[tboot-devel] Problems on tpmnv_defindex

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

I try to use tboot directly with the linux kernel using linux patch.
I have successfully boot with a 2.6.28-rc5. But I have no set policy in TPM NV.
In past, I have also successfully boot a xen with policy.

After a TPM clean, I try to set policy for my 2.6.28-rc5 kernel on TPM but some problems occurred.

# tpmnv_defindex -i owner -p xxxx
Haven't input permission value, use default value 0x2
Haven't input data size, use default value 34
LOG_DEBUG TSPI rpc/tcstp/rpc.c:362 Sending TSP packet to host localhost.
LOG_DEBUG TSPI rpc/tcstp/rpc.c:377 Connecting to 127.0.0.1
LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received TCS Context: 0xa0b27101
LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS Context: 0xa0b27101
LOG_DEBUG TSPI rpc/tcstp/rpc_auth.c:70 RPC_OSAP_TP: TCS Context: 0xa0b27101
LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:53 RPC_NV_DefineOrReleaseSpace_TP: TCS Context: 0xa0b27101
LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:83 RPC_NV_DefineOrReleaseSpace_TP: result=21
Tspi_NV_DefineSpace failed failed: Insufficient TPM resources (0x0815)
LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS Context: 0xa0b27101

Impossible to define this index.
I have already defined the index 0x20000002 

#tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxx
Successfully defined index 0x20000002 as permission 0x0, data size is 8 

Defined index are:

# tpmnv_getcap 

4 indices have been defined
list of indices for defined NV storage areas:
0x10000001 0x50000002 0x50000001 0x20000002

I found very difficult to correctly defined and write policy, at each time I should do a lot of manipulation before the system work correctly. I am the only one to have this problem ? Sometime, I should to reset BIOS for reboot the computer...

I use Dell Optiplex 755/E8500

Another points.
I have adapted pol for boot linux directly.
Can you said me if this policy is correct:

#tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "module /boot/vmlinuz-2.6.28-rc5 root=/dev/sda2 ro console=ttyS0,115200 3"  --image /boot/vmlinuz-2.6.28-rc5  vl.pol
#tb_polgen --add --num 1 --pcr 18 --hash image  --cmdline "" --image /boot/initrd.img-2.6.28-rc5 vl.pol

My grub entry is:
title Linux 2.6.28-rc5  w/ tboot
root (hd0,1)
kernel /boot/tboot.gz
module /boot/vmlinuz-2.6.28-rc5 root=/dev/sda2 ro console=ttyS0,115200 3
module /boot/initrd.img-2.6.28-rc5
module /boot/Q35_SINIT_16.BIN

Thanks,

Olivier