Menu
▾
▴
Re: [tboot-devel] new location for mercurial repo
|
From: Wang, S. <sha...@in...> - 2008-10-21 08:29:55
|
If poweroff can do but reboot can't, it is strange. Can you output Xen messages on the serial port? And by the way, tell me which debug tools are available for you, besides serial port? Lil Evil wrote: > -------- Original-Nachricht -------- >> Datum: Thu, 9 Oct 2008 09:47:03 -0700 >> Von: "Cihula, Joseph" <jos...@in...> >> An: "Lil Evil" <Lil...@gm...>, tbo...@li... >> Betreff: RE: [tboot-devel] new location for mercurial repo > >>> From: Lil Evil [mailto:Lil...@gm...] >>> Sent: Thursday, October 09, 2008 3:21 AM >>> >>> Hi, >>> >>> okay verification works now fine. Must have skipped that part in >>> the README :). >>> >>> I said broadcasted, because I assumed that it hasn't indeed been >>> broadcasted. Meaning it didn't show up on the serial console. >>> As I said it showed up during powering off, but not during >>> rebooting. >> >> Can you send me the serial output? And what system is this? > > Machine is a HP DC7800 bios v1.26 > tboot stable (version 2008613) and tboot.hg (revision 85), both show > the same behaviour. > > tboot & verfication successful > > -> reboot doesn't execute getsec[sexit] > -> machine hangs ( black screen ) > see tboot_reboot.txt > > -> powerdown does execute getsec[sexit] > see tboot_poweroff.txt > I can see the getsec[sexit] here... > > > >> >>> However, if I issue a reboot, the machine will hang with no screen >>> at all. Only a hard reset brings it back to life. >>> Hence, I assumed that TXT is protecting the machine, because it >>> hasn't successfully issued SEXIT. But, it also could be an issue of >>> my machine's BIOS, as I already encountered some. >> >> This sounds like SEXIT is not finishing. Typical reasons for that >> are if not all of the CPUs got woken up or if some still had VMX on. >> >>> >>> I keep on playing around and let you know what's happening. >>> >>> Cheers >>> lIl >>> >>> >>> -------- Original-Nachricht -------- >>>> Datum: Wed, 8 Oct 2008 11:26:51 -0700 >>>> Von: "Cihula, Joseph" <jos...@in...> >>>> An: "Lil Evil" <Lil...@gm...>, tbo...@li... >>>> Betreff: RE: [tboot-devel] new location for mercurial repo >>> >>>>> From: Lil Evil [mailto:Lil...@gm...] >>>>> Sent: Wednesday, October 08, 2008 2:11 AM >>>>> >>>>> 1) Compilation >>>>> to reproduce the compilation error, I did the following: >>>>> >>>>> [root@lil staging] hg clone >>> http://www.bughost.org/repos.hg/tboot.hg >>>>> destination directory: tboot.hg >>>>> requesting all changes >>>>> adding changesets >>>>> adding manifests >>>>> adding file changes >>>>> added 91 changesets with 393 changes to 122 files >>>>> updating working directory >>>>> 118 files updated, 0 files merged, 0 files removed, 0 files >>>>> unresolved [root@lil staging] cd tboot.hg >>>>> [root@lil tboot.hg] make >>>>> ... >>>>> <compile> >>>>> ... >>>>> >>>>> mlehash.c:47:34: error: ../include/elf_defns.h: No such file or >>>>> directory >>>>> >>>>> >>>>> [root@lil tboot.hg]# ls -la include/elf_defns.h >>>>> ls: cannot access include/elf_defns.h: No such file or directory >>>>> [root@lil tboot.hg]# >>>>> >>>>> hg reports the following changeset: >>>>> >>>>> changeset: 90:5d19b96f7c0e >>>>> tag: tip >>>>> user: Joseph Cihula <jos...@in...> >>>>> date: Tue Oct 07 12:03:27 2008 -0700 >>>>> summary: Added hg repo location to README >>>>> >>>>> I tried two different machines on different networks, same error. >>>>> which changeset are you on? >>>> >>>> OK, my bad (I only re-built tboot and not the tools). I have >>>> fixed this in the tip and uploaded a new tarfile. >>>> >>>>> 2) I already adopted to the new policy format already, as I have >>>>> been playing around with the mercurial repository a while ago. >>>>> The debug line I added, just prints out the PCR before extending. >>>>> I was a little bit surprised to see a none 0 row there. >>>>> Something is fishy, either with me, or the build :) >>>>> >>>>> here is my policy gen script, btw: >>>>> >>>>> modprobe tpm_tis >>>>> tcsd >>>>> rm -rf mle_hash lcp.pol vl.pol >>>>> >>>>> >>>>> #create hash of tboot >>>>> lcp_mlehash /boot/tboot.gz > mle_hash >>>>> >>>>> # transform hash into policy >>>>> lcp_crtpol -t hashonly -m mle_hash -o lcp.pol >>>>> >>>>> XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb >>>>> com1=1115200,8n1 console=vga,com1" >>>>> KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro >>>>> root=/dev/VolGroup01/LogVol01 rhgb >>>>> pciback.hide=(00:1d.7)(00:1d.1)" >>>>> TPM_PW="" >>>> >>>> The new policy code strips the module name from the module string >>>> provided by GRUB so that location isn't part of the measurement >>>> (which it shouldn't be). Thus, you should not have '/xen.gz ' or >>>> '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. >>>> >>>>> #create launch policy of the VMM >>>>> tb_polgen --create --type nonfatal vl.pol >>>>> >>>>> tb_polgen --add --num 0 --pcr 18 --hash image --cmdline >>>>> "$XENLINE" -- image /boot/xen.gz vl.pol --verbose >> verbose.txt >>>>> tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" >>>>> - - image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> >>>>> verbose.txt tb_polgen --add --num 2 --pcr 19 --hash image >>>>> --cmdline "" --image /boot/initrd-2.6.18.8-xen_unstable.img >>>>> vl.pol --verbose >> verbose.txt >>>>> >>>>> #write policy >>>>> lcp_writepol -i owner -f lcp.pol -p >>>>> lcp_writepol -i 0x20000001 -f vl.pol -p >>>>> >>>>> >>>>> 3) I also noticed with the stable tboot, on a reboot the >>>>> GETSEC[SEXIT] command is not broadcasted. It is however on a >>>>> shutdown. >>>> >>>> When you say "broadcasted" do you mean it doesn't appear on the >>>> serial output? That is likely just due to buffering and when/how >>>> the platform actually disables the serial port. If SEXIT were not >>>> done, the system could not reboot successfully (it would TXT_RESET >>>> and then the subsequent boot could not launch TXT until a power >>>> cycle). >>>> >>>>> Just to let you know where I am standing at the moment. >>>> >>>> Thanks for your comments and we'll try to keep things fixed up >>>> better. >>>> >>>>> Cheers >>>>> lIl >>>>> >>>>> -- >>>>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! >>>>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer >>> >>> -- >>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! >>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer >>> >>> ----------------------------------------------------------------------- >>> -- This SF.Net email is sponsored by the Moblin Your Move >>> Developer's challenge Build the coolest Linux based applications >>> with Moblin SDK & win great prizes Grand prize is a trip for two to >>> an Open Source event anywhere in the world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> tboot-devel mailing list >>> tbo...@li... >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel |
