Re: [tboot-devel] Problems on tpmnv_defindex

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> From: Courtay Olivier [mailto:Oli...@th...]
> Sent: Friday, November 21, 2008 6:36 AM
>
> Hello,
>
> I try to use tboot directly with the linux kernel using linux patch.
> I have successfully boot with a 2.6.28-rc5. But I have no set policy in TPM NV.
> In past, I have also successfully boot a xen with policy.
>
> After a TPM clean, I try to set policy for my 2.6.28-rc5 kernel on TPM but some problems
> occurred.
>
>
> # tpmnv_defindex -i owner -p xxxx
> Haven't input permission value, use default value 0x2
> Haven't input data size, use default value 34
> LOG_DEBUG TSPI rpc/tcstp/rpc.c:362 Sending TSP packet to host localhost.
> LOG_DEBUG TSPI rpc/tcstp/rpc.c:377 Connecting to 127.0.0.1
> LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received TCS Context: 0xa0b27101
> LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS Context: 0xa0b27101
> LOG_DEBUG TSPI rpc/tcstp/rpc_auth.c:70 RPC_OSAP_TP: TCS Context: 0xa0b27101
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:53 RPC_NV_DefineOrReleaseSpace_TP: TCS Context: 0xa0b27101
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:83 RPC_NV_DefineOrReleaseSpace_TP: result=21
> Tspi_NV_DefineSpace failed failed: Insufficient TPM resources (0x0815)
> LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS Context: 0xa0b27101
>
> Impossible to define this index.
> I have already defined the index 0x20000002
>
> #tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxx
> Successfully defined index 0x20000002 as permission 0x0, data size is 8
>
> Defined index are:
>
> # tpmnv_getcap
>
> 4 indices have been defined
> list of indices for defined NV storage areas:
> 0x10000001 0x50000002 0x50000001 0x20000002
>
>
> I found very difficult to correctly defined and write policy, at each time I should do a lot
> of manipulation before the system work correctly. I am the only one to have this problem ?
> Sometime, I should to reset BIOS for reboot the computer...
>
> I use Dell Optiplex 755/E8500

I have also seen some spurious errors with TrouSerS.  Unfortunately, I have not had the time to track them down, and as the commands still seem to work despite the errors, it has not been a priority.  I haven't encountered the issue of having to reboot--I think that is particular to your platform model and you should make sure that you have the latest BIOS.

> Another points.
> I have adapted pol for boot linux directly.
> Can you said me if this policy is correct:
>
> #tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "module /boot/vmlinuz-2.6.28-rc5
> root=/dev/sda2 ro console=ttyS0,115200 3"  --image /boot/vmlinuz-2.6.28-rc5  vl.pol
> #tb_polgen --add --num 1 --pcr 18 --hash image  --cmdline "" --image /boot/initrd.img-2.6.28-
> rc5 vl.pol
>
>
> My grub entry is:
> title Linux 2.6.28-rc5  w/ tboot
> root (hd0,1)
> kernel /boot/tboot.gz
> module /boot/vmlinuz-2.6.28-rc5 root=/dev/sda2 ro console=ttyS0,115200 3
> module /boot/initrd.img-2.6.28-rc5
> module /boot/Q35_SINIT_16.BIN

The latest versions of tboot no longer include the module name in the command line of the policy.  So your kernel tb_polgen should be (presuming that you also have already called tb_polgen with the --create option):

#tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "root=/dev/sda2 ro console=ttyS0,115200 3"  --image /boot/vmlinuz-2.6.28-rc5  vl.pol

>
>
>
> Thanks,
>
> Olivier
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> tboot-devel mailing list
> tbo...@li...
> https://lists.sourceforge.net/lists/listinfo/tboot-devel