Hi all,

I'm trying to get tboot up and running for my first time, and this list has been a great help.  However it seems I'm running into some problems when actually validating the modules.  I was hoping someone might have some insight as to what I'm doing wrong.  I'm using tboot 1.7.3 and legacy grub if it makes a difference.

I get ownership and define the nvram indicies without much issue (finally).  Then I create and write the v1 policy with this:

tb_polgen --create --type nonfatal vl_ver1.pol
tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "logging=vga,serial,memory loglvl=all" --image /boot/tboot.gz vl_ver1.pol
tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$kernel_cmdline" --image /boot/vmlinuz-2.6.32-279.5.1.el6.x86_64 vl_ver1.pol
tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image /boot/initramfs-2.6.32-279.5.1.el6.x86_64.img vl_ver1.pol
lcp_writepol -i 0x20000001 -f vl_ver1.pol -p $TPM_PASS

There are a few red flags that are sticking out to me.

1) Does this post-GETSEC[SENTER] error code mean anything?
TBOOT: TXT.ERRORCODE: 0xc0000001
TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0

2) Modules failing.
TBOOT: verifying module "
/vmlinuz-2.6.32-279.5.1.el6.x86_64 (kernel command line)"...
TBOOT:   verification failed
TBOOT: verifying module against policy failed.
TBOOT: verifying module "
/initramfs-2.6.32-279.5.1.el6.x86_64.img"...
TBOOT:   verification failed
TBOOT: verifying module against policy failed.
TBOOT: all modules are verified

I can't figure out why it's reading the policy without issue, getting into GETSEC[SENTER], and then still failing the policy check.  Any help or points in the right direction would be appreciated.  Thanks!

-Charles