Re: [tboot-devel] SINIT question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Emil, I had another idea about your question:

On Dec 13, 2007 7:46 PM, Emil Meng <me...@os...> wrote:
> 2. In order to make the proof-of-concept easier to develop and debug,
> I disabled one of the cores for the time being. However, with a core
> disabled, neither of the SINIT modules listed above would execute
> properly. (actually, the one offered on the tboot website doesn't boot
> at all under any circumstance) What happens is that tboot goes through
> its first pass, confirms that the SINIT is correct, and then attempts
> to execute GETSEC[SENTER]. However, it never returns to tboot for the
> second pass. If I turn both cores on, the
> bwr_sinit_20060922_release.bin SINIT will at least get back to tboot,
> and go through a second pass. So here's my question:
>
> Does SINIT require multiple cores to be enabled in order for it to
> work properly?

It's possible that disabling the core (in BIOS?) does not fully remove
awareness of that core from all parts of the architecture. If so then
the GETSEC[SENTER] instruction may still be expecting the other core
to have been set up according to rules. For example the MTRRs are
supposed to be the same in all cores. By disabling the other cores,
this setup is probably not happening, so if SENTER is still checking
for consistency that could cause it to fail. It depends on how the
other cores are disabled and whether that will convince SENTER not to
pay attention to them.

Just a thought you might want to consider -

Hal