Menu
▾
▴
Re: [tboot-devel] Problems on tpmnv_defindex
|
From: Cihula, J. <jos...@in...> - 2008-11-24 17:31:15
|
-----Original Message----- > From: Courtay Olivier [mailto:Oli...@th...] > Sent: Monday, November 24, 2008 7:44 AM > > My comment begins at the end > > -----Original Message----- > From: Cihula, Joseph [mailto:jos...@in...] > Sent: Fri 11/21/08 17:44 > To: Courtay Olivier; tbo...@li... > Subject: RE: Problems on tpmnv_defindex > > From: Courtay Olivier [mailto:Oli...@th...] > > Sent: Friday, November 21, 2008 6:36 AM > > > > Hello, > > > > I try to use tboot directly with the linux kernel using linux patch. > > I have successfully boot with a 2.6.28-rc5. But I have no set policy in TPM NV. > > In past, I have also successfully boot a xen with policy. > > > > After a TPM clean, I try to set policy for my 2.6.28-rc5 kernel on TPM but some problems > > occurred. > > > > > > # tpmnv_defindex -i owner -p xxxx > > Haven't input permission value, use default value 0x2 > > Haven't input data size, use default value 34 > > LOG_DEBUG TSPI rpc/tcstp/rpc.c:362 Sending TSP packet to host localhost. > > LOG_DEBUG TSPI rpc/tcstp/rpc.c:377 Connecting to 127.0.0.1 > > LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received TCS Context: > 0xa0b27101 > > LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS Context: 0xa0b27101 > > LOG_DEBUG TSPI rpc/tcstp/rpc_auth.c:70 RPC_OSAP_TP: TCS Context: 0xa0b27101 > > LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:53 RPC_NV_DefineOrReleaseSpace_TP: TCS Context: 0xa0b27101 > > LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:83 RPC_NV_DefineOrReleaseSpace_TP: result=21 > > Tspi_NV_DefineSpace failed failed: Insufficient TPM resources (0x0815) > > LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS Context: 0xa0b27101 > > > > Impossible to define this index. > > I have already defined the index 0x20000002 > > > > #tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxx > > Successfully defined index 0x20000002 as permission 0x0, data size is 8 > > > > Defined index are: > > > > # tpmnv_getcap > > > > 4 indices have been defined > > list of indices for defined NV storage areas: > > 0x10000001 0x50000002 0x50000001 0x20000002 > > > > > > I found very difficult to correctly defined and write policy, at each time I should do a lot > > of manipulation before the system work correctly. I am the only one to have this problem ? > > Sometime, I should to reset BIOS for reboot the computer... > > > > I use Dell Optiplex 755/E8500 > > I have also seen some spurious errors with TrouSerS. Unfortunately, I have not had the time > to track them down, and as the commands still seem to work despite the errors, it has not been > a priority. I haven't encountered the issue of having to reboot--I think that is particular > to your platform model and you should make sure that you have the latest BIOS. > > > [Begin of my comments]: > Yes, I already see that trousers can return error even the command is a success. > But, in my case the tpmnv_defindex abort with "Insufficient TPM resources" error. > This error seems to be reported by driver (error 21) and the index is not defined > > I found a beginning of solution: the order of command is important. > > For example, some trace: > > # tpmnv_getcap => 0x10000001 0x50000002 0x50000001 0x20000002 > # tpmnv_defindex -i owner -p xxxx => Failed with error 21. > # tpmnv_relindex -i 0x20000002 -p xxxx => OK > # tpmnv_getcap => 0x10000001 0x50000002 0x50000001 > # tpmnv_defindex -i owner -p p xxxx => OK > # tpmnv_getcap => 0x10000001 0x50000002 0x50000001 0x40000001 > # tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p xxxx => Failed with error 21 > # tpmnv_getcap => 0x10000001 0x50000002 0x50000001 0x40000001 > > My Bios is up-to-date (A11). > > Any idea? > > > Tanks, > Olivier Courtay The "Insufficient TPM resources" error is due to the TPM on this platform, which only support 4 NV indices. Three of these are already taken for TCG and TXT support. That means that you can only create one additional index. Joe |
