Menu
▾
▴
Re: [tboot-devel] TXT and kvm : conflict ?
|
From: Cihula, J. <jos...@in...> - 2008-09-10 15:46:22
|
Below: -----Original Message----- From: tbo...@li... [mailto:tbo...@li...] On Behalf Of Courtay Olivier Sent: Wednesday, September 10, 2008 5:57 AM To: tbo...@li... Subject: [tboot-devel] TXT and kvm : conflict ? Hello, I have successfully installed tboot on a Dell Optiplex 755 (E8500). VMM and dom0 verification is OK. One question. In TBOOT log I have: TBOOT: dom0 is verified. TBOOT: succeeded. TBOOT: invalid module # What is this invalid module ? [JC] Older versions of tboot displayed this during policy processing, even though there was not an error. What changeset are you using? I have not yet tested sealed process. [JC] FYI, your TPM will need to have an owner and you should have created the SRK with the null auth (use '-z' flag to tpm_takeownership). I have a problem. When Trusted Execution is deactivated on BIOS , kvm run normally. But when I activate TXT, the module load failed (Error: Operation not supported). In the kernel log, I have :"kvm: disable by bios" Is there a conflict between TXT and KVM? [JC] This is a security feature. When you enabled both TXT and VT, BIOS set the bit in the IA32_FEATURE_CONTROL MSR that means that VT can only be used after a TXT launch has occurred. This is to prevent installation of malicious VT-based rootkits. If you want to use VT w/o doing a TXT launch, disable TXT in BIOS and leave VT enabled. Thank you. Olivier ------------------------------------------------------------------------ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
