I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things but I am stuck at this point trying to figure out what's wrong.
Here are the commands that I have run (after taking ownership and creating the NV storage):
lcp_mlehash /boot/tboot.gz > mlehash
lcp_crtpol -t hashonly -m mle_hash -o lcp.pol
lcp_writepol -i owner -f lcp.pol -p password
I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet.