If this is the case, Is there an easy way to enable running HVM domains with TXT enabled?

 

--Tam Do

 


From: Ross Philipson [mailto:Ross.Philipson@citrix.com]
Sent: Monday, December 08, 2008 6:40 PM
To: Do, Tam T.; Cihula, Joseph; tboot-devel@lists.sourceforge.net
Subject: RE: [tboot-devel] tboot policy problems

 

> When booting xen there is a message which flashes by about disabling TXT.  Additionally it seems I am unable to run HVM domains with TXT enabled in the bios.

 

Yeah I think we added that message in Xen a few months back. We saw that on certain platforms the BIOS was setting up the MSR feature bits to where if you had TXT enabled you had to enter SMX mode to enable VMX mode. It was definitely something OEM BIOS specific - I saw it on a Dell 755.

 

Thanks
Ross

 


From: Do, Tam T. [mailto:tdo@swri.org]
Sent: Mon 12/8/2008 6:53 PM
To: Cihula, Joseph; tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] tboot policy problems

Yes I have already taken ownership auth of the tpm.

 

I get the following output when I run tpmnv_getcap:

 

The response data is:

01 00 00 40 02 00 00 20

 

2 indices have been defined

list of indices for defined NV storage areas:

0x01000040 0x02000020

 

I have also noticed a few strange things about my machine…  When booting xen there is a message which flashes by about disabling TXT.  Additionally it seems I am unable to run HVM domains with TXT enabled in the bios.  This may be a problem with the vendor’s bios as this system is fairly new…  I will attempt to update the bios to version A09 from A06 and will update you on the results if any different.

 

Thanks,

 

--Tam Do

 


From: Cihula, Joseph [mailto:joseph.cihula@intel.com]
Sent: Monday, December 08, 2008 3:43 PM
To: Do, Tam T.; tboot-devel@lists.sourceforge.net
Subject: RE: tboot policy problems

 

And you’ve taken ownership and set the owner auth to “TPM-password”?  What do you get if you run tpmnv_getcap?

 

Joe

 

From: Do, Tam T. [mailto:tdo@swri.org]
Sent: Monday, December 08, 2008 10:38 AM
To: tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] tboot policy problems

 

Dell Latitude E6500

 

Linux 2.6.18.18.8-xen (unstable build)

 

--Tam Do

 

 


From: Cihula, Joseph [mailto:joseph.cihula@intel.com]
Sent: Monday, December 08, 2008 11:44 AM
To: Do, Tam T.; tboot-devel@lists.sourceforge.net
Subject: RE: tboot policy problems

 

What model is your computer and what version of Linux are you using?

 

Joe

 

From: Do, Tam T. [mailto:tdo@swri.org]
Sent: Monday, December 08, 2008 9:00 AM
To: tboot-devel@lists.sourceforge.net
Cc: Cihula, Joseph
Subject: tboot policy problems

 

> I am running into some problems with the tpm when following the steps

> in /docs/policy.txt to set up a default policy.

> When I reach the step Define tboot error TPM NV index: and enter the

> command

> tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p

> TPM-password

> I receive the following error:

> Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command

> DefIndex failed:

>      TSS API failed

 

I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values.

 

When running trousers in the foreground with debug options enabled I receive the following output:

 

TCSD TDDL ioctl: (25) Inappropriate ioctl for device

TCSD TDDL Falling back to Read/Write device support.

TCSD trousers 0.3.1: TCSD up and running

 

Thanks,

 

--Tam Do