Re: [tboot-devel] Infineon TPM problems and fixes

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

David,
=20
Bit 0 in the TPM access reg just indicates whether a dynamic launch had
ever been done on that TPM.  Hal's indicates that his did, and yours
that it has not.  This is not important to SENTER working (and once it
does work, yours will show 0x81 as well ;-).
=20
Are you sure that you're using the release version of SINIT (i.e. the
one on the tboot SourceForge site)?
=20
Joe

________________________________

	From: David Dorsey [mailto:tro...@gm...]=20
	Sent: Tuesday, January 15, 2008 10:17 AM
	To: Hal Finney
	Cc: Cihula, Joseph; Wei, Gang; tbo...@li...
	Subject: Re: [tboot-devel] Infineon TPM problems and fixes
=09
=09
	Hal,
=09
	I've attached a log where there is no policy.  It reboots after
GETSEC[SENTER].  I've compared my log to yours and I noticed that the
TPM Access reg content was different.  Yours returns 0x80 and mine
returns 0x81.  I don't know if that would make any big differences
though.=20
=09
	Also, what TPM version do you have.  Here's the output of the
tpm_version command for me:
=09
	TPM 1.2 Version Info:=20
	Chip Version:        1.2.1.2=20
	Spec Level:          2=20
	Errata Revision:     0=20
	TPM Vendor ID:       IFX=20
	TPM Version:         01010000=20
	Manufacturer Info:   4946580=20
=09
=09
	David
=09
=09
=09
	On Jan 14, 2008 9:10 PM, David Dorsey <tro...@gm...>
wrote:
=09

		Hal,
	=09
		Yes, in the log I included I have a policy set.  But
I've also tried it with no policy set and it still fails.  I didn't post
that since I didn't think it would add any value.
	=09
	=09
		David=20

		On Jan 14, 2008 7:02 PM, Hal Finney
<hal...@gm...> wrote:
	=09

			It looks to me like you do have a policy set,
David:
		=09

			TBOOT: TPM: read nv index 20000001 from offset
00000100, return value =3D 00000000
			TBOOT: tb_policy_index:
			TBOOT:   version =3D 1
			TBOOT:   policy_type =3D 0=20
			TBOOT:   num_policies =3D 2
			TBOOT:   policy[0]:
			TBOOT:           uuid =3D {0x756a5bfe, 0x5b0b,
0x4d33, 0xb867,
			               {0xd7, 0x83, 0xfb, 0x46, 0x36,
0xbf}}
			TBOOT:           hash_alg =3D 0
			TBOOT:           hash_type =3D 1=20
			TBOOT:           num_hashes =3D 1
			TBOOT:           hashes[0] =3D 67 8a 89 be 3f 5d
db ae 93 b4 fe b9 bb ba
			3d 27 de 92 a
			TBOOT:   policy[1]:
			TBOOT:           uuid =3D {0x894c909f, 0xd614,
0x4625, 0x8a2d,
			               {0x45, 0x3b, 0x80, 0x10, 0xca,
0x8c}}=20
			TBOOT:           hash_alg =3D 0
			TBOOT:           hash_type =3D 1
			TBOOT:           num_hashes =3D 1
			TBOOT:           hashes[0] =3D e7 a2 26 58 55 69
67 18 34 dc c4 58 2f 16
			33 36 1f f9 0
		=09
		=09
			You might want to use tpmnv_relindex -i 20000001
to delete this entry=20
			from the TPM.
		=09
			I have attached a log of what a successful tboot
launch looks like on
			my system -
		=09
			Hal
		=09