work
       with TXT
To: tboot-devel@lists.sourceforge.net
Message-ID: <496BB031.20108@cmu.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hal Finney wrote:
> When Trusted Execution was announced, 3 models of computers were
> identified as supporting it: The HP Compaq dc7800, Dell OptiPlex 755
> PC, and the Lenovo ThinkCentre M57p. I don't know of any others that
> have been added to that list since then.
>
I tried the latest tboot on a Lenovo M57p and it fails to boot.  The
relevant errors seem to be that the BIOS data version is 1 and tboot
requires 2 or greater (error log below).  I have updated the machine to
the latest BIOS revision "2rj957a" with no luck.  Any ideas?

Thanks,
-Jon


TBOOT: ******************* TBOOT *******************
TBOOT:    2009-01-05 16:33 -0500 111:e009b057d5b0
TBOOT: ******************************

***************
TBOOT: command line: logging=vga,serial,memory
TBOOT: TPM is ready
TBOOT: TPM nv_locked: FALSE
TBOOT: TPM: get capability, return value = 00000002
TBOOT: failed to get actual policy size in TPM NV
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT:   version: 2
TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT:   hash_alg: TB_HALG_SHA1
TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
TBOOT:   num_entries: 2
TBOOT:   policy entry[0]:
TBOOT:           mod_num: 0
TBOOT:           pcr: none
TBOOT:           hash_type: TB_HTYPE_ANY
TBOOT:           num_hashes: 0
TBOOT:   policy entry[1]:
TBOOT:           mod_num: any
TBOOT:           pcr: 19
TBOOT:           hash_type: TB_HTYPE_ANY
TBOOT:           num_hashes: 0
TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return =
00000002
TBOOT: Error: write TPM error: 0x2.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return =
00000002
TBOOT: Error: write TPM error: 0x2.
TBOOT: LT.ERRORCODE=0
TBOOT: LT.ESTS=0
TBOOT: unsupported BIOS data version (1)
TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return =
00000002
TBOOT: Error: write TPM error: 0x2.
TBOOT: TPM: access reg release locality timeout
TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_HALT