From: Ross Philipson
Sent: Friday, April 10, 2009 4:33 PM
Subject: [tboot-devel] Using LCP type unsigned and policy list files
I have run into a
couple of issues trying to used the unsigned LCP type and external policy list
files. There are basically two things I wanted to ask about and/or bring up.
1. I am trying to
use lcp_crtpol to create a type unsigned policy but there doesn’t seem to be a
way to specify more than one mle hash as input. Looking at the code in crtpol.c
for create_policy(), the count of mle hashes seems to always be 1 though the
routine lcp_create_unsigned_poldata() would load multiple ones if there were
any. It looks like only one entry in listdata is ever initialized. Maybe I am
missing something – any clarification would be great.
[JC] The code will create
one hash for each hash (20 pairs of hex chars) in the mle file (as specified by
the ‘-m’ option). So to create a file with multiple hashes, just
concatenate the output of lcp_mlehash into the file. listdata is not
the lit of hashes, but rather the list of policy elements (e.g. MLE hashes and/or
platform configurations). All MLE hashes will be in one list.
I just gave this a try with the
current code and it worked fine. Don’t forget to include the command line
when invoking lcp_mlehash and to re-provision (lcp_writepol) to TPM NV after generating
a new policy/policy data.
2. I came across an
odd hang in xen when I put the LCP data module at the end of the list of
modules in grub. If I move the LCP data module say in front of the sinit
module, the hang goes away. This only happens when tboot does an un-trusted
launch (since in the trusted case, it removes sinit and lcp modules from mbi).
It has something to do with the module moving code in __start_xen(). I am going
to investigate it further to see if it is a bug in xen (I think it might be
related to the very small size of the LCP data module). Anyway, in looking at
the tboot code I was thinking it might make sense to pop any sinit and lcp
modules out of the mbi module list even in the case where tboot doesn’t to a
trusted launch as is the case in a trusted launch. The next level kernel
modules do not need to see these modules whether it is a trusted boot or not.
If folks thinks this is a good idea, I can submit a patch.
[JC] tboot should
definitely be removing both the SINIT and policy files before launching the
VMM/kernel regardless of success or failure. A patch would be greatly
Senior Software Engineer
Citrix Systems, Inc
14 Crosby Drive
Bedford, MA 01730