Menu
▾
▴
Re: [tboot-devel] Problems on tpmnv_defindex
|
From: Courtay O. <Oli...@th...> - 2008-11-24 16:07:47
|
My comment begins at the end -----Original Message----- From: Cihula, Joseph [mailto:jos...@in...] Sent: Fri 11/21/08 17:44 To: Courtay Olivier; tbo...@li... Subject: RE: Problems on tpmnv_defindex > From: Courtay Olivier [mailto:Oli...@th...] > Sent: Friday, November 21, 2008 6:36 AM > > Hello, > > I try to use tboot directly with the linux kernel using linux patch. > I have successfully boot with a 2.6.28-rc5. But I have no set policy in TPM NV. > In past, I have also successfully boot a xen with policy. > > After a TPM clean, I try to set policy for my 2.6.28-rc5 kernel on TPM but some problems > occurred. > > > # tpmnv_defindex -i owner -p xxxx > Haven't input permission value, use default value 0x2 > Haven't input data size, use default value 34 > LOG_DEBUG TSPI rpc/tcstp/rpc.c:362 Sending TSP packet to host localhost. > LOG_DEBUG TSPI rpc/tcstp/rpc.c:377 Connecting to 127.0.0.1 > LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received TCS Context: 0xa0b27101 > LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS Context: 0xa0b27101 > LOG_DEBUG TSPI rpc/tcstp/rpc_auth.c:70 RPC_OSAP_TP: TCS Context: 0xa0b27101 > LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:53 RPC_NV_DefineOrReleaseSpace_TP: TCS Context: 0xa0b27101 > LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:83 RPC_NV_DefineOrReleaseSpace_TP: result=21 > Tspi_NV_DefineSpace failed failed: Insufficient TPM resources (0x0815) > LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS Context: 0xa0b27101 > > Impossible to define this index. > I have already defined the index 0x20000002 > > #tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxx > Successfully defined index 0x20000002 as permission 0x0, data size is 8 > > Defined index are: > > # tpmnv_getcap > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000002 0x50000001 0x20000002 > > > I found very difficult to correctly defined and write policy, at each time I should do a lot > of manipulation before the system work correctly. I am the only one to have this problem ? > Sometime, I should to reset BIOS for reboot the computer... > > I use Dell Optiplex 755/E8500 I have also seen some spurious errors with TrouSerS. Unfortunately, I have not had the time to track them down, and as the commands still seem to work despite the errors, it has not been a priority. I haven't encountered the issue of having to reboot--I think that is particular to your platform model and you should make sure that you have the latest BIOS. [Begin of my comments]: Yes, I already see that trousers can return error even the command is a success. But, in my case the tpmnv_defindex abort with "Insufficient TPM resources" error. This error seems to be reported by driver (error 21) and the index is not defined I found a beginning of solution: the order of command is important. For example, some trace: # tpmnv_getcap => 0x10000001 0x50000002 0x50000001 0x20000002 # tpmnv_defindex -i owner -p xxxx => Failed with error 21. # tpmnv_relindex -i 0x20000002 -p xxxx => OK # tpmnv_getcap => 0x10000001 0x50000002 0x50000001 # tpmnv_defindex -i owner -p p xxxx => OK # tpmnv_getcap => 0x10000001 0x50000002 0x50000001 0x40000001 # tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxx => Failed with error 21 # tpmnv_getcap => 0x10000001 0x50000002 0x50000001 0x40000001 My Bios is up-to-date (A11). Any idea? Tanks, Olivier Courtay |
