Menu
▾
▴
Re: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
|
From: Michael N. <mik...@ho...> - 2011-10-03 04:38:20
|
Screen shots will have to do for now (txt-stat can't retrieve the tboot memory log and I can't find a null modem cable): http://www.tnld.net/~mikenel/txt.html I included the txt-stat log with the TXT.ERRORCODE as well. Thanks,-mike From: jos...@in... To: mik...@ho...; tbo...@li... Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45 Date: Sat, 1 Oct 2011 22:09:49 +0000 Hmm… I don’t see any posting from you after the one below. But if you want to continue with this system, can you post your serial or memory log. Joe From: Michael Nelson [mailto:mik...@ho...] Sent: Saturday, October 01, 2011 3:05 PM To: Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45 In the case below, I wasn't passing any options in GRUB. As I noted in a later posting, I was able to get past the MLE error by doing a cold reboot after configuring things correctly. Unfortunately now the machine reboots shortly after SENTER is called. Looking at the TXT error code on reboot, the progress code is 0xf and the error code is unlisted in sinit_errors.txt (can't remember the exact #). I looked around in the BIOS settings, but I don't see options that might help that situation. I will be getting a Q67 system (Intel motherboard) next week, so hopefully I will have better luck with that. Thanks for your help. -mike From: jos...@in... To: mik...@ho...; tbo...@li... Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45 Date: Thu, 29 Sep 2011 17:49:08 +0000 You aren’t passing a command line string (-c “…”) to lcp_mlehash—is it the case that your grub.conf file doesn’t have any command line options for tboot? Joe From: Michael Nelson [mailto:mik...@ho...] Sent: Tuesday, September 27, 2011 7:06 PM To: tbo...@li... Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45 (Using tboot-1.6 + Q45_Q43_SINIT_19.BIN) I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things but I am stuck at this point trying to figure out what's wrong. Here are the commands that I have run (after taking ownership and creating the NV storage): lcp_mlehash /boot/tboot.gz > mlehash lcp_crtpol -t hashonly -m mle_hash -o lcp.pol lcp_writepol -i owner -f lcp.pol -p password I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet. Any help would be appreciated. Thanks, -mike |
