Hello all,


Sorry, it looks like html formatting sort of messed up my last post…  I am trying to boot a tboot 1.7, xen 4.1 x86_64, Linux 3.1.1 x86_64 combination. I think I have a very basic problem, but I am not sure how to fix it and I was wondering if someone could point me in the right direction. When I try to boot with tboot, the tboot process goes through to the point of ‘TBOOT: executing GETSEC[SENTER]...’ and then resets the system to repeat the process. In looking at the serial output log, two things stick out.


1)            Txt.errorcode

a.            TBOOT: TXT.ERRORCODE: 0xc0005d01

b.            TBOOT: AC module error : acm_type=0x1, progress=0x10, error=0x17

c.             Which maps to: ‘ Owner policy is of type LCP_POLTYPE_LIST but no policy data has been provided’

2)            TBOOT: no LCP module found


Please see the first post for the diagnostics.


Thanks for the help



//Setup and policy creation

tpm_takeownership -z

tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxxxxxx

tpmnv_defindex -i owner -s 0x36 -p xxxxxxxx

tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p xxxxxxxx


lcp_mlehash -c "logging=serial,vga,memory" /boot/tboot.gz > tboot_hash

lcp_crtpol -t hashonly -m tboot_hash -o lcp.pol

lcp_writepol -i owner -f lcp.pol -p xxxxxxxx

tb_polgen --create --type nonfatal tcb.pol

tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "no-real-mode" --image /boot/xen-4.1.gz tcb.pol

tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "ro root=/dev/mapper/vg_xentest1-lv_root rd_LVM_LV=vg_xentest1/lv_root rd_LVM_LV=vg_xentest1/lv_swap" --image /boot/vmlinuz-3.1.1-xxx tcb.pol

tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image /boot/initramfs-3.1.1-xxx.img tcb.pol

lcp_writepol -i 0x20000001 -f tcb.pol -p xxxxxxxx

CONFIDENTIALITY NOTICE:This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.