Re: [tboot-devel] Tboot Installation Issues

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Michael,

TXT/VT-x/VT-d need to be enabled, can you check your machine to make sure they are enabled?

Regards,
Sun Ning

-------- Original message --------
From: Michael Perng <mp...@us...>
Date:11/18/2014 4:07 PM (GMT-08:00)
To: tbo...@li...
Cc: Nikhil Gupta <Nik...@us...>
Subject: [tboot-devel] Tboot Installation Issues

-------- Original message --------
From: Michael Perng <mp...@us...>
Date:11/18/2014 4:07 PM (GMT-08:00)
To: tbo...@li...
Cc: Nikhil Gupta <Nik...@us...>
Subject: [tboot-devel] Tboot Installation Issues

Hello,

I am trying to install tboot on 2 systems - one running RHEL 6.5 and one running Ubuntu. I did the following steps, to no success:

#tpm_takeownership -z

# yum install trousers-devel tpm-tools tboot

modify /boot/grub/grub.conf so that the first line looks like this:

title tboot Red Hat Enterprise Linux Server (...)
        root (hd0,0)
        kernel /tboot.gz loglvl=all logging=serial,vga,memory vga_delay=1
        module /vmlinuz ... (kernel)
        module /initramfs ... (initrd)
(Both systems are equipped with SINIT in the BIOS, so there was no need to add it as a module in the configuration above.)

I did equivalent steps on the Ubuntu machine.

Neither machine showed any signs of having successfully run tboot:

- txt-stat shows that 'TXT measured launch' is FALSE
- TPMs are owned, enabled, and active
- pcr values are as follows:
PCR-00 to PCR-07 contain values as expected
...
PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-21: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The following errors were given by txt-stat as well:

...
TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
TBOOT:  :reading failed
...
TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
TBOOT:  :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
...
TBOOT: Error: write TPM error: 0x2.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000007
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSThR (7)
TBOOT: SMX not supported.
TBOOT: no LCP module found
TBOOT: Error: ELF magic number is not matched.
...

Both machines have similar output for txt-stat with the exception that the 'ERR: SENTER disabled by feature control...'  error only showed up on the RHEL machine.
One interesting thing that I noticed that might be connected to the problem is that the 'tpm_tis.ko' module does not exist on either machine.

Does anyone have an idea of why tboot is not successfully activating the DRTMs and what I could do to solve the problem?

Thanks,

Michael