Menu
▾
▴
Re: [tboot-devel] new location for mercurial repo
|
From: Lil E. <Lil...@gm...> - 2008-10-20 12:30:40
|
-------- Original-Nachricht -------- > Datum: Thu, 9 Oct 2008 09:47:03 -0700 > Von: "Cihula, Joseph" <jos...@in...> > An: "Lil Evil" <Lil...@gm...>, tbo...@li... > Betreff: RE: [tboot-devel] new location for mercurial repo > > From: Lil Evil [mailto:Lil...@gm...] > > Sent: Thursday, October 09, 2008 3:21 AM > > > > Hi, > > > > okay verification works now fine. Must have skipped that part in the > > README :). > > > > I said broadcasted, because I assumed that it hasn't indeed been > > broadcasted. > > Meaning it didn't show up on the serial console. > > As I said it showed up during powering off, but not during rebooting. > > Can you send me the serial output? And what system is this? Machine is a HP DC7800 bios v1.26 tboot stable (version 2008613) and tboot.hg (revision 85), both show the same behaviour. tboot & verfication successful -> reboot doesn't execute getsec[sexit] -> machine hangs ( black screen ) see tboot_reboot.txt -> powerdown does execute getsec[sexit] see tboot_poweroff.txt I can see the getsec[sexit] here... > > > However, if I issue a reboot, the machine will hang with no screen at > > all. > > Only a hard reset brings it back to life. > > Hence, I assumed that TXT is protecting the machine, because it hasn't > > successfully issued SEXIT. > > But, it also could be an issue of my machine's BIOS, as I already > > encountered some. > > This sounds like SEXIT is not finishing. Typical reasons for that are if > not all of the CPUs got woken up or if some still had VMX on. > > > > > I keep on playing around and let you know what's happening. > > > > Cheers > > lIl > > > > > > -------- Original-Nachricht -------- > > > Datum: Wed, 8 Oct 2008 11:26:51 -0700 > > > Von: "Cihula, Joseph" <jos...@in...> > > > An: "Lil Evil" <Lil...@gm...>, tbo...@li... > > > Betreff: RE: [tboot-devel] new location for mercurial repo > > > > > > From: Lil Evil [mailto:Lil...@gm...] > > > > Sent: Wednesday, October 08, 2008 2:11 AM > > > > > > > > 1) Compilation > > > > to reproduce the compilation error, I did the following: > > > > > > > > [root@lil staging] hg clone > > http://www.bughost.org/repos.hg/tboot.hg > > > > destination directory: tboot.hg > > > > requesting all changes > > > > adding changesets > > > > adding manifests > > > > adding file changes > > > > added 91 changesets with 393 changes to 122 files > > > > updating working directory > > > > 118 files updated, 0 files merged, 0 files removed, 0 files > > unresolved > > > > [root@lil staging] cd tboot.hg > > > > [root@lil tboot.hg] make > > > > ... > > > > <compile> > > > > ... > > > > > > > > mlehash.c:47:34: error: ../include/elf_defns.h: No such file or > > > > directory > > > > > > > > > > > > [root@lil tboot.hg]# ls -la include/elf_defns.h > > > > ls: cannot access include/elf_defns.h: No such file or directory > > > > [root@lil tboot.hg]# > > > > > > > > hg reports the following changeset: > > > > > > > > changeset: 90:5d19b96f7c0e > > > > tag: tip > > > > user: Joseph Cihula <jos...@in...> > > > > date: Tue Oct 07 12:03:27 2008 -0700 > > > > summary: Added hg repo location to README > > > > > > > > I tried two different machines on different networks, same error. > > > > which changeset are you on? > > > > > > OK, my bad (I only re-built tboot and not the tools). I have fixed > > this > > > in the tip and uploaded a new tarfile. > > > > > > > 2) I already adopted to the new policy format already, as I have > > been > > > > playing around with the mercurial repository a while ago. > > > > The debug line I added, just prints out the PCR before extending. I > > was > > > > a little bit surprised to see a none 0 row there. > > > > Something is fishy, either with me, or the build :) > > > > > > > > here is my policy gen script, btw: > > > > > > > > modprobe tpm_tis > > > > tcsd > > > > rm -rf mle_hash lcp.pol vl.pol > > > > > > > > > > > > #create hash of tboot > > > > lcp_mlehash /boot/tboot.gz > mle_hash > > > > > > > > # transform hash into policy > > > > lcp_crtpol -t hashonly -m mle_hash -o lcp.pol > > > > > > > > XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb > > > > com1=1115200,8n1 console=vga,com1" > > > > KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro > > root=/dev/VolGroup01/LogVol01 > > > > rhgb pciback.hide=(00:1d.7)(00:1d.1)" > > > > TPM_PW="" > > > > > > The new policy code strips the module name from the module string > > provided > > > by GRUB so that location isn't part of the measurement (which it > > shouldn't > > > be). Thus, you should not have '/xen.gz ' or > > > '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. > > > > > > > #create launch policy of the VMM > > > > tb_polgen --create --type nonfatal vl.pol > > > > > > > > tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$XENLINE" > > -- > > > > image /boot/xen.gz vl.pol --verbose >> verbose.txt > > > > tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" - > > - > > > > image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> > > > > verbose.txt > > > > tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image > > > > /boot/initrd-2.6.18.8-xen_unstable.img vl.pol --verbose >> > > verbose.txt > > > > > > > > #write policy > > > > lcp_writepol -i owner -f lcp.pol -p > > > > lcp_writepol -i 0x20000001 -f vl.pol -p > > > > > > > > > > > > 3) I also noticed with the stable tboot, on a reboot the > > GETSEC[SEXIT] > > > > command is not broadcasted. > > > > It is however on a shutdown. > > > > > > When you say "broadcasted" do you mean it doesn't appear on the > > serial > > > output? That is likely just due to buffering and when/how the > > platform > > > actually disables the serial port. If SEXIT were not done, the > > system could not > > > reboot successfully (it would TXT_RESET and then the subsequent boot > > could > > > not launch TXT until a power cycle). > > > > > > > Just to let you know where I am standing at the moment. > > > > > > Thanks for your comments and we'll try to keep things fixed up > > better. > > > > > > > Cheers > > > > lIl > > > > > > > > -- > > > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > > > > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > > > -- > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > > > ----------------------------------------------------------------------- > > -- > > This SF.Net email is sponsored by the Moblin Your Move Developer's > > challenge > > Build the coolest Linux based applications with Moblin SDK & win great > > prizes > > Grand prize is a trip for two to an Open Source event anywhere in the > > world > > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer |
