Re: [tboot-devel] Infineon TPM problems and fixes

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Just realized I didn't send this out to the list...

Ah... now I have TPM envy.  :o)

Just doubled checked.  I am using the latest release version of SINIT.

David

On Jan 15, 2008 11:32 AM, Cihula, Joseph <jos...@in...> wrote:

>  David,
>
> Bit 0 in the TPM access reg just indicates whether a dynamic launch had
> ever been done on that TPM.  Hal's indicates that his did, and yours that it
> has not.  This is not important to SENTER working (and once it does work,
> yours will show 0x81 as well ;-).
>
> Are you sure that you're using the release version of SINIT (i.e. the one
> on the tboot SourceForge site)?
>
> Joe
>
>  ------------------------------
> *From:* David Dorsey [mailto:tro...@gm...]
> *Sent:* Tuesday, January 15, 2008 10:17 AM
> *To:* Hal Finney
> *Cc:* Cihula, Joseph; Wei, Gang; tbo...@li...
> *Subject:* Re: [tboot-devel] Infineon TPM problems and fixes
>
> Hal,
>
> I've attached a log where there is no policy.  It reboots after
> GETSEC[SENTER].  I've compared my log to yours and I noticed that the TPM
> Access reg content was different.  Yours returns 0x80 and mine returns
> 0x81.  I don't know if that would make any big differences though.
>
> Also, what TPM version do you have.  Here's the output of the tpm_version
> command for me:
>
> TPM 1.2 Version Info:
> Chip Version:        1.2.1.2
> Spec Level:          2
> Errata Revision:     0
> TPM Vendor ID:       IFX
> TPM Version:         01010000
> Manufacturer Info:   4946580
>
>
> David
>
>
> On Jan 14, 2008 9:10 PM, David Dorsey <tro...@gm...> wrote:
>
> > Hal,
> >
> > Yes, in the log I included I have a policy set.  But I've also tried it
> > with no policy set and it still fails.  I didn't post that since I didn't
> > think it would add any value.
> >
> >
> > David
> >
> >
> >
> > On Jan 14, 2008 7:02 PM, Hal Finney <hal...@gm...> wrote:
> >
> > > It looks to me like you do have a policy set, David:
> > >
> > > TBOOT: TPM: read nv index 20000001 from offset 00000100, return value
> > > = 00000000
> > > TBOOT: tb_policy_index:
> > > TBOOT:   version = 1
> > > TBOOT:   policy_type = 0
> > > TBOOT:   num_policies = 2
> > > TBOOT:   policy[0]:
> > > TBOOT:           uuid = {0x756a5bfe, 0x5b0b, 0x4d33, 0xb867,
> > >                {0xd7, 0x83, 0xfb, 0x46, 0x36, 0xbf}}
> > > TBOOT:           hash_alg = 0
> > > TBOOT:           hash_type = 1
> > > TBOOT:           num_hashes = 1
> > > TBOOT:           hashes[0] = 67 8a 89 be 3f 5d db ae 93 b4 fe b9 bb ba
> > > 3d 27 de 92 a
> > > TBOOT:   policy[1]:
> > > TBOOT:           uuid = {0x894c909f, 0xd614, 0x4625, 0x8a2d,
> > >                {0x45, 0x3b, 0x80, 0x10, 0xca, 0x8c}}
> > > TBOOT:           hash_alg = 0
> > > TBOOT:           hash_type = 1
> > > TBOOT:           num_hashes = 1
> > > TBOOT:           hashes[0] = e7 a2 26 58 55 69 67 18 34 dc c4 58 2f 16
> > > 33 36 1f f9 0
> > >
> > > You might want to use tpmnv_relindex -i 20000001 to delete this entry
> > > from the TPM.
> > >
> > > I have attached a log of what a successful tboot launch looks like on
> > > my system -
> > >
> > > Hal
> > >
> >
> >
>