Menu
▾
▴
Re: [tboot-devel] tboot policy problems
|
From: Ross P. <Ros...@ci...> - 2008-12-09 14:16:11
|
I was referred to an earlier thread where this was discussed: "Question on feature control bits and some observations". I was not implying that this was a bug or a mis-configuration; it is a valid configuration for the BIOS to setup. I have only seen it on one platform so far. We put the message in Xen just to give people a hint as to why Xen failed to enter VMX mode. I don't think there is a way around it other than turning TXT on and off depending on what you are doing. Thanks Ross From: Do, Tam T. [mailto:td...@sw...] Sent: Tuesday, December 09, 2008 9:08 AM To: Ross Philipson; Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] tboot policy problems If this is the case, Is there an easy way to enable running HVM domains with TXT enabled? --Tam Do ________________________________ From: Ross Philipson [mailto:Ros...@ci...] Sent: Monday, December 08, 2008 6:40 PM To: Do, Tam T.; Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] tboot policy problems > When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. Yeah I think we added that message in Xen a few months back. We saw that on certain platforms the BIOS was setting up the MSR feature bits to where if you had TXT enabled you had to enter SMX mode to enable VMX mode. It was definitely something OEM BIOS specific - I saw it on a Dell 755. Thanks Ross ________________________________ From: Do, Tam T. [mailto:td...@sw...] Sent: Mon 12/8/2008 6:53 PM To: Cihula, Joseph; tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
