From: Jeff C. <jcl...@bb...> - 2011-01-14 19:39:35
|
I do not believe the tpm_tis driver was loaded, however if I do load the module I get the same error code. It does seem the TPM has an active locality. I'm getting the debug output from this snippet of code in tpm.c: /* * must ensure TPM_ACCESS_0.activeLocality bit is clear * (: locality is not active) */ read_tpm_reg(locality, TPM_REG_ACCESS,®_acc); if ( reg_acc.active_locality != 0 ) { dbg("(in tpm.c) reg_acc.active_locality != 0\n"); /* make inactive by writing a 1 */ reg_acc.active_locality = 1; write_tpm_reg(locality, TPM_REG_ACCESS,®_acc); } At this point in the code before it enters the if statement and after it exits it reg_acc.active_locality is 1. I changed the line reg_acc.active_locality = 1; to reg_acc.active_locality = 0; but even after doing this the value of active_locality is 1. My guess is that there is something else I need to do to make it inactive. Thanks for the help, this has given me more of a direction to focus on. -Jeff On 01/14/2011 11:50 AM, Jonathan McCune wrote: > Although there are some distinct error codes for locality access > problems, you might check whether the Linux TPM driver is active. If > the TPM has an active locality (which would be locality 1 with Linux's > tpm_tis), then SENTER will not succeed. The easiest way to test if > this makes a difference is to boot Linux without loading tpm_tis, then > try a Flicker session, and see if it makes any difference. > > Also, with the SINIT module you're using, ACMOD_SIZE_MAX as defined in > flicker.h is too small in flicker-0.2. I generally use 64K instead of > 32K these days. Unfortunately the error handling in flicker-0.2 just > prints a small warning message and blindly keeps going with an > incomplete SINIT module if the buffer is too small. However, I would > expect that you would observe a different failure mode under those > conditions. > > Hope this helps, > -Jon > > > > On Fri, Jan 14, 2011 at 10:54 AM, Jeff Cleveland<jcl...@bb...> wrote: >> Hi list, >> >> My question stems from a TXT error I'm getting while trying to run >> Flicker. I have a dual core i5 laptop I'm testing on and using the sinit >> module i5_i7_DUAL_SINIT_18.bin. During execution of Flicker my computer >> reboots, upon startup I see the TXT ERRORCODE 0xc0003cd1, which parses >> as acm_type=1, progress=0d, error=f, and according to sinit_errors.txt >> that is "TPM PCR 17 was not properly initialized" >> >> The MLE Software Development Guide is pretty clear on how PCR 17 should >> be initialized, and yet I can't find in the Flicker or tboot source code >> where this initialization is happening. I was hoping to use the tboot >> source as a reference because on this machine GETSEC[SENTER] does >> successfully execute when I try launching tboot (loading the operating >> system fails afterwards but I believe thats a kernel configuration issue >> I haven't fixed yet). >> >> Any advice or pointers to where tboot initializes PCR 17 would be >> greatly appreciated. >> >> Thanks, >> Jeff >> >> ------------------------------------------------------------------------------ >> Protect Your Site and Customers from Malware Attacks >> Learn about various malware tactics and how to avoid them. Understand >> malware threats, the impact they can have on your business, and how you >> can protect your company and customers by using code signing. >> http://p.sf.net/sfu/oracle-sfdevnl >> _______________________________________________ >> tboot-devel mailing list >> tbo...@li... >> https://lists.sourceforge.net/lists/listinfo/tboot-devel >> -- Jeff Cleveland Raytheon - BBN Technologies 617-873-2515 jcl...@bb... |