Menu
▾
▴
Re: [tboot-devel] new location for mercurial repo
|
From: Cihula, J. <jos...@in...> - 2008-10-09 16:49:11
|
> From: Lil Evil [mailto:Lil...@gm...] > Sent: Thursday, October 09, 2008 3:21 AM > > Hi, > > okay verification works now fine. Must have skipped that part in the > README :). > > I said broadcasted, because I assumed that it hasn't indeed been > broadcasted. > Meaning it didn't show up on the serial console. > As I said it showed up during powering off, but not during rebooting. Can you send me the serial output? And what system is this? > However, if I issue a reboot, the machine will hang with no screen at > all. > Only a hard reset brings it back to life. > Hence, I assumed that TXT is protecting the machine, because it hasn't > successfully issued SEXIT. > But, it also could be an issue of my machine's BIOS, as I already > encountered some. This sounds like SEXIT is not finishing. Typical reasons for that are if not all of the CPUs got woken up or if some still had VMX on. > > I keep on playing around and let you know what's happening. > > Cheers > lIl > > > -------- Original-Nachricht -------- > > Datum: Wed, 8 Oct 2008 11:26:51 -0700 > > Von: "Cihula, Joseph" <jos...@in...> > > An: "Lil Evil" <Lil...@gm...>, tbo...@li... > > Betreff: RE: [tboot-devel] new location for mercurial repo > > > > From: Lil Evil [mailto:Lil...@gm...] > > > Sent: Wednesday, October 08, 2008 2:11 AM > > > > > > 1) Compilation > > > to reproduce the compilation error, I did the following: > > > > > > [root@lil staging] hg clone > http://www.bughost.org/repos.hg/tboot.hg > > > destination directory: tboot.hg > > > requesting all changes > > > adding changesets > > > adding manifests > > > adding file changes > > > added 91 changesets with 393 changes to 122 files > > > updating working directory > > > 118 files updated, 0 files merged, 0 files removed, 0 files > unresolved > > > [root@lil staging] cd tboot.hg > > > [root@lil tboot.hg] make > > > ... > > > <compile> > > > ... > > > > > > mlehash.c:47:34: error: ../include/elf_defns.h: No such file or > > > directory > > > > > > > > > [root@lil tboot.hg]# ls -la include/elf_defns.h > > > ls: cannot access include/elf_defns.h: No such file or directory > > > [root@lil tboot.hg]# > > > > > > hg reports the following changeset: > > > > > > changeset: 90:5d19b96f7c0e > > > tag: tip > > > user: Joseph Cihula <jos...@in...> > > > date: Tue Oct 07 12:03:27 2008 -0700 > > > summary: Added hg repo location to README > > > > > > I tried two different machines on different networks, same error. > > > which changeset are you on? > > > > OK, my bad (I only re-built tboot and not the tools). I have fixed > this > > in the tip and uploaded a new tarfile. > > > > > 2) I already adopted to the new policy format already, as I have > been > > > playing around with the mercurial repository a while ago. > > > The debug line I added, just prints out the PCR before extending. I > was > > > a little bit surprised to see a none 0 row there. > > > Something is fishy, either with me, or the build :) > > > > > > here is my policy gen script, btw: > > > > > > modprobe tpm_tis > > > tcsd > > > rm -rf mle_hash lcp.pol vl.pol > > > > > > > > > #create hash of tboot > > > lcp_mlehash /boot/tboot.gz > mle_hash > > > > > > # transform hash into policy > > > lcp_crtpol -t hashonly -m mle_hash -o lcp.pol > > > > > > XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb > > > com1=1115200,8n1 console=vga,com1" > > > KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro > root=/dev/VolGroup01/LogVol01 > > > rhgb pciback.hide=(00:1d.7)(00:1d.1)" > > > TPM_PW="" > > > > The new policy code strips the module name from the module string > provided > > by GRUB so that location isn't part of the measurement (which it > shouldn't > > be). Thus, you should not have '/xen.gz ' or > > '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. > > > > > #create launch policy of the VMM > > > tb_polgen --create --type nonfatal vl.pol > > > > > > tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$XENLINE" > -- > > > image /boot/xen.gz vl.pol --verbose >> verbose.txt > > > tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" - > - > > > image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> > > > verbose.txt > > > tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image > > > /boot/initrd-2.6.18.8-xen_unstable.img vl.pol --verbose >> > verbose.txt > > > > > > #write policy > > > lcp_writepol -i owner -f lcp.pol -p > > > lcp_writepol -i 0x20000001 -f vl.pol -p > > > > > > > > > 3) I also noticed with the stable tboot, on a reboot the > GETSEC[SEXIT] > > > command is not broadcasted. > > > It is however on a shutdown. > > > > When you say "broadcasted" do you mean it doesn't appear on the > serial > > output? That is likely just due to buffering and when/how the > platform > > actually disables the serial port. If SEXIT were not done, the > system could not > > reboot successfully (it would TXT_RESET and then the subsequent boot > could > > not launch TXT until a power cycle). > > > > > Just to let you know where I am standing at the moment. > > > > Thanks for your comments and we'll try to keep things fixed up > better. > > > > > Cheers > > > lIl > > > > > > -- > > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > > > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > -- > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > ----------------------------------------------------------------------- > -- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
