Hal,

I've attached a log where there is no policy.  It reboots after GETSEC[SENTER].  I've compared my log to yours and I noticed that the TPM Access reg content was different.  Yours returns 0x80 and mine returns 0x81.  I don't know if that would make any big differences though.

Also, what TPM version do you have.  Here's the output of the tpm_version command for me:

TPM 1.2 Version Info:
Chip Version:        1.2.1.2
Spec Level:          2
Errata Revision:     0
TPM Vendor ID:       IFX
TPM Version:         01010000
Manufacturer Info:   4946580


David


On Jan 14, 2008 9:10 PM, David Dorsey <trogdorsey@gmail.com> wrote:
Hal,

Yes, in the log I included I have a policy set.  But I've also tried it with no policy set and it still fails.  I didn't post that since I didn't think it would add any value.


David



On Jan 14, 2008 7:02 PM, Hal Finney <hal.finney@gmail.com> wrote:
It looks to me like you do have a policy set, David:

TBOOT: TPM: read nv index 20000001 from offset 00000100, return value = 00000000
TBOOT: tb_policy_index:
TBOOT:   version = 1
TBOOT:   policy_type = 0
TBOOT:   num_policies = 2
TBOOT:   policy[0]:
TBOOT:           uuid = {0x756a5bfe, 0x5b0b, 0x4d33, 0xb867,
               {0xd7, 0x83, 0xfb, 0x46, 0x36, 0xbf}}
TBOOT:           hash_alg = 0
TBOOT:           hash_type = 1
TBOOT:           num_hashes = 1
TBOOT:           hashes[0] = 67 8a 89 be 3f 5d db ae 93 b4 fe b9 bb ba
3d 27 de 92 a
TBOOT:   policy[1]:
TBOOT:           uuid = {0x894c909f, 0xd614, 0x4625, 0x8a2d,
               {0x45, 0x3b, 0x80, 0x10, 0xca, 0x8c}}
TBOOT:           hash_alg = 0
TBOOT:           hash_type = 1
TBOOT:           num_hashes = 1
TBOOT:           hashes[0] = e7 a2 26 58 55 69 67 18 34 dc c4 58 2f 16
33 36 1f f9 0

You might want to use tpmnv_relindex -i 20000001 to delete this entry
from the TPM.

I have attached a log of what a successful tboot launch looks like on
my system -

Hal