Menu
▾
▴
Re: [tboot-devel] LT.ERRORCODE = c00004f1
|
From: Cihula, J. <jos...@in...> - 2010-09-20 08:00:48
|
This would indicate that you are trying to launch when DMA remapping is already enabled. If you have rebooted the system, that should reset VT-d and you shouldn’t get this error. When are you trying to launch TXT?
Joe
From: Younghwan Go [mailto:yh...@ka...]
Sent: Friday, September 17, 2010 4:27 AM
To: tbo...@li...
Subject: [tboot-devel] LT.ERRORCODE = c00004f1
Hi.
I was working and got an error.
The LT.ERRORCODE is c00004f1.
According to this, progress value is 0fh and errorcode is 1.
This means that it's VT-d remap engine enabled.
I have iommu=on on the boot menu.
Can you tell me how I should do this? Should I delete iommu=on from the boot menu?
Thanks.
Younghwan Go
2010-08-17 오후 2:38, Cihula, Joseph 쓴 글:
You need to specify ‘iommu=on’ on the kernel command line—tboot is DMA protecting memory and the kernel needs to enable VT-d to open the DMA buffers. You should also be using a kernel built with CONFIG_INTEL_TXT.
Joe
From: Younghwan Go [mailto:yh...@ka...]
Sent: Monday, August 16, 2010 10:19 PM
To: Cihula, Joseph
Subject: Re: Hi Shane. I have question on tboot.
Hi Joe. Thank you for your email.
I did tpmnv_relindex and it fixed the reboot problem :D
But I encountered another problem after tboot :(
All things that start with [TBOOT] are done and then it starts to load ubuntu kernel.
However, it dies after giving out errors such as irq_stat 0x20000000 host bus error and can't find the boot block.
The same kernel can be booted without problem if it's booted without tboot.
Right now, I set it so that it goes straight from tboot to linux. I didn't put Xen.gz.
Is there a way to solve the problem?
If I need to show you the boot log, where can I get it because it doesn't seem to be stored anywhere.
Thanks.
Younghwan Go.
2010-08-17 오전 8:25, Cihula, Joseph 쓴 글:
Can you delete your owner index (0x40000001) and try again? You can do this with the tpmnv_relindex command in lcptools/ (load the driver and tcsd first).
Joe
________________________________
From: Younghwan Go [mailto:yh...@ka...]
Sent: 2010年8月13日 13:24
To: Wang, Shane
Subject: Re: Hi Shane. I have question on tboot.
Sorry. I forgot to include the last line.
0x10000001 0x50000001 0x40000001 0x1000f000 0x50000002 0x20000002 0x30000001 0x20000001
Thanks.
Younghwan Go.
2010-08-13 오후 2:04, Younghwan Go 쓴 글:
Hi.
I got this from tpmnv_getcap:
________________________________
The response data is:
10 00 00 01 50 00 00 01 40 00 00 01 10 00 f0 00
50 00 00 02 20 00 00 02 30 00 00 01 20 00 00 01
8 indices have been defined
list of indices for defined NV storage areas:
________________________________
What I meant was can tboot work without Xen?
I was using fedora before and that worked fine with just Xen, without tboot.
Now I'm trying with ubunt but Xen seems to now work for some reason.
Since in your README file, Xen is added in grub menu. That's why I was asking.
The problem with tboot is same for both fedora and ubuntu.
Thanks.
Younghwan Go.
2010-08-13 오후 1:56, Wang, Shane 쓴 글:
Thanks.
Can you run "tpmnv_getcap"(you can find it in lcptools/) on your system? before doing that, you need to run "modprobe tpm_tis interrupts=0 force=1" and "tcsd". What do you see?
Strange! The log says SINIT gets a TPM error. (The error code = 0). But in TPM, error code 0 means "success".
Do you mean you can boot Xen with tboot now but can't boot ubuntu with tboot? Is that correct?
Thanks.
Shane
________________________________
From: Younghwan Go [mailto:yh...@ka...]
Sent: 2010年8月13日 11:59
To: Wang, Shane
Subject: Re: Hi Shane. I have question on tboot.
Hi.
I got the whole TBOOT log. :)
Regarding the TPM, I checked with tpmmanager and confirmed that TPM is enabled and owner is set.
I used tpm_takeownership -z command.
I didn't fully understand the "define owner/aux indexes" part.
Do you mean have I followed the steps of the policy text file in the tboot folder?
There were some errors but eventually they were all successful.
Also I'm wondering if not using Xen causes a problem because I've been using ubuntu and Xen seems to now work on it.
Thank you for your help.
Younghwan Go.
________________________________
TBOOT: command line: logging=serial,vga,memory vga_delay = 5
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: read verified launch policy (256 bytes) from TPM NV
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 2
TBOOT: hashes[0]: cb f6 2a ab c6 c9 27 eb e4 1c 2b 8e d7 05 1d b5 28 b2 0b f8
TBOOT: hashes[1]: cb f6 2a ab c6 c9 27 eb e4 1c 2b 8e d7 05 1d b5 28 b2 0b f8
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 2
TBOOT: hashes[0]: ec 28 2d a7 e7 86 46 8a 7e a0 c1 bd fa 9e e2 78 7b 10 e9 6c
TBOOT: hashes[1]: ec 28 2d a7 e7 86 46 8a 7e a0 c1 bd fa 9e e2 78 7b 10 e9 6c
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: d3 51 45 c8 1a 52 50 2d 0e df 7b 30 86 01 f2 02 ea ae 10 9c
TBOOT: hashes[1]: d3 51 45 c8 1a 52 50 2d 0e df 7b 30 86 01 f2 02 ea ae 10 9c
TBOOT: hashes[2]: d3 51 45 c8 1a 52 50 2d 0e df 7b 30 86 01 f2 02 ea ae 10 9c
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: LT.ERRORCODE=c00028d1
TBOOT: AC module error : acm_type=1, progress=0d, error=a
TBOOT: TPM error code = 0
TBOOT: LT.ESTS=0
TBOOT: bios_data (@7f720008, 2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: CR0.NE not set
TBOOT: CR0 and EFLAGS OK
TBOOT: no machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
Last boot has error.
TBOOT: user-provided SINIT found: /boot/i7_QUAD_SINIT_20.BIN
TBOOT: chipset ids: vendor=8086, device=c002, revision=1
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor=8086, device=c002, flags=1, revision=7, extended=0
TBOOT: copied SINIT (size=aa80) to 7f700000
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_ide: 0xd130
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20100512
TBOOT: size*4: 0xaa80 (43648)
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:00008788
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18유, 0xac2e, {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 3
TBOOT: length: 0x28 (40)
TBOOT: chipset_id_list: 0x4e8
TBOOT: os_sinit_data_ver: 0x5
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x0000000e
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: acm_vers: 20
TBOOT: chipset list:
TBOOT: count: 1
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xc002
TBOOT: revision_id: 0x7
TBOOT: extended_id: 0x0
TBOOT: SINIT’s os_sinit_data version unsupported (5)
TBOOT: file addresses:
TBOOT: &_start=00803000
TBOOT: &_end=0084ec6c
TBOOT: &_mle_start=00803000
TBOOT: &_mle_end=00821000
TBOOT: &_post_launch_entry=00803020
TBOOT: &_txt_wakeup=008031f0
TBOOT: &g_mle_hdr=00818aa0
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000020
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=0
TBOOT: mle_end_off=1e000
TBOOT: capabilities: 0x00000003
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: MLE start=803000, end=821000, size=1e000
TBOOT: ptab_size=3000, ptab_base=00800000
TBOOT: bios_data (@7f720008, 2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0x7bcad440
TBOOT: min_hi_ram: 0x0, max_hi_ram: 0x0
TBOOT: no LCP manifest found
TBOOT: os_sinit_data (@7f720154, 5c):
TBOOT: version: 4TBOOT: mle_ptab: 0x800000TBOOT: mle_size: 0x1e000 (122880)
TBOOT: mle_hdr_base: 0x15920
TBOOT: vtd_pmr_los_base: 0x0
TBOOT: vtd_pmr_lo_size: 0x7bc00000
TBOOT: vtd_pmr_hi_base: 0x0
TBOOT: vtd_pmr_hi_size: 0x0
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: setting MTRRs for acmod: base=7f700000, size_aa80, num_pages=11
TBOOT: executing GETSEC[SENTER]...
________________________________
2010-08-12 오후 11:13, Wang, Shane 쓴 글:
PS: when I am saying TPM, I mean to check BIOS options.
________________________________
From: Wang, Shane
Sent: 2010年8月12日 22:12
To: 'Younghwan Go'
Subject: RE: Re: Hi Shane. I have question on tboot.
No. tboot is 32bit. Kernel can be 32b and 64b.
Hi, Get tboot hg repo from http://www.bughost.org/repos.hg/tboot.hg
And set vga_delay=5 (which means 5 seconds delay) in the grub command line to get the whole log.
Or, tell me whether or not you enable your TPM, take ownership, and define owner/aux indexes in it?
Shane
________________________________
From: Younghwan Go [mailto:yh...@ka...]
Sent: 2010年8月12日 14:57
To: Wang, Shane
Subject: Fwd: Re: Hi Shane. I have question on tboot.
Hi.
I sent you an email of the tboot log yesteryda.
I'm sending it just in case you missed it.
I have one more question. I was reading the README file and it said that Tboot is always build 32bit. Does that mean linux also has to be in 32bit? because mine is in 64bit.
Thanks.
Younghwan Go.
-------- 원본 메시지 --------
제목:
Re: Hi Shane. I have question on tboot.
날짜:
Wed, 11 Aug 2010 22:11:51 +0900
보낸 사람:
Younghwan Go <yh...@ka...><mailto:yh...@ka...>
받는 사람:
Wang, Shane <sha...@in...><mailto:sha...@in...>
Hi.
I've been trying to get the log from tboot.
Sinced I don't have serial port I was trying to find another way to get the log, but was not successful.
I partly got the tboot by just looking at the screen. this is the end part.
________________________________
TBOOT: o version: 3
TBOOT: o bios_sinit_size: 0x0 (0)
TBOOT: o lcp_pd_base: 0x0
TBOOT: o lcp_pd_size: 0x0 (0)
TBOOT: o num_logical_procs: 8
TBOOT: o flags: 0x0000000000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0x7bcad440
TBOOT: min_hi_ram: 0x0, max_hi_ram: 0x0
TBOOT: no LCP manifest found
TBOOT: os_sinit_data (@7f720154, 5c):
TBOOT: o version: 4
TBOOT: o mle_ptab: 0x800000
TBOOT: o mle_size: 0x1e000 (122880)
TBOOT: o mle_hdr_base: 0x15920
TBOOT: o vtd_pmr_los_base: 0x0
TBOOT: o vtd_pmr_lo_size: 0x7bc00000
TBOOT: o vtd_pmr_hi_base: 0x0
TBOOT: o vtd_pmr_hi_size: 0x0
TBOOT: o lcp_po_base: 0x0
TBOOT: o lcp_po_size: 0x0 (0)
TBOOT: o capabilities: 0x00000002
TBOOT: o rlp_wake_getsec: 0
TBOOT: o rlp_wake_monitor: 1
TBOOT: setting MTRRs for acmod: base=7f700000, size_aa80, num_pages=11
TBOOT: executing GETSEC[SENTER]...
________________________________
I also saw parts such as
no machine check erros
user provided SINIT found: /boot/i7_QUAD_SINIT_20.BIN
SINIT' .... sinit_data version unsupported (5)
TPM error code 0
policy_type: TP_POLTYPE_CONT_NON_FATAL
policy_control: 00000001 (EXTEND_PCR17)
num_entries: 2
policy entry[0]:
mod_num: 0
pcr: none
hash_type: TB_HTYPE_ANY
num_hashes: 0
policy entry[1]:
mod_num: any
pcr: 19
hash_type: TB_HTYPE_ANY
num_hashes: 0
no policy in TPM NV
IA32_FEATURE_CONTROL_MSR: 0000ff07
CPU is SMX-capable
CPU is VMX-capable
SMX is enabled
________________________________
I couldn't find any TXT.ERRORCODE during boot.
I hope this is enough for you to see what the problem is.
I'm still trying to find another way to get the log.
Sincerely,
Younghwan Go
2010-08-11 오후 2:29, Wang, Shane 쓴 글:
Hi
Do you have serial port? If you have, can you send me the serial log. (here the log what you send is not what I want). I want something like "TBOOT.......". If you don't have, you must see on the screen. Can you show me "TXT.ERRORCODE=???" after you boot your system at the second time, and show me as more as possible on the screen?
Thanks.
Shane
________________________________
From: Younghwan Go [mailto:yh...@ka...]
Sent: 2010年8月11日 12:35
To: Wang, Shane
Subject: Hi Shane. I have question on tboot.
Hi Shane. My name is Younghwan Go.
I'm a student in Korean University called KAIST.
I've been studying on trusted computing and came upon your tboot project.
I tried to run it on my computer after following the steps you posted.
But when I did, I faced some problems I couldn't solve.
________________________________
My machine spec is as follows:
CPU : Intel Core i7-860 (2.8GHz)
M/B : Intel Q57 PCM
RAM : 6GB DDR3 SDRAM PC3-10600/1333Mhz
Graphics Card : Geforce GTX460 DDR5 1GB
My OS is running on:
Fedora 13, kernel 2.6.32.16.
menu.lst:
title Xen w/ Intel(R) Trusted Execution Technology - Fedora (2.6.32.16)
root (hd0,0)
kernel /tboot.gz logging=serial,vga,memory
module /xen.gz iommu=1 dom0_mem=524288 com1=115200,8n1
module /vmlinuz-2.6.32.16 ro root=/dev/mapper/vg_ndslpc2-lv_root rd_LVM_LV=vg_ndslpc2/lv_root rd_LVM_LV=vg_ndslpc2/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=us nomodeset rhgb quiet intel_iommu=on 3
module /initramfs-2.6.32.16.img
module /i7_QUAD_SINIT_20.BIN
log message:
Aug 10 15:40:05 ndsl-pc2 init: tty (/dev/tty2) main process (1674) killed by TERM signal
Aug 10 15:40:05 ndsl-pc2 init: system-setup-keyboard main process (1078) killed by TERM signal
Aug 10 15:40:05 ndsl-pc2 init: tty (/dev/tty3) main process (1677) killed by TERM signal
Aug 10 15:40:05 ndsl-pc2 init: tty (/dev/tty4) main process (1680) killed by TERM signal
Aug 10 15:40:05 ndsl-pc2 init: tty (/dev/tty5) main process (1683) killed by TERM signal
Aug 10 15:40:05 ndsl-pc2 init: tty (/dev/tty6) main process (1686) killed by TERM signal
Aug 10 15:40:05 ndsl-pc2 console-kit-daemon[1756]: WARNING: Couldn't read /proc/2144/environ: Failed to open file '/proc/2144/environ': No such file or directory
Aug 10 15:40:05 ndsl-pc2 avahi-daemon[1313]: Got SIGTERM, quitting.
Aug 10 15:40:05 ndsl-pc2 avahi-daemon[1313]: Leaving mDNS multicast group on interface virbr0.IPv4 with address 192.168.122.1.
Aug 10 15:40:05 ndsl-pc2 avahi-daemon[1313]: Leaving mDNS multicast group on interface eth0.IPv4 with address 143.248.151.113.
Aug 10 15:40:05 ndsl-pc2 libvirtd: 15:40:05.637: warning : qemudDispatchSignalEvent:396 : Shutting down on signal 15
Aug 10 15:40:06 ndsl-pc2 abrtd: UnRegistered Reporter plugin Bugzilla
Aug 10 15:40:06 ndsl-pc2 abrtd: UnRegistered Analyzer plugin CCpp
Aug 10 15:40:06 ndsl-pc2 abrtd: UnRegistered Analyzer plugin Kerneloops
Aug 10 15:40:06 ndsl-pc2 abrtd: UnRegistered Reporter plugin KerneloopsReporter
Aug 10 15:40:06 ndsl-pc2 abrtd: UnRegistered Action plugin KerneloopsScanner
Aug 10 15:40:06 ndsl-pc2 abrtd: UnRegistered Reporter plugin Logger
Aug 10 15:40:06 ndsl-pc2 abrtd: UnRegistered Analyzer plugin Python
Aug 10 15:40:06 ndsl-pc2 abrtd: Got signal 15, exiting
Aug 10 15:40:10 ndsl-pc2 acpid: exiting
Aug 10 15:40:11 ndsl-pc2 ntpd[1498]: ntpd exiting on signal 15
Aug 10 15:40:11 ndsl-pc2 rpc.statd[1329]: Caught signal 15, un-registering and exiting
Aug 10 15:40:11 ndsl-pc2 NetworkManager[1302]: <info> caught signal 15, shutting down normally.
Aug 10 15:40:11 ndsl-pc2 NetworkManager[1302]: <info> exiting (success)
Aug 10 15:40:11 ndsl-pc2 rpcbind: rpcbind terminating on signal. Restart with "rpcbind -w"
Aug 10 15:40:11 ndsl-pc2 rtkit-daemon[1950]: Demoting known real-time threads.
Aug 10 15:40:11 ndsl-pc2 rtkit-daemon[1950]: Demoted 0 threads.
Aug 10 15:40:11 ndsl-pc2 console-kit-daemon[1756]: WARNING: no sender#012
Aug 10 15:40:11 ndsl-pc2 init: Disconnected from system bus
Aug 10 15:40:12 ndsl-pc2 auditd[1193]: The audit daemon is exiting.
Aug 10 15:40:12 ndsl-pc2 kernel: type=1305 audit(1281422412.008:35): audit_pid=0 old=1193 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1
Aug 10 15:40:12 ndsl-pc2 cpuspeed: Disabling ondemand cpu frequency scaling governor
Aug 10 15:40:12 ndsl-pc2 kernel: Kernel logging (proc) stopped.
Aug 10 15:40:12 ndsl-pc2 rsyslogd: [origin software="rsyslogd" swVersion="4.4.2" x-pid="1220" x-info="http://www.rsyslog.com"] exiting on signal 15.
________________________________
The problem is when I add the SINIT module in menu.lst, whenever it is booting, it restarts after printing out
"Executing GETSEC[SENTER]..."
I tried tboot without SINIT module and it worked fine by just skipping tboot.
Can you help me solve this problem?
Thanks.
Sincerely,
Younghwan Go.
|
