Menu
▾
▴
Re: [tboot-devel] new location for mercurial repo
|
From: Lil E. <Lil...@gm...> - 2008-10-21 13:58:03
|
Hi Shane, Not sure what you mean by debugging tools available?? Do you mean what I am using to get those error messages? I haven't chased this issue up recently as I have been busy. please find the xen debug output attached to this mail. cheers lIl -------- Original-Nachricht -------- > Datum: Tue, 21 Oct 2008 16:25:37 +0800 > Von: "Wang, Shane" <sha...@in...> > An: Lil Evil <Lil...@gm...>, "tbo...@li..." <tbo...@li...> > Betreff: RE: [tboot-devel] new location for mercurial repo > If poweroff can do but reboot can't, it is strange. > > Can you output Xen messages on the serial port? > And by the way, tell me which debug tools are available for you, besides > serial port? > > Lil Evil wrote: > > -------- Original-Nachricht -------- > >> Datum: Thu, 9 Oct 2008 09:47:03 -0700 > >> Von: "Cihula, Joseph" <jos...@in...> > >> An: "Lil Evil" <Lil...@gm...>, tbo...@li... > >> Betreff: RE: [tboot-devel] new location for mercurial repo > > > >>> From: Lil Evil [mailto:Lil...@gm...] > >>> Sent: Thursday, October 09, 2008 3:21 AM > >>> > >>> Hi, > >>> > >>> okay verification works now fine. Must have skipped that part in > >>> the README :). > >>> > >>> I said broadcasted, because I assumed that it hasn't indeed been > >>> broadcasted. Meaning it didn't show up on the serial console. > >>> As I said it showed up during powering off, but not during > >>> rebooting. > >> > >> Can you send me the serial output? And what system is this? > > > > Machine is a HP DC7800 bios v1.26 > > tboot stable (version 2008613) and tboot.hg (revision 85), both show > > the same behaviour. > > > > tboot & verfication successful > > > > -> reboot doesn't execute getsec[sexit] > > -> machine hangs ( black screen ) > > see tboot_reboot.txt > > > > -> powerdown does execute getsec[sexit] > > see tboot_poweroff.txt > > I can see the getsec[sexit] here... > > > > > > > >> > >>> However, if I issue a reboot, the machine will hang with no screen > >>> at all. Only a hard reset brings it back to life. > >>> Hence, I assumed that TXT is protecting the machine, because it > >>> hasn't successfully issued SEXIT. But, it also could be an issue of > >>> my machine's BIOS, as I already encountered some. > >> > >> This sounds like SEXIT is not finishing. Typical reasons for that > >> are if not all of the CPUs got woken up or if some still had VMX on. > >> > >>> > >>> I keep on playing around and let you know what's happening. > >>> > >>> Cheers > >>> lIl > >>> > >>> > >>> -------- Original-Nachricht -------- > >>>> Datum: Wed, 8 Oct 2008 11:26:51 -0700 > >>>> Von: "Cihula, Joseph" <jos...@in...> > >>>> An: "Lil Evil" <Lil...@gm...>, tbo...@li... > >>>> Betreff: RE: [tboot-devel] new location for mercurial repo > >>> > >>>>> From: Lil Evil [mailto:Lil...@gm...] > >>>>> Sent: Wednesday, October 08, 2008 2:11 AM > >>>>> > >>>>> 1) Compilation > >>>>> to reproduce the compilation error, I did the following: > >>>>> > >>>>> [root@lil staging] hg clone > >>> http://www.bughost.org/repos.hg/tboot.hg > >>>>> destination directory: tboot.hg > >>>>> requesting all changes > >>>>> adding changesets > >>>>> adding manifests > >>>>> adding file changes > >>>>> added 91 changesets with 393 changes to 122 files > >>>>> updating working directory > >>>>> 118 files updated, 0 files merged, 0 files removed, 0 files > >>>>> unresolved [root@lil staging] cd tboot.hg > >>>>> [root@lil tboot.hg] make > >>>>> ... > >>>>> <compile> > >>>>> ... > >>>>> > >>>>> mlehash.c:47:34: error: ../include/elf_defns.h: No such file or > >>>>> directory > >>>>> > >>>>> > >>>>> [root@lil tboot.hg]# ls -la include/elf_defns.h > >>>>> ls: cannot access include/elf_defns.h: No such file or directory > >>>>> [root@lil tboot.hg]# > >>>>> > >>>>> hg reports the following changeset: > >>>>> > >>>>> changeset: 90:5d19b96f7c0e > >>>>> tag: tip > >>>>> user: Joseph Cihula <jos...@in...> > >>>>> date: Tue Oct 07 12:03:27 2008 -0700 > >>>>> summary: Added hg repo location to README > >>>>> > >>>>> I tried two different machines on different networks, same error. > >>>>> which changeset are you on? > >>>> > >>>> OK, my bad (I only re-built tboot and not the tools). I have > >>>> fixed this in the tip and uploaded a new tarfile. > >>>> > >>>>> 2) I already adopted to the new policy format already, as I have > >>>>> been playing around with the mercurial repository a while ago. > >>>>> The debug line I added, just prints out the PCR before extending. > >>>>> I was a little bit surprised to see a none 0 row there. > >>>>> Something is fishy, either with me, or the build :) > >>>>> > >>>>> here is my policy gen script, btw: > >>>>> > >>>>> modprobe tpm_tis > >>>>> tcsd > >>>>> rm -rf mle_hash lcp.pol vl.pol > >>>>> > >>>>> > >>>>> #create hash of tboot > >>>>> lcp_mlehash /boot/tboot.gz > mle_hash > >>>>> > >>>>> # transform hash into policy > >>>>> lcp_crtpol -t hashonly -m mle_hash -o lcp.pol > >>>>> > >>>>> XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb > >>>>> com1=1115200,8n1 console=vga,com1" > >>>>> KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro > >>>>> root=/dev/VolGroup01/LogVol01 rhgb > >>>>> pciback.hide=(00:1d.7)(00:1d.1)" > >>>>> TPM_PW="" > >>>> > >>>> The new policy code strips the module name from the module string > >>>> provided by GRUB so that location isn't part of the measurement > >>>> (which it shouldn't be). Thus, you should not have '/xen.gz ' or > >>>> '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. > >>>> > >>>>> #create launch policy of the VMM > >>>>> tb_polgen --create --type nonfatal vl.pol > >>>>> > >>>>> tb_polgen --add --num 0 --pcr 18 --hash image --cmdline > >>>>> "$XENLINE" -- image /boot/xen.gz vl.pol --verbose >> verbose.txt > >>>>> tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" > >>>>> - - image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> > >>>>> verbose.txt tb_polgen --add --num 2 --pcr 19 --hash image > >>>>> --cmdline "" --image /boot/initrd-2.6.18.8-xen_unstable.img > >>>>> vl.pol --verbose >> verbose.txt > >>>>> > >>>>> #write policy > >>>>> lcp_writepol -i owner -f lcp.pol -p > >>>>> lcp_writepol -i 0x20000001 -f vl.pol -p > >>>>> > >>>>> > >>>>> 3) I also noticed with the stable tboot, on a reboot the > >>>>> GETSEC[SEXIT] command is not broadcasted. It is however on a > >>>>> shutdown. > >>>> > >>>> When you say "broadcasted" do you mean it doesn't appear on the > >>>> serial output? That is likely just due to buffering and when/how > >>>> the platform actually disables the serial port. If SEXIT were not > >>>> done, the system could not reboot successfully (it would TXT_RESET > >>>> and then the subsequent boot could not launch TXT until a power > >>>> cycle). > >>>> > >>>>> Just to let you know where I am standing at the moment. > >>>> > >>>> Thanks for your comments and we'll try to keep things fixed up > >>>> better. > >>>> > >>>>> Cheers > >>>>> lIl > >>>>> > >>>>> -- > >>>>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > >>>>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > >>> > >>> -- > >>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > >>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > >>> > >>> > ----------------------------------------------------------------------- > >>> -- This SF.Net email is sponsored by the Moblin Your Move > >>> Developer's challenge Build the coolest Linux based applications > >>> with Moblin SDK & win great prizes Grand prize is a trip for two to > >>> an Open Source event anywhere in the world > >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ > >>> _______________________________________________ > >>> tboot-devel mailing list > >>> tbo...@li... > >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel -- GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion! http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196 |
