Menu
▾
▴
tboot-devel — Developer support
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(19) |
Feb
(24) |
Mar
(8) |
Apr
(14) |
May
(8) |
Jun
(10) |
Jul
(14) |
Aug
(3) |
Sep
(13) |
Oct
(27) |
Nov
(39) |
Dec
(24) |
| 2009 |
Jan
(19) |
Feb
(4) |
Mar
(2) |
Apr
(15) |
May
|
Jun
(2) |
Jul
(44) |
Aug
(21) |
Sep
(20) |
Oct
(2) |
Nov
(1) |
Dec
(7) |
| 2010 |
Jan
(7) |
Feb
(10) |
Mar
(2) |
Apr
(12) |
May
(7) |
Jun
(2) |
Jul
(18) |
Aug
(11) |
Sep
(4) |
Oct
(25) |
Nov
(8) |
Dec
(1) |
| 2011 |
Jan
(27) |
Feb
(2) |
Mar
(19) |
Apr
(8) |
May
(16) |
Jun
(11) |
Jul
(9) |
Aug
(9) |
Sep
(35) |
Oct
(9) |
Nov
(8) |
Dec
(32) |
| 2012 |
Jan
(37) |
Feb
(20) |
Mar
(2) |
Apr
(24) |
May
(4) |
Jun
(3) |
Jul
(5) |
Aug
(21) |
Sep
(8) |
Oct
(15) |
Nov
(1) |
Dec
(7) |
| 2013 |
Jan
(4) |
Feb
(8) |
Mar
(38) |
Apr
(9) |
May
(42) |
Jun
(4) |
Jul
(21) |
Aug
(4) |
Sep
|
Oct
(7) |
Nov
(2) |
Dec
(3) |
| 2014 |
Jan
(8) |
Feb
(8) |
Mar
(5) |
Apr
(9) |
May
(19) |
Jun
(1) |
Jul
(10) |
Aug
(25) |
Sep
(6) |
Oct
(2) |
Nov
(5) |
Dec
(1) |
| 2015 |
Jan
|
Feb
|
Mar
(5) |
Apr
|
May
(12) |
Jun
|
Jul
(2) |
Aug
(5) |
Sep
(11) |
Oct
(5) |
Nov
(3) |
Dec
(1) |
| 2016 |
Jan
(2) |
Feb
(24) |
Mar
|
Apr
(6) |
May
(26) |
Jun
(20) |
Jul
(8) |
Aug
(15) |
Sep
(21) |
Oct
(1) |
Nov
(7) |
Dec
(24) |
| 2017 |
Jan
(12) |
Feb
(2) |
Mar
(6) |
Apr
(8) |
May
(18) |
Jun
(13) |
Jul
(12) |
Aug
(8) |
Sep
(5) |
Oct
(1) |
Nov
|
Dec
|
| 2018 |
Jan
(2) |
Feb
(12) |
Mar
(8) |
Apr
(5) |
May
(7) |
Jun
(1) |
Jul
(4) |
Aug
(8) |
Sep
(2) |
Oct
(3) |
Nov
(4) |
Dec
(3) |
| 2019 |
Jan
(8) |
Feb
|
Mar
(2) |
Apr
|
May
(3) |
Jun
(4) |
Jul
(1) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2020 |
Jan
(25) |
Feb
(12) |
Mar
(2) |
Apr
(13) |
May
(44) |
Jun
(9) |
Jul
|
Aug
(3) |
Sep
(5) |
Oct
(4) |
Nov
(2) |
Dec
|
| 2021 |
Jan
(6) |
Feb
|
Mar
(7) |
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
(16) |
Sep
(4) |
Oct
(6) |
Nov
(1) |
Dec
(6) |
| 2022 |
Jan
(5) |
Feb
(4) |
Mar
(22) |
Apr
(6) |
May
(4) |
Jun
(17) |
Jul
(2) |
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(2) |
| 2023 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2024 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(3) |
|
From: Cihula, J. <jos...@in...> - 2011-03-28 23:40:02
|
> From: Jonathan McCune [mailto:jon...@cm...]
> Sent: Sunday, March 20, 2011 10:06 AM
>
> Hello,
>
> tboot-20101005 is rebooting at GETSEC[SENTER]. Here is information about the system:
>
> Laptop: Dell Latitude E6400 with BIOS rev A28 (latest available as of 2011.03.20). VT-d, VT-x,
> TXT, TPM are all enabled in BIOS.
>
> SINIT: GM45_GS45_PM45_SINIT_21.BIN
>
> tboot-20101005, both default and debug builds. No LCP configured.
>
>
> TPM: Broadcom:
>
> $ tpm_version
> TPM 1.2 Version Info:
> Chip Version: 1.2.7.11
> Spec Level: 2
> Errata Revision: 1
> TPM Vendor ID: BRCM
> TPM Version: 01010000
> Manufacturer Info: 4252434d
>
> Note that it did not ship with an Endorsement Key. I did tpm_createek and tpm_takeownership
> with trousers from Ubuntu Linux v9.04.
>
> Attached is the logfile harvested with txt-stat after a reboot.
> TXT.ERRORCODE is 0xc00040d1, which is "AC module error : acm_type=1, progress=0d, error=0",
Actually, it is
TXT.ERRORCODE: 0xc00040d1
AC module error :
acm_type: 0x1
progress: 0x0d
error: 0x10
> with description "TPM_Extend Attempt" in sinit_errors.txt.
which is:
10000 TPM PCR 17 extend failed
>
> I haven't seen this before and I'm not sure how to interpret it. The TPM works fine in Linux.
> It looks like tboot's GetCapability calls to the TPM are returning meaningful values, so it
> looks like tboot is interacting with the TPM in a reasonable way.
>
> Any ideas on what might be wrong?
This is caused by an early version of the TPM FW. You can get an update from your OEM (at http://support.dell.com/support/downloads/download.aspx?c=us&cs=08&l=en&s=bsdr&releaseid=R288913&SystemID=lat_e6410&servicetag=B7B23M1&os=W764&osl=en&deviceid=21505&devlib=0&typecnt=0&vercnt=3&catid=-1&impid=-1&formatcnt=0&libid=66&typeid=-1&dateid=-1&formatid=-1&source=-1&fileid=430067 for some systems).
Joe
|
|
From: Cihula, J. <jos...@in...> - 2011-03-28 16:30:19
|
> From: Jonathan McCune [mailto:jon...@cm...] > Sent: Friday, March 25, 2011 3:12 PM > > Hello list, > > This page says tboot's license is the GPL: > http://sourceforge.net/projects/tboot/ > > ...but the source files in the latest version all look like they are > covered by a BSD-style license. > > Could you please resolve the ambiguity? Thanks for pointing that out. After we converted to BSD (the current license), we forgot to update the SF license category. It's fixed now. Joe > > Thanks! > -Jon > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Sansar C. <sun...@ya...> - 2011-03-28 14:14:44
|
Never mind my last mail. I've solved the problem.I've updated my linux kernel to 2.6.38 (my old kernel was 2.6.35) and configured tboot through GRUB2. CheersSansar --- On Mon, 3/28/11, Sansar Choinyambuu <sun...@ya...> wrote: From: Sansar Choinyambuu <sun...@ya...> Subject: [tboot-devel] Boot hangs on transferring control to Linux kernel To: "tbo...@li..." <tbo...@li...> Date: Monday, March 28, 2011, 6:16 AM Hello I've now the following set of hardware:Intel DQ57TM board (with q57 Chipset) and Core i5 660 processor.I've updated my BIOS to the latest available version of 22.03.2011.I've enabled TPM, VT-d, TXT enabled in BIOS and taken ownership of my TPM with well known passwords. Following is my menu.lst : title Ubuntu 10.10, kernel 2.6.35-25-generic w/ Intel(R) Trusted Execution Technology kernel /boot/tboot.gz logging=serial,vga,memory module /boot/vmlinuz-2.6.35-25-generic root=UUID=154e4bc5-aa94-4e1d-9f1c-e6c5cda3ed38 ro quiet splash module /boot/initrd.img-2.6.35-25-generic module /boot/i5_i7_DUAL_SINIT_18.BIN Now the problem is, TBOOT hangs on the screen on which I could see the following, then I've to power down to boot again. TBOOT: no LCP module found TBOOT: Error: ELF magic number is not matched TBOOT: assuming kernel is Linux format TBOOT: Initrd from 0x7e167000 to 0x7ffff000 TBOOT: kernel (protected mode) from 0x10000000 0x142004d0 TBOOT: kernel (real mode) from 0x90000 to 0x93600 TBOOT: transferring control to kernel @0x1000000 TBOOT: VMXOFF done for cpu 1 TBOOT: cpu 1 is waking up, SIPI vector=10000 TBOOT: VMXOFF done for cpu 4 TBOOT: cpu 4 is waking up, SIPI vector=10000 TBOOT: VMXOFF done for cpu 5 TBOOT: cpu 5 is waking up, SIPI vector=10000 The following is the output I was able to get using tboot/utils/txt-stat : Intel(r) TXT Configuration Registers: STS: 0x00000002 senter_done: FALSE sexit_done: TRUE mem_unlock: FALSE mem_config_lock: FALSE private_open: FALSE mem_config_ok: FALSE ESTS: 0x00 txt_reset: FALSE txt_wake_error: FALSE E2STS: 0x0000000000000000 slp_entry_error: FALSE secrets: FALSE block_mem: FALSE reset: FALSE ERRORCODE: 0x00000000 DIDVID: 0x0000001fa0008086 vendor_id: 0x8086 device_id: 0xa000 revision_id: 0x1f SINIT.BASE: 0xcb700000 SINIT.SIZE: 131072B (0x20000) HEAP.BASE: 0xcb720000 HEAP.SIZE: 917504B (0xe0000) DPR: 0x00000000cb800031 lock: TRUE top: 0xcb800000 size: 3MB (3145728B)*********************************************************** TXT measured launch: FALSE secrets flag set: FALSE***********************************************************bios_data (@0x7f4faf930018, 2c): version: 3 bios_sinit_size: 0x0 (0) lcp_pd_base: 0x0 lcp_pd_size: 0x0 (0) num_logical_procs: 4 flags: 0x00000000unable to find TBOOT log Could somebody help me further on? Thanks in advanceSansar Choinyambuu -----Inline Attachment Follows----- ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar -----Inline Attachment Follows----- _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Sansar C. <sun...@ya...> - 2011-03-28 13:16:27
|
Hello I've now the following set of hardware:Intel DQ57TM board (with q57 Chipset) and Core i5 660 processor.I've updated my BIOS to the latest available version of 22.03.2011.I've enabled TPM, VT-d, TXT enabled in BIOS and taken ownership of my TPM with well known passwords. Following is my menu.lst : title Ubuntu 10.10, kernel 2.6.35-25-generic w/ Intel(R) Trusted Execution Technology kernel /boot/tboot.gz logging=serial,vga,memory module /boot/vmlinuz-2.6.35-25-generic root=UUID=154e4bc5-aa94-4e1d-9f1c-e6c5cda3ed38 ro quiet splash module /boot/initrd.img-2.6.35-25-generic module /boot/i5_i7_DUAL_SINIT_18.BIN Now the problem is, TBOOT hangs on the screen on which I could see the following, then I've to power down to boot again. TBOOT: no LCP module found TBOOT: Error: ELF magic number is not matched TBOOT: assuming kernel is Linux format TBOOT: Initrd from 0x7e167000 to 0x7ffff000 TBOOT: kernel (protected mode) from 0x10000000 0x142004d0 TBOOT: kernel (real mode) from 0x90000 to 0x93600 TBOOT: transferring control to kernel @0x1000000 TBOOT: VMXOFF done for cpu 1 TBOOT: cpu 1 is waking up, SIPI vector=10000 TBOOT: VMXOFF done for cpu 4 TBOOT: cpu 4 is waking up, SIPI vector=10000 TBOOT: VMXOFF done for cpu 5 TBOOT: cpu 5 is waking up, SIPI vector=10000 The following is the output I was able to get using tboot/utils/txt-stat : Intel(r) TXT Configuration Registers: STS: 0x00000002 senter_done: FALSE sexit_done: TRUE mem_unlock: FALSE mem_config_lock: FALSE private_open: FALSE mem_config_ok: FALSE ESTS: 0x00 txt_reset: FALSE txt_wake_error: FALSE E2STS: 0x0000000000000000 slp_entry_error: FALSE secrets: FALSE block_mem: FALSE reset: FALSE ERRORCODE: 0x00000000 DIDVID: 0x0000001fa0008086 vendor_id: 0x8086 device_id: 0xa000 revision_id: 0x1f SINIT.BASE: 0xcb700000 SINIT.SIZE: 131072B (0x20000) HEAP.BASE: 0xcb720000 HEAP.SIZE: 917504B (0xe0000) DPR: 0x00000000cb800031 lock: TRUE top: 0xcb800000 size: 3MB (3145728B)*********************************************************** TXT measured launch: FALSE secrets flag set: FALSE***********************************************************bios_data (@0x7f4faf930018, 2c): version: 3 bios_sinit_size: 0x0 (0) lcp_pd_base: 0x0 lcp_pd_size: 0x0 (0) num_logical_procs: 4 flags: 0x00000000unable to find TBOOT log Could somebody help me further on? Thanks in advanceSansar Choinyambuu |
|
From: Jonathan M. <jon...@cm...> - 2011-03-25 22:12:22
|
Hello list, This page says tboot's license is the GPL: http://sourceforge.net/projects/tboot/ ...but the source files in the latest version all look like they are covered by a BSD-style license. Could you please resolve the ambiguity? Thanks! -Jon |
|
From: Jianan H. <ju...@gm...> - 2011-03-22 01:20:53
|
Agreed. Perhaps Xeon 56xx is the only series that supports TXT, AES and VMX unrestricted mode. A good start for developer. Expecting the modules. Thanks, Jianan Hao On Tue, Mar 22, 2011 at 1:48 AM, Jonathan McCune <jon...@cm...> wrote: > I have the same questions regarding the availability of SINIT modules > for Xeon-centric chipsets. The 5520 is a good place to start. Any > info? > > Thanks, > -Jon > > > On Fri, Mar 18, 2011 at 1:59 PM, J Chapman Flack <jf...@ma...> > wrote: > > original question: > > > > Hi, > > > > I'm going to be building a system on Intel's S5520SC board, which > > uses a 5520 chipset with 82801JIR ICH10R and an ST19PN18-based TPM. > > X5650 will be the processor. It seems that this hardware should > > support tboot; is there an SINIT ACM available? If it is one of > > those available through this project, which one is it? None of the > > names looked like an obvious match. > > > > Thanks, > > Chapman Flack > > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel > |
|
From: Jonathan M. <jon...@cm...> - 2011-03-21 17:50:17
|
I have the same questions regarding the availability of SINIT modules for Xeon-centric chipsets. The 5520 is a good place to start. Any info? Thanks, -Jon On Fri, Mar 18, 2011 at 1:59 PM, J Chapman Flack <jf...@ma...> wrote: > original question: > > Hi, > > I'm going to be building a system on Intel's S5520SC board, which > uses a 5520 chipset with 82801JIR ICH10R and an ST19PN18-based TPM. > X5650 will be the processor. It seems that this hardware should > support tboot; is there an SINIT ACM available? If it is one of > those available through this project, which one is it? None of the > names looked like an obvious match. > > Thanks, > Chapman Flack |
|
From: Sansar C. <sun...@ya...> - 2011-03-21 08:29:42
|
Hello
My last mail might had been dropped from the mailing list. Hence, I'm also attaching my last mail here.
Now the new question. Since it could be that there's no compatible AC module available for my hardware (Intel® 3450 Chipset and Core i5 Processor) we are planning to buy new board Intel Desktop Board DQ67SW which is compatable with i3, i5 and i7 processors and has Q67 Express Chipset.
To be on the safe side, I would like to ask if the SINIT AC module i5_i7_DUAL_SINIT_18.BIN would work with it (or if there is specific AC module for the Q67 Express chipset)?
CheersSunny
--- On Wed, 3/2/11, Sansar Choinyambuu <sun...@ya...> wrote:
From: Sansar Choinyambuu <sun...@ya...>
Subject: Fw: RE: [tboot-devel] generic fatal error
To: tbo...@li...
Date: Wednesday, March 2, 2011, 12:58 AM
Hello Joseph
Thanks for the reply.I've today made an update to the BIOS with the latest one that's
offered on Fujitsu support site, but the problem stays exactly same.
First thing is I don't know if the i5_i7_DUAL_SINIT_18.BIN is the correct SINIT AC module for my hardware.
My processor is: Intel® Core™ i5-660 processor (2 Cores / 4 Threads, 3.33 GHz, 4 MB, Intel® HD Graphics)The Chipset is: Intel® 3450
Now I have the BIOS : FUJITSU // Phoenix Technologies Ltd. Version 6.00 R1.20.2917.A1 (08/18/2010)
I hope it provides enough info on my platform.
Best regardsSunny
--- On Wed, 2/23/11, Cihula, Joseph <jos...@in...> wrote:
This indicates that the BIOS is not correctly setting up TXT. Please make sure that you’re using the latest BIOS version. If you are, or still see the failure after that, send me the platform model information and BIOS version. Joe Hello
I've been trying to boot my system with tboot, unsuccessfully. I have Ubuntu 10.10 x86_64 version, kernel 2.6.35-25 installed on Fujitsu celsius 380 PC with Intel® Core™ i5-660 processor, with Intel® 345 chipset.
I got the TPM , VT,VT-d,TXT enabled in BIOS.I've installed latest trousers package tpm_tools and taken ownership of my TPM.
I've installed tboot-20101005.tar.gz and I've downloaded i5_i7_DUAL_SINIT_18.BIN from tboot sourceforge site. I am not really sure if this SINIT module the correct one for my chipset.My menu.lst configuration:title Ubuntu 10.10, kernel 2.6.35-25-generic w/ Intel(R) Trusted Execution Technologykernel /boot/tboot.gz logging=serial,vga,memorymodule /boot/vmlinuz-2.6.35-25-generic root=UUID=154e4bc5-aa94-4e1d-9f1c-e6c5cda3ed38 ro quiet splashmodule /boot/initrd.img-2.6.35-25-genericmodule /boot/i5_i7_DUAL_SINIT_18.BIN The boot hangs on the display where I could see following lines:
TBOOT: Error : write TPM error :0x2.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE=0
TBOOT: LT.ESTS=0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: Unsupported BIOS data version(4026589891)
TBOOT: BIOS data specifies too many CPU's (4026597029)
TBOOT: Generic fatal
error.
TBOOT: TPM: tpm_validate_locality
timeout
TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_HALT
Every answers and insight would be much appreciated.
Thanks
Sunny
|
|
From: Jonathan M. <jon...@cm...> - 2011-03-20 17:06:34
|
Hello, tboot-20101005 is rebooting at GETSEC[SENTER]. Here is information about the system: Laptop: Dell Latitude E6400 with BIOS rev A28 (latest available as of 2011.03.20). VT-d, VT-x, TXT, TPM are all enabled in BIOS. SINIT: GM45_GS45_PM45_SINIT_21.BIN tboot-20101005, both default and debug builds. No LCP configured. TPM: Broadcom: $ tpm_version TPM 1.2 Version Info: Chip Version: 1.2.7.11 Spec Level: 2 Errata Revision: 1 TPM Vendor ID: BRCM TPM Version: 01010000 Manufacturer Info: 4252434d Note that it did not ship with an Endorsement Key. I did tpm_createek and tpm_takeownership with trousers from Ubuntu Linux v9.04. Attached is the logfile harvested with txt-stat after a reboot. TXT.ERRORCODE is 0xc00040d1, which is "AC module error : acm_type=1, progress=0d, error=0", with description "TPM_Extend Attempt" in sinit_errors.txt. I haven't seen this before and I'm not sure how to interpret it. The TPM works fine in Linux. It looks like tboot's GetCapability calls to the TPM are returning meaningful values, so it looks like tboot is interacting with the TPM in a reasonable way. Any ideas on what might be wrong? Thanks, -Jon |
|
From: J C. F. <jf...@ma...> - 2011-03-18 17:59:26
|
Wang, Shane wrote: > Can you repost your question? > Seems the email system dropped your previous email. Hmm ... maybe because I posted without joining and it had to go through moderation? It did appear in the archives though ... odd. original question: Hi, I'm going to be building a system on Intel's S5520SC board, which uses a 5520 chipset with 82801JIR ICH10R and an ST19PN18-based TPM. X5650 will be the processor. It seems that this hardware should support tboot; is there an SINIT ACM available? If it is one of those available through this project, which one is it? None of the names looked like an obvious match. Thanks, Chapman Flack |
|
From: Wang, S. <sha...@in...> - 2011-03-18 16:46:30
|
Can you repost your question? Seems the email system dropped your previous email. Thanks. Shane > -----Original Message----- > From: J Chapman Flack [mailto:jf...@ma...] > Sent: Friday, March 18, 2011 9:05 AM > To: tbo...@li... > Subject: Re: [tboot-devel] SINIT ACM for X5650 and 5520 chipset? > > Anybody? Am I asking in the right place? > > Thanks, > Chapman Flack > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: J C. F. <jf...@ma...> - 2011-03-18 16:04:42
|
Anybody? Am I asking in the right place? Thanks, Chapman Flack |
|
From: J C. F. <jf...@ma...> - 2011-03-15 19:34:10
|
Hi, I'm going to be building a system on Intel's S5520SC board, which uses a 5520 chipset with 82801JIR ICH10R and an ST19PN18-based TPM. X5650 will be the processor. It seems that this hardware should support tboot; is there an SINIT ACM available? If it is one of those available through this project, which one is it? None of the names looked like an obvious match. Thanks, Chapman Flack |
|
From: Wang, S. <sha...@in...> - 2011-03-10 20:11:42
|
It is not probably you get hangs here. I guess it might hang in the kernel when booting with tboot. Can you show more messages printed out by kernel on the serial port if you have?
If not, another method you can try is to disable TXT in the BIOS, in that case, tboot will not do verified launch but still pass the control from tboot to the kernel. See what will happen in this way.
Thanks
Shane
From: 魏成龙 [mailto:wei...@gm...]
Sent: Thursday, March 10, 2011 12:05 AM
To: tboot-devel
Subject: [tboot-devel] TBOOT: transfering control to kernel "hang"
Hello:
I am installing Tboot now, but I have a problem right after tboot. My PC is Thinkpad T400 with Fedora 13, kernel linux-2.6.36. I have downloaded SINIT(GM45_GS45_PM45_SINIT_21.BIN) and installed tboot-20101005-1.fc13.src.rpm.
However, after tboot, it stopped at "TBOOT: transfering control to kernel @0xc00000...". Just hanged on the screen and the mouse cursor flashed as usual. I have updated bios to the newest and enabled TXT, VT-d, TPM, VT in the bios. File grub.conf is as follows:
title Fedora (2.6.36) with tboot
root (hd0,4)
kernel /tboot.gz logging=serial,vga,memory vga_delay=5
module /vmlinuz-2.6.36 intel_iommu=on ro root=/dev/mapper/VolGroup-lv_ root rd_LVM_LV=VolGroup/lv_root rd_LVM_LV=VolGroup/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=zh_CN.UTF-8 KEYTABLE=us rhgb quiet console=ttyS0,115200 3
module /initramfs-2.6.36.img
module /GM45_GS45_PM45_SINIT_21.BIN
During Tboot, I can see measured results of PCR 17 and PCR 18 and some message like:
"TBOOT: meseared launch suceeded".
And the last mesage of TBOOT was:
"TBOOT: Error: ELF magic number is not matched.
TBOOT: assuming kernel is Linux format
TBOOT: Initrd from 0x7665f000 to 0x 791a0200
TBOOT: Kernel (protected mode) from 0xc00000 to 0x f58f00
TBOOT: Kernel (real mode) from 0x90000 to 0x93c00
TBOOT: transfering control to kernel @0xc00000...".
Then it stopped right here. I think it just a problem tranfering control to kernel. And without tboot I could enter the system, so I think it's not the kernel's error. Would you give me some advice to solve this problem.
Thanks!
2011-03-10
________________________________
魏成龙
|
|
From: 魏. <wei...@gm...> - 2011-03-10 08:05:11
|
Hello:
I am installing Tboot now, but I have a problem right after tboot. My PC is Thinkpad T400 with Fedora 13, kernel linux-2.6.36. I have downloaded SINIT(GM45_GS45_PM45_SINIT_21.BIN) and installed tboot-20101005-1.fc13.src.rpm.
However, after tboot, it stopped at "TBOOT: transfering control to kernel @0xc00000...". Just hanged on the screen and the mouse cursor flashed as usual. I have updated bios to the newest and enabled TXT, VT-d, TPM, VT in the bios. File grub.conf is as follows:
title Fedora (2.6.36) with tboot
root (hd0,4)
kernel /tboot.gz logging=serial,vga,memory vga_delay=5
module /vmlinuz-2.6.36 intel_iommu=on ro root=/dev/mapper/VolGroup-lv_ root rd_LVM_LV=VolGroup/lv_root rd_LVM_LV=VolGroup/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=zh_CN.UTF-8 KEYTABLE=us rhgb quiet console=ttyS0,115200 3
module /initramfs-2.6.36.img
module /GM45_GS45_PM45_SINIT_21.BIN
During Tboot, I can see measured results of PCR 17 and PCR 18 and some message like:
"TBOOT: meseared launch suceeded".
And the last mesage of TBOOT was:
"TBOOT: Error: ELF magic number is not matched.
TBOOT: assuming kernel is Linux format
TBOOT: Initrd from 0x7665f000 to 0x 791a0200
TBOOT: Kernel (protected mode) from 0xc00000 to 0x f58f00
TBOOT: Kernel (real mode) from 0x90000 to 0x93c00
TBOOT: transfering control to kernel @0xc00000...".
Then it stopped right here. I think it just a problem tranfering control to kernel. And without tboot I could enter the system, so I think it's not the kernel's error. Would you give me some advice to solve this problem.
Thanks!
2011-03-10
魏成龙
|
|
From: Sansar C. <sun...@ya...> - 2011-03-02 08:58:17
|
ubuntu@ubuntu:~$ sudo lshw
PCI (sysfs)
ubuntu
description: Tower Computer
product: CELSIUS W380
vendor: FUJITSU
version: C$W380
serial: YL1N027464
width: 64 bits
capabilities: smbios-2.6 dmi-2.6 vsyscall64 vsyscall32
configuration: administrator_password=disabled boot=normal chassis=tower power-on_password=disabled uuid=FA52943F-8A0D-4F4E-8200-00199993428A
*-core
description: Motherboard
product: D2917-A1
vendor: FUJITSU
physical id: 0
version: S26361-D2917-A1
serial: B0CD9A26
*-firmware
description: BIOS
vendor: FUJITSU // Phoenix Technologies Ltd.
physical id: 0
version: 6.00 R1.20.2917.A1 (08/18/2010)
size: 120KiB
capacity: 8128KiB
capabilities: pci pnp upgrade shadowing escd cdboot bootselect edd int13floppynec int13floppytoshiba int13floppy360 int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer int10video acpi usb ls120boot zipboot biosbootspecification
*-cpu
description: CPU
product: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
vendor: Intel Corp.
physical id: 4
bus info: cpu@0
version: Intel(R) Core(TM) i5 CPU 660
slot: CPU
size: 1197MHz
capacity: 3333MHz
width: 64 bits
clock: 133MHz
capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp x86-64 constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt aes lahf_lm ida arat tpr_shadow vnmi flexpriority ept vpid cpufreq
*-cache:0
description: L1 cache
physical id: 5
slot: L1 Cache
size: 128KiB
capacity: 128KiB
capabilities: internal write-through unified
*-cache:1
description: L2 cache
physical id: 6
slot: L2 Cache
size: 512KiB
capacity: 512KiB
capabilities: internal write-through unified
*-cache:2
description: L3 cache
physical id: 7
slot: L3 Cache
size: 4MiB
capacity: 4MiB
capabilities: internal write-back unified
*-memory
description: System Memory
physical id: 30
slot: System board or motherboard
size: 4GiB
*-bank:0
description: DIMM Synchronous 1333 MHz (0.8 ns)
product: M378B5773CH0-CH9
vendor: 80CE
physical id: 0
serial: 66B42050
slot: Slot-1
size: 2GiB
width: 64 bits
clock: 1333MHz (0.8ns)
*-bank:1
description: DIMM Synchronous 1333 MHz (0.8 ns) [empty]
physical id: 1
slot: Slot-3
clock: 1333MHz (0.8ns)
*-bank:2
description: DIMM Synchronous 1333 MHz (0.8 ns)
product: M378B5773CH0-CH9
vendor: 80CE
physical id: 2
serial: 66B41F5A
slot: Slot-2
size: 2GiB
width: 64 bits
clock: 1333MHz (0.8ns)
*-bank:3
description: DIMM Synchronous 1333 MHz (0.8 ns) [empty]
physical id: 3
slot: Slot-4
clock: 1333MHz (0.8ns)
*-pci:0
description: Host bridge
product: Core Processor DRAM Controller
vendor: Intel Corporation
physical id: 100
bus info: pci@0000:00:00.0
version: 02
width: 32 bits
clock: 33MHz
*-pci:0
description: PCI bridge
product: Core Processor PCI Express x16 Root Port
vendor: Intel Corporation
physical id: 1
bus info: pci@0000:00:01.0
version: 02
width: 32 bits
clock: 33MHz
capabilities: pci pm msi pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:40 ioport:2000(size=4096) memory:f0000000-f2ffffff ioport:d0000000(size=268435456)
*-display
description: VGA compatible controller
product: G96 [Quadro FX 580]
vendor: nVidia Corporation
physical id: 0
bus info: pci@0000:01:00.0
version: a1
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress vga_controller bus_master cap_list rom
configuration: driver=nouveau latency=0
resources: irq:16 memory:f2000000-f2ffffff memory:d0000000-dfffffff memory:f0000000-f1ffffff ioport:2000(size=128)
*-communication:0 UNCLAIMED
description: Communication controller
product: 5 Series/3400 Series Chipset HECI Controller
vendor: Intel Corporation
physical id: 16
bus info: pci@0000:00:16.0
version: 06
width: 64 bits
clock: 33MHz
capabilities: pm msi bus_master cap_list
configuration: latency=0
resources: memory:f3324000-f332400f
*-ide UNCLAIMED
description: IDE interface
product: 5 Series/3400 Series Chipset PT IDER Controller
vendor: Intel Corporation
physical id: 16.2
bus info: pci@0000:00:16.2
version: 06
width: 32 bits
clock: 66MHz
capabilities: ide pm msi cap_list
configuration: latency=0
resources: ioport:18a0(size=8) ioport:1894(size=4) ioport:1898(size=8) ioport:1890(size=4) ioport:1880(size=16)
*-communication:1
description: Serial controller
product: 5 Series/3400 Series Chipset KT Controller
vendor: Intel Corporation
physical id: 16.3
bus info: pci@0000:00:16.3
version: 06
width: 32 bits
clock: 66MHz
capabilities: pm msi 16550 bus_master cap_list
configuration: driver=serial latency=0
resources: irq:21 ioport:18a8(size=8) memory:f3326000-f3326fff
*-network
description: Ethernet interface
product: 82578DM Gigabit Network Connection
vendor: Intel Corporation
physical id: 19
bus info: pci@0000:00:19.0
logical name: eth0
version: 05
serial: 00:19:99:93:42:8a
size: 10MB/s
capacity: 1GB/s
width: 32 bits
clock: 33MHz
capabilities: pm msi bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=e1000e driverversion=1.0.2-k4 duplex=half firmware=0.12-2 ip=152.96.15.94 latency=0 link=yes multicast=yes port=twisted pair speed=10MB/s
resources: irq:45 memory:f3300000-f331ffff memory:f3327000-f3327fff ioport:1820(size=32)
*-usb:0
description: USB Controller
product: 5 Series/3400 Series Chipset USB2 Enhanced Host Controller
vendor: Intel Corporation
physical id: 1a
bus info: pci@0000:00:1a.0
version: 05
width: 32 bits
clock: 33MHz
capabilities: pm debug ehci bus_master cap_list
configuration: driver=ehci_hcd latency=0
resources: irq:19 memory:f3328000-f33283ff
*-multimedia
description: Audio device
product: 5 Series/3400 Series Chipset High Definition Audio
vendor: Intel Corporation
physical id: 1b
bus info: pci@0000:00:1b.0
version: 05
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress bus_master cap_list
configuration: driver=HDA Intel latency=0
resources: irq:46 memory:f3320000-f3323fff
*-pci:1
description: PCI bridge
product: 5 Series/3400 Series Chipset PCI Express Root Port 1
vendor: Intel Corporation
physical id: 1c
bus info: pci@0000:00:1c.0
version: 05
width: 32 bits
clock: 33MHz
capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:41 ioport:3000(size=4096) memory:c0000000-c01fffff ioport:c0200000(size=2097152)
*-pci:2
description: PCI bridge
product: 5 Series/3400 Series Chipset PCI Express Root Port 5
vendor: Intel Corporation
physical id: 1c.4
bus info: pci@0000:00:1c.4
version: 05
width: 32 bits
clock: 33MHz
capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:42 ioport:4000(size=4096) memory:c0400000-c05fffff ioport:c0600000(size=2097152)
*-pci:3
description: PCI bridge
product: 5 Series/3400 Series Chipset PCI Express Root Port 7
vendor: Intel Corporation
physical id: 1c.6
bus info: pci@0000:00:1c.6
version: 05
width: 32 bits
clock: 33MHz
capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:43 ioport:5000(size=4096) memory:c0800000-c09fffff ioport:c0a00000(size=2097152)
*-usb:1
description: USB Controller
product: 5 Series/3400 Series Chipset USB2 Enhanced Host Controller
vendor: Intel Corporation
physical id: 1d
bus info: pci@0000:00:1d.0
version: 05
width: 32 bits
clock: 33MHz
capabilities: pm debug ehci bus_master cap_list
configuration: driver=ehci_hcd latency=0
resources: irq:20 memory:f3329000-f33293ff
*-pci:4
description: PCI bridge
product: 82801 PCI Bridge
vendor: Intel Corporation
physical id: 1e
bus info: pci@0000:00:1e.0
version: a5
width: 32 bits
clock: 33MHz
capabilities: pci subtractive_decode bus_master cap_list
resources: memory:f3000000-f30fffff
*-firewire
description: FireWire (IEEE 1394)
product: FW322/323
vendor: Agere Systems
physical id: 6
bus info: pci@0000:11:06.0
version: 70
width: 32 bits
clock: 33MHz
capabilities: pm ohci bus_master cap_list
configuration: driver=firewire_ohci latency=96 maxlatency=24 mingnt=12
resources: irq:17 memory:f3000000-f3000fff
*-isa
description: ISA bridge
product: 3400 Series Chipset LPC Interface Controller
vendor: Intel Corporation
physical id: 1f
bus info: pci@0000:00:1f.0
version: 05
width: 32 bits
clock: 33MHz
capabilities: isa bus_master cap_list
configuration: latency=0
*-storage
description: SATA controller
product: 5 Series/3400 Series Chipset 6 port SATA AHCI Controller
vendor: Intel Corporation
physical id: 1f.2
bus info: pci@0000:00:1f.2
logical name: scsi0
logical name: scsi1
logical name: scsi2
version: 05
width: 32 bits
clock: 66MHz
capabilities: storage msi pm ahci_1.0 bus_master cap_list emulated
configuration: driver=ahci latency=0
resources: irq:44 ioport:18c0(size=8) ioport:18b4(size=4) ioport:18b8(size=8) ioport:18b0(size=4) ioport:1840(size=32) memory:f332a000-f332a7ff
*-disk:0
description: ATA Disk
product: TOSHIBA THNSFC12
vendor: Toshiba
physical id: 0
bus info: scsi@0:0.0.0
logical name: /dev/sda
version: CJFA
serial: Z03S10DVTH2Z
size: 119GiB (128GB)
capabilities: partitioned partitioned:dos
configuration: ansiversion=5 signature=000e838f
*-volume:0
description: EXT4 volume
vendor: Linux
physical id: 1
bus info: scsi@0:0.0.0,1
logical name: /dev/sda1
version: 1.0
serial: 154e4bc5-aa94-4e1d-9f1c-e6c5cda3ed38
size: 114GiB
capacity: 114GiB
capabilities: primary bootable journaled extended_attributes large_files huge_files dir_nlink extents ext4 ext2 initialized
configuration: created=2011-02-21 12:54:28 filesystem=ext4 lastmountpoint=/�|�/����\[2@�0���Ü/�����7���p������}�/������� modified=2011-02-23 19:15:51 mounted=2011-02-26 12:13:14 state=clean
*-volume:1
description: Extended partition
physical id: 2
bus info: scsi@0:0.0.0,2
logical name: /dev/sda2
size: 5002MiB
capacity: 5002MiB
capabilities: primary extended partitioned partitioned:extended
*-logicalvolume
description: Linux swap / Solaris partition
physical id: 5
logical name: /dev/sda5
capacity: 5002MiB
capabilities: nofs
*-cdrom
description: DVD-RAM writer
product: DVD RW AD-7250H
vendor: Optiarc
physical id: 1
bus info: scsi@1:0.0.0
logical name: /dev/cdrom
logical name: /dev/cdrw
logical name: /dev/dvd
logical name: /dev/dvdrw
logical name: /dev/scd0
logical name: /dev/sr0
logical name: /cdrom
version: 1.81
capabilities: removable audio cd-r cd-rw dvd dvd-r dvd-ram
configuration: ansiversion=5 mount.fstype=iso9660 mount.options=ro,noatime state=mounted status=ready
*-medium
physical id: 0
logical name: /dev/cdrom
logical name: /cdrom
configuration: mount.fstype=iso9660 mount.options=ro,noatime state=mounted
*-disk:1
description: ATA Disk
product: ST3500418AS
vendor: Seagate
physical id: 0.0.0
bus info: scsi@2:0.0.0
logical name: /dev/sdb
version: CC47
serial: 9VMVTKY5
size: 465GiB (500GB)
configuration: ansiversion=5 signature=455d63f7
*-serial UNCLAIMED
description: SMBus
product: 5 Series/3400 Series Chipset SMBus Controller
vendor: Intel Corporation
physical id: 1f.3
bus info: pci@0000:00:1f.3
version: 05
width: 64 bits
clock: 33MHz
configuration: latency=0
resources: memory:f332b000-f332b0ff ioport:1860(size=32)
*-pci:1
description: Host bridge
product: Core Processor QuickPath Architecture Generic Non-core Registers
vendor: Intel Corporation
physical id: 101
bus info: pci@0000:ff:00.0
version: 02
width: 32 bits
clock: 33MHz
*-pci:2
description: Host bridge
product: Core Processor QuickPath Architecture System Address Decoder
vendor: Intel Corporation
physical id: 102
bus info: pci@0000:ff:00.1
version: 02
width: 32 bits
clock: 33MHz
*-pci:3
description: Host bridge
product: Core Processor QPI Link 0
vendor: Intel Corporation
physical id: 103
bus info: pci@0000:ff:02.0
version: 02
width: 32 bits
clock: 33MHz
*-pci:4
description: Host bridge
product: Core Processor QPI Physical 0
vendor: Intel Corporation
physical id: 104
bus info: pci@0000:ff:02.1
version: 02
width: 32 bits
clock: 33MHz
*-pci:5
description: Host bridge
product: Core Processor Reserved
vendor: Intel Corporation
physical id: 105
bus info: pci@0000:ff:02.2
version: 02
width: 32 bits
clock: 33MHz
*-pci:6
description: Host bridge
product: Core Processor Reserved
vendor: Intel Corporation
physical id: 106
bus info: pci@0000:ff:02.3
version: 02
width: 32 bits
clock: 33MHz
*-power UNCLAIMED
description: S26113-E548-V50
physical id: 1
version: GS01 REV04
serial: 059863
capacity: 300mWh
ubuntu@ubuntu:~$ sudo lspci -nn
00:00.0 Host bridge [0600]: Intel Corporation Core Processor DRAM Controller [8086:0040] (rev 02)
00:01.0 PCI bridge [0604]: Intel Corporation Core Processor PCI Express x16 Root Port [8086:0041] (rev 02)
00:16.0 Communication controller [0780]: Intel Corporation 5 Series/3400 Series Chipset HECI Controller [8086:3b64] (rev 06)
00:16.2 IDE interface [0101]: Intel Corporation 5 Series/3400 Series Chipset PT IDER Controller [8086:3b66] (rev 06)
00:16.3 Serial controller [0700]: Intel Corporation 5 Series/3400 Series Chipset KT Controller [8086:3b67] (rev 06)
00:19.0 Ethernet controller [0200]: Intel Corporation 82578DM Gigabit Network Connection [8086:10ef] (rev 05)
00:1a.0 USB Controller [0c03]: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller [8086:3b3c] (rev 05)
00:1b.0 Audio device [0403]: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio [8086:3b56] (rev 05)
00:1c.0 PCI bridge [0604]: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 [8086:3b42] (rev 05)
00:1c.4 PCI bridge [0604]: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 5 [8086:3b4a] (rev 05)
00:1c.6 PCI bridge [0604]: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 7 [8086:3b4e] (rev 05)
00:1d.0 USB Controller [0c03]: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller [8086:3b34] (rev 05)
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 PCI Bridge [8086:244e] (rev a5)
00:1f.0 ISA bridge [0601]: Intel Corporation 3400 Series Chipset LPC Interface Controller [8086:3b16] (rev 05)
00:1f.2 SATA controller [0106]: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller [8086:3b22] (rev 05)
00:1f.3 SMBus [0c05]: Intel Corporation 5 Series/3400 Series Chipset SMBus Controller [8086:3b30] (rev 05)
01:00.0 VGA compatible controller [0300]: nVidia Corporation G96 [Quadro FX 580] [10de:0659] (rev a1)
11:06.0 FireWire (IEEE 1394) [0c00]: Agere Systems FW322/323 [11c1:5811] (rev 70)
ff:00.0 Host bridge [0600]: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers [8086:2c61] (rev 02)
ff:00.1 Host bridge [0600]: Intel Corporation Core Processor QuickPath Architecture System Address Decoder [8086:2d01] (rev 02)
ff:02.0 Host bridge [0600]: Intel Corporation Core Processor QPI Link 0 [8086:2d10] (rev 02)
ff:02.1 Host bridge [0600]: Intel Corporation Core Processor QPI Physical 0 [8086:2d11] (rev 02)
ff:02.2 Host bridge [0600]: Intel Corporation Core Processor Reserved [8086:2d12] (rev 02)
ff:02.3 Host bridge [0600]: Intel Corporation Core Processor Reserved [8086:2d13] (rev 02)
ubuntu@ubuntu:~$ sudo lspci -v
00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 02)
Subsystem: Fujitsu Technology Solutions Device 1168
Flags: bus master, fast devsel, latency 0
Capabilities: [e0] Vendor Specific Information: Len=0c <?>
Kernel modules: intel-agp
00:01.0 PCI bridge: Intel Corporation Core Processor PCI Express x16 Root Port (rev 02) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0
Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
I/O behind bridge: 00002000-00002fff
Memory behind bridge: f0000000-f2ffffff
Prefetchable memory behind bridge: 00000000d0000000-00000000dfffffff
Capabilities: [88] Subsystem: Fujitsu Technology Solutions Device 1168
Capabilities: [80] Power Management version 3
Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [a0] Express Root Port (Slot+), MSI 00
Capabilities: [100] Virtual Channel
Kernel driver in use: pcieport
Kernel modules: shpchp
00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06)
Subsystem: Fujitsu Technology Solutions Device 1168
Flags: bus master, fast devsel, latency 0, IRQ 11
Memory at f3324000 (64-bit, non-prefetchable) [size=16]
Capabilities: [50] Power Management version 3
Capabilities: [8c] MSI: Enable- Count=1/1 Maskable- 64bit+
00:16.2 IDE interface: Intel Corporation 5 Series/3400 Series Chipset PT IDER Controller (rev 06) (prog-if 85 [Master SecO PriO])
Subsystem: Fujitsu Technology Solutions Device 1168
Flags: 66MHz, fast devsel, IRQ 22
I/O ports at 18a0 [size=8]
I/O ports at 1894 [size=4]
I/O ports at 1898 [size=8]
I/O ports at 1890 [size=4]
I/O ports at 1880 [size=16]
Capabilities: [c8] Power Management version 3
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
00:16.3 Serial controller: Intel Corporation 5 Series/3400 Series Chipset KT Controller (rev 06) (prog-if 02 [16550])
Subsystem: Fujitsu Technology Solutions Device 1168
Flags: bus master, 66MHz, fast devsel, latency 0, IRQ 21
I/O ports at 18a8 [size=8]
Memory at f3326000 (32-bit, non-prefetchable) [size=4K]
Capabilities: [c8] Power Management version 3
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Kernel driver in use: serial
00:19.0 Ethernet controller: Intel Corporation 82578DM Gigabit Network Connection (rev 05)
Subsystem: Fujitsu Technology Solutions Device 1174
Flags: bus master, fast devsel, latency 0, IRQ 45
Memory at f3300000 (32-bit, non-prefetchable) [size=128K]
Memory at f3327000 (32-bit, non-prefetchable) [size=4K]
I/O ports at 1820 [size=32]
Capabilities: [c8] Power Management version 2
Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
Capabilities: [e0] PCI Advanced Features
Kernel driver in use: e1000e
Kernel modules: e1000e
00:1a.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 05) (prog-if 20 [EHCI])
Subsystem: Fujitsu Technology Solutions Device 1167
Flags: bus master, medium devsel, latency 0, IRQ 19
Memory at f3328000 (32-bit, non-prefetchable) [size=1K]
Capabilities: [50] Power Management version 2
Capabilities: [58] Debug port: BAR=1 offset=00a0
Capabilities: [98] PCI Advanced Features
Kernel driver in use: ehci_hcd
00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 05)
Subsystem: Fujitsu Technology Solutions Device 118c
Flags: bus master, fast devsel, latency 0, IRQ 46
Memory at f3320000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [50] Power Management version 2
Capabilities: [60] MSI: Enable+ Count=1/1 Maskable- 64bit+
Capabilities: [70] Express Root Complex Integrated Endpoint, MSI 00
Capabilities: [100] Virtual Channel
Capabilities: [130] Root Complex Link
Kernel driver in use: HDA Intel
Kernel modules: snd-hda-intel
00:1c.0 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 (rev 05) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0
Bus: primary=00, secondary=05, subordinate=05, sec-latency=0
I/O behind bridge: 00003000-00003fff
Memory behind bridge: c0000000-c01fffff
Prefetchable memory behind bridge: 00000000c0200000-00000000c03fffff
Capabilities: [40] Express Root Port (Slot+), MSI 00
Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [90] Subsystem: Fujitsu Technology Solutions Device 1167
Capabilities: [a0] Power Management version 2
Kernel driver in use: pcieport
Kernel modules: shpchp
00:1c.4 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 5 (rev 05) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0
Bus: primary=00, secondary=0d, subordinate=0d, sec-latency=0
I/O behind bridge: 00004000-00004fff
Memory behind bridge: c0400000-c05fffff
Prefetchable memory behind bridge: 00000000c0600000-00000000c07fffff
Capabilities: [40] Express Root Port (Slot+), MSI 00
Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [90] Subsystem: Fujitsu Technology Solutions Device 1167
Capabilities: [a0] Power Management version 2
Kernel driver in use: pcieport
Kernel modules: shpchp
00:1c.6 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 7 (rev 05) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0
Bus: primary=00, secondary=0e, subordinate=0e, sec-latency=0
I/O behind bridge: 00005000-00005fff
Memory behind bridge: c0800000-c09fffff
Prefetchable memory behind bridge: 00000000c0a00000-00000000c0bfffff
Capabilities: [40] Express Root Port (Slot+), MSI 00
Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [90] Subsystem: Fujitsu Technology Solutions Device 1167
Capabilities: [a0] Power Management version 2
Kernel driver in use: pcieport
Kernel modules: shpchp
00:1d.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 05) (prog-if 20 [EHCI])
Subsystem: Fujitsu Technology Solutions Device 1167
Flags: bus master, medium devsel, latency 0, IRQ 20
Memory at f3329000 (32-bit, non-prefetchable) [size=1K]
Capabilities: [50] Power Management version 2
Capabilities: [58] Debug port: BAR=1 offset=00a0
Capabilities: [98] PCI Advanced Features
Kernel driver in use: ehci_hcd
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev a5) (prog-if 01 [Subtractive decode])
Flags: bus master, fast devsel, latency 0
Bus: primary=00, secondary=11, subordinate=11, sec-latency=32
Memory behind bridge: f3000000-f30fffff
Capabilities: [50] Subsystem: Fujitsu Technology Solutions Device 1167
00:1f.0 ISA bridge: Intel Corporation 3400 Series Chipset LPC Interface Controller (rev 05)
Subsystem: Fujitsu Technology Solutions Device 1167
Flags: bus master, medium devsel, latency 0
Capabilities: [e0] Vendor Specific Information: Len=10 <?>
Kernel modules: iTCO_wdt
00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller (rev 05) (prog-if 01 [AHCI 1.0])
Subsystem: Fujitsu Technology Solutions Device 1167
Flags: bus master, 66MHz, medium devsel, latency 0, IRQ 44
I/O ports at 18c0 [size=8]
I/O ports at 18b4 [size=4]
I/O ports at 18b8 [size=8]
I/O ports at 18b0 [size=4]
I/O ports at 1840 [size=32]
Memory at f332a000 (32-bit, non-prefetchable) [size=2K]
Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [70] Power Management version 3
Capabilities: [a8] SATA HBA v1.0
Capabilities: [b0] PCI Advanced Features
Kernel driver in use: ahci
Kernel modules: ahci
00:1f.3 SMBus: Intel Corporation 5 Series/3400 Series Chipset SMBus Controller (rev 05)
Subsystem: Fujitsu Technology Solutions Device 1167
Flags: medium devsel, IRQ 11
Memory at f332b000 (64-bit, non-prefetchable) [size=256]
I/O ports at 1860 [size=32]
Kernel modules: i2c-i801
01:00.0 VGA compatible controller: nVidia Corporation G96 [Quadro FX 580] (rev a1) (prog-if 00 [VGA controller])
Subsystem: nVidia Corporation Device 063a
Physical Slot: 2
Flags: bus master, fast devsel, latency 0, IRQ 16
Memory at f2000000 (32-bit, non-prefetchable) [size=16M]
Memory at d0000000 (64-bit, prefetchable) [size=256M]
Memory at f0000000 (64-bit, non-prefetchable) [size=32M]
I/O ports at 2000 [size=128]
Expansion ROM at <unassigned> [disabled]
Capabilities: [60] Power Management version 3
Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+
Capabilities: [78] Express Endpoint, MSI 00
Capabilities: [b4] Vendor Specific Information: Len=14 <?>
Capabilities: [100] Virtual Channel
Capabilities: [128] Power Budgeting <?>
Capabilities: [600] Vendor Specific Information: ID=0001 Rev=1 Len=024 <?>
Kernel driver in use: nouveau
Kernel modules: nouveau, nvidiafb
11:06.0 FireWire (IEEE 1394): Agere Systems FW322/323 (rev 70) (prog-if 10 [OHCI])
Subsystem: Fujitsu Technology Solutions Device 1026
Flags: bus master, fast Back2Back, medium devsel, latency 96, IRQ 17
Memory at f3000000 (32-bit, non-prefetchable) [size=4K]
Capabilities: [44] Power Management version 2
Kernel driver in use: firewire_ohci
Kernel modules: firewire-ohci, ohci1394
ff:00.0 Host bridge: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers (rev 02)
Subsystem: Intel Corporation Device 8086
Flags: bus master, fast devsel, latency 0
ff:00.1 Host bridge: Intel Corporation Core Processor QuickPath Architecture System Address Decoder (rev 02)
Subsystem: Intel Corporation Device 8086
Flags: bus master, fast devsel, latency 0
ff:02.0 Host bridge: Intel Corporation Core Processor QPI Link 0 (rev 02)
Subsystem: Intel Corporation Device 8086
Flags: bus master, fast devsel, latency 0
ff:02.1 Host bridge: Intel Corporation Core Processor QPI Physical 0 (rev 02)
Subsystem: Intel Corporation Device 8086
Flags: bus master, fast devsel, latency 0
ff:02.2 Host bridge: Intel Corporation Core Processor Reserved (rev 02)
Subsystem: Intel Corporation Device 8086
Flags: bus master, fast devsel, latency 0
ff:02.3 Host bridge: Intel Corporation Core Processor Reserved (rev 02)
Subsystem: Intel Corporation Device 8086
Flags: bus master, fast devsel, latency 0
|
|
From: Cihula, J. <jos...@in...> - 2011-02-24 06:03:06
|
This indicates that the BIOS is not correctly setting up TXT. Please make sure that you’re using the latest BIOS version. If you are, or still see the failure after that, send me the platform model information and BIOS version. Joe From: Sansar Choinyambuu [mailto:sun...@ya...] Sent: Wednesday, February 23, 2011 12:37 PM To: tbo...@li... Subject: [tboot-devel] generic fatal error Hello I've been trying to boot my system with tboot, unsuccessfully. I have Ubuntu 10.10 x86_64 version, kernel 2.6.35-25 installed on Fujitsu celsius 380 PC with Intel® Core™ i5-660 processor, with Intel® 345 chipset. I got the TPM , VT,VT-d,TXT enabled in BIOS. I've installed latest trousers package tpm_tools and taken ownership of my TPM. I've installed tboot-20101005.tar.gz and I've downloaded i5_i7_DUAL_SINIT_18.BIN from tboot sourceforge site. I am not really sure if this SINIT module the correct one for my chipset. ________________________________ My menu.lst configuration: title Ubuntu 10.10, kernel 2.6.35-25-generic w/ Intel(R) Trusted Execution Technology kernel /boot/tboot.gz logging=serial,vga,memory module /boot/vmlinuz-2.6.35-25-generic root=UUID=154e4bc5-aa94-4e1d-9f1c-e6c5cda3ed38 ro quiet splash module /boot/initrd.img-2.6.35-25-generic module /boot/i5_i7_DUAL_SINIT_18.BIN ________________________________ The boot hangs on the display where I could see following lines: TBOOT: Error : write TPM error :0x2. TBOOT: no policy in TPM NV. TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03 TBOOT: CPU is SMX-capable TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: TXT.ERRORCODE=0 TBOOT: LT.ESTS=0 TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03 TBOOT: CPU is SMX-capable TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: Unsupported BIOS data version(4026589891) TBOOT: BIOS data specifies too many CPU's (4026597029) TBOOT: Generic fatal error. TBOOT: TPM: tpm_validate_locality timeout TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_HALT Every answers and insight would be much appreciated. Thanks Sunny |
|
From: Sansar C. <sun...@ya...> - 2011-02-23 20:37:21
|
Hello
I've been trying to boot my system with tboot, unsuccessfully. I have Ubuntu 10.10 x86_64 version, kernel 2.6.35-25 installed on Fujitsu celsius 380 PC with Intel® Core™ i5-660 processor, with Intel® 345 chipset.
I got the TPM , VT,VT-d,TXT enabled in BIOS.
I've installed latest trousers package tpm_tools and taken ownership of my TPM.
I've installed tboot-20101005.tar.gz and I've downloaded i5_i7_DUAL_SINIT_18.BIN from tboot sourceforge site. I am not really sure if this SINIT module the correct one for my chipset.
My menu.lst configuration:
title Ubuntu 10.10, kernel 2.6.35-25-generic w/ Intel(R) Trusted Execution Technologykernel /boot/tboot.gz logging=serial,vga,memorymodule /boot/vmlinuz-2.6.35-25-generic root=UUID=154e4bc5-aa94-4e1d-9f1c-e6c5cda3ed38 ro quiet splashmodule /boot/initrd.img-2.6.35-25-genericmodule /boot/i5_i7_DUAL_SINIT_18.BIN
The boot hangs on the display where I could see following lines:
TBOOT: Error : write TPM error :0x2.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE=0
TBOOT: LT.ESTS=0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff03
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: Unsupported BIOS data version(4026589891)
TBOOT: BIOS data specifies too many CPU's (4026597029)
TBOOT: Generic fatal error.
TBOOT: TPM: tpm_validate_locality timeout
TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_HALT
Every answers and insight would be much appreciated.
Thanks
Sunny
|
|
From: Jonathan M. <jon...@cm...> - 2011-01-27 22:38:16
|
I have no such list at present. Thanks for welcoming the discussion.
-Jon
Sent from my mobile device.
On Jan 27, 2011 2:20 PM, "Cihula, Joseph" <jos...@in...> wrote:
>> From: Jeff Cleveland [mailto:jcl...@bb...]
>> Sent: Thursday, January 27, 2011 2:14 PM
>>
>> It looks like it was the active locality. The function "bool
>> is_tpm_ready(uint32_t locality)" in flicker-02/intel/kmod-2.6.30/tpm.c
>> was not setting the locality to inactive properly. I replaced this with
>> a call to "bool release_locality(uint32_t locality)" from
>> "tboot/common/tpm.c" and it seemed to have fixed it.
>>
>> I'm now getting a weird issue where if I run go.sh twice, the second
>> time SENTER fails. I'll be investigating and post what I find.
>>
>> On a separate note, in the future should I keep flicker related
>> discoveries and issues off this mailing list? I don't want to wear out
>> my welcome by posting unwanted messages related to a different project.
>
> If Jonathan has a mailing list for Flicker then it would be best to post
there and anyone on this list that was interested could just subscribe to it
(as I will do ;-). If he does not, then I am fine with continuing to post
here, as there is not so much traffic that it should cause problems and I am
personally interested in all uses of TXT.
>
> Joe
>
>
>>
>> -Jeff
>>
>> On 01/14/2011 02:39 PM, Jeff Cleveland wrote:
>> > I do not believe the tpm_tis driver was loaded, however if I do load
the
>> > module I get the same error code.
>> >
>> > It does seem the TPM has an active locality. I'm getting the debug
>> > output from this snippet of code in tpm.c:
>> >
>> > /*
>> > * must ensure TPM_ACCESS_0.activeLocality bit is clear
>> > * (: locality is not active)
>> > */
>> > read_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
>> > if ( reg_acc.active_locality != 0 ) {
>> > dbg("(in tpm.c) reg_acc.active_locality != 0\n");
>> > /* make inactive by writing a 1 */
>> > reg_acc.active_locality = 1;
>> > write_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
>> > }
>> >
>> > At this point in the code before it enters the if statement and after
it
>> > exits it reg_acc.active_locality is 1. I changed the line
>> >
>> > reg_acc.active_locality = 1;
>> >
>> > to
>> >
>> > reg_acc.active_locality = 0;
>> >
>> > but even after doing this the value of active_locality is 1. My guess
is
>> > that there is something else I need to do to make it inactive.
>> >
>> > Thanks for the help, this has given me more of a direction to focus on.
>> > -Jeff
>> >
>> > On 01/14/2011 11:50 AM, Jonathan McCune wrote:
>> >> Although there are some distinct error codes for locality access
>> >> problems, you might check whether the Linux TPM driver is active. If
>> >> the TPM has an active locality (which would be locality 1 with Linux's
>> >> tpm_tis), then SENTER will not succeed. The easiest way to test if
>> >> this makes a difference is to boot Linux without loading tpm_tis, then
>> >> try a Flicker session, and see if it makes any difference.
>> >>
>> >> Also, with the SINIT module you're using, ACMOD_SIZE_MAX as defined in
>> >> flicker.h is too small in flicker-0.2. I generally use 64K instead of
>> >> 32K these days. Unfortunately the error handling in flicker-0.2 just
>> >> prints a small warning message and blindly keeps going with an
>> >> incomplete SINIT module if the buffer is too small. However, I would
>> >> expect that you would observe a different failure mode under those
>> >> conditions.
>> >>
>> >> Hope this helps,
>> >> -Jon
>> >>
>> >>
>> >>
>> >> On Fri, Jan 14, 2011 at 10:54 AM, Jeff Cleveland<jcl...@bb...>
wrote:
>> >>> Hi list,
>> >>>
>> >>> My question stems from a TXT error I'm getting while trying to run
>> >>> Flicker. I have a dual core i5 laptop I'm testing on and using the
sinit
>> >>> module i5_i7_DUAL_SINIT_18.bin. During execution of Flicker my
computer
>> >>> reboots, upon startup I see the TXT ERRORCODE 0xc0003cd1, which
parses
>> >>> as acm_type=1, progress=0d, error=f, and according to
sinit_errors.txt
>> >>> that is "TPM PCR 17 was not properly initialized"
>> >>>
>> >>> The MLE Software Development Guide is pretty clear on how PCR 17
should
>> >>> be initialized, and yet I can't find in the Flicker or tboot source
code
>> >>> where this initialization is happening. I was hoping to use the tboot
>> >>> source as a reference because on this machine GETSEC[SENTER] does
>> >>> successfully execute when I try launching tboot (loading the
operating
>> >>> system fails afterwards but I believe thats a kernel configuration
issue
>> >>> I haven't fixed yet).
>> >>>
>> >>> Any advice or pointers to where tboot initializes PCR 17 would be
>> >>> greatly appreciated.
>> >>>
>> >>> Thanks,
>> >>> Jeff
>> >>>
>> >>>
------------------------------------------------------------------------------
>> >>> Protect Your Site and Customers from Malware Attacks
>> >>> Learn about various malware tactics and how to avoid them. Understand
>> >>> malware threats, the impact they can have on your business, and how
you
>> >>> can protect your company and customers by using code signing.
>> >>> http://p.sf.net/sfu/oracle-sfdevnl
>> >>> _______________________________________________
>> >>> tboot-devel mailing list
>> >>> tbo...@li...
>> >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>> >>>
>> >
>>
>>
>> --
>> Jeff Cleveland
>> Raytheon - BBN Technologies
>> 617-873-2515
>> jcl...@bb...
>>
>>
>>
------------------------------------------------------------------------------
>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>> Finally, a world-class log management solution at an even better
price-free!
>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>> February 28th, so secure your free ArcSight Logger TODAY!
>> http://p.sf.net/sfu/arcsight-sfd2d
>> _______________________________________________
>> tboot-devel mailing list
>> tbo...@li...
>> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>
>
------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better
price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> tboot-devel mailing list
> tbo...@li...
> https://lists.sourceforge.net/lists/listinfo/tboot-devel
|
|
From: Cihula, J. <jos...@in...> - 2011-01-27 22:20:16
|
> From: Jeff Cleveland [mailto:jcl...@bb...]
> Sent: Thursday, January 27, 2011 2:14 PM
>
> It looks like it was the active locality. The function "bool
> is_tpm_ready(uint32_t locality)" in flicker-02/intel/kmod-2.6.30/tpm.c
> was not setting the locality to inactive properly. I replaced this with
> a call to "bool release_locality(uint32_t locality)" from
> "tboot/common/tpm.c" and it seemed to have fixed it.
>
> I'm now getting a weird issue where if I run go.sh twice, the second
> time SENTER fails. I'll be investigating and post what I find.
>
> On a separate note, in the future should I keep flicker related
> discoveries and issues off this mailing list? I don't want to wear out
> my welcome by posting unwanted messages related to a different project.
If Jonathan has a mailing list for Flicker then it would be best to post there and anyone on this list that was interested could just subscribe to it (as I will do ;-). If he does not, then I am fine with continuing to post here, as there is not so much traffic that it should cause problems and I am personally interested in all uses of TXT.
Joe
>
> -Jeff
>
> On 01/14/2011 02:39 PM, Jeff Cleveland wrote:
> > I do not believe the tpm_tis driver was loaded, however if I do load the
> > module I get the same error code.
> >
> > It does seem the TPM has an active locality. I'm getting the debug
> > output from this snippet of code in tpm.c:
> >
> > /*
> > * must ensure TPM_ACCESS_0.activeLocality bit is clear
> > * (: locality is not active)
> > */
> > read_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
> > if ( reg_acc.active_locality != 0 ) {
> > dbg("(in tpm.c) reg_acc.active_locality != 0\n");
> > /* make inactive by writing a 1 */
> > reg_acc.active_locality = 1;
> > write_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
> > }
> >
> > At this point in the code before it enters the if statement and after it
> > exits it reg_acc.active_locality is 1. I changed the line
> >
> > reg_acc.active_locality = 1;
> >
> > to
> >
> > reg_acc.active_locality = 0;
> >
> > but even after doing this the value of active_locality is 1. My guess is
> > that there is something else I need to do to make it inactive.
> >
> > Thanks for the help, this has given me more of a direction to focus on.
> > -Jeff
> >
> > On 01/14/2011 11:50 AM, Jonathan McCune wrote:
> >> Although there are some distinct error codes for locality access
> >> problems, you might check whether the Linux TPM driver is active. If
> >> the TPM has an active locality (which would be locality 1 with Linux's
> >> tpm_tis), then SENTER will not succeed. The easiest way to test if
> >> this makes a difference is to boot Linux without loading tpm_tis, then
> >> try a Flicker session, and see if it makes any difference.
> >>
> >> Also, with the SINIT module you're using, ACMOD_SIZE_MAX as defined in
> >> flicker.h is too small in flicker-0.2. I generally use 64K instead of
> >> 32K these days. Unfortunately the error handling in flicker-0.2 just
> >> prints a small warning message and blindly keeps going with an
> >> incomplete SINIT module if the buffer is too small. However, I would
> >> expect that you would observe a different failure mode under those
> >> conditions.
> >>
> >> Hope this helps,
> >> -Jon
> >>
> >>
> >>
> >> On Fri, Jan 14, 2011 at 10:54 AM, Jeff Cleveland<jcl...@bb...> wrote:
> >>> Hi list,
> >>>
> >>> My question stems from a TXT error I'm getting while trying to run
> >>> Flicker. I have a dual core i5 laptop I'm testing on and using the sinit
> >>> module i5_i7_DUAL_SINIT_18.bin. During execution of Flicker my computer
> >>> reboots, upon startup I see the TXT ERRORCODE 0xc0003cd1, which parses
> >>> as acm_type=1, progress=0d, error=f, and according to sinit_errors.txt
> >>> that is "TPM PCR 17 was not properly initialized"
> >>>
> >>> The MLE Software Development Guide is pretty clear on how PCR 17 should
> >>> be initialized, and yet I can't find in the Flicker or tboot source code
> >>> where this initialization is happening. I was hoping to use the tboot
> >>> source as a reference because on this machine GETSEC[SENTER] does
> >>> successfully execute when I try launching tboot (loading the operating
> >>> system fails afterwards but I believe thats a kernel configuration issue
> >>> I haven't fixed yet).
> >>>
> >>> Any advice or pointers to where tboot initializes PCR 17 would be
> >>> greatly appreciated.
> >>>
> >>> Thanks,
> >>> Jeff
> >>>
> >>> ------------------------------------------------------------------------------
> >>> Protect Your Site and Customers from Malware Attacks
> >>> Learn about various malware tactics and how to avoid them. Understand
> >>> malware threats, the impact they can have on your business, and how you
> >>> can protect your company and customers by using code signing.
> >>> http://p.sf.net/sfu/oracle-sfdevnl
> >>> _______________________________________________
> >>> tboot-devel mailing list
> >>> tbo...@li...
> >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel
> >>>
> >
>
>
> --
> Jeff Cleveland
> Raytheon - BBN Technologies
> 617-873-2515
> jcl...@bb...
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> tboot-devel mailing list
> tbo...@li...
> https://lists.sourceforge.net/lists/listinfo/tboot-devel
|
|
From: Jeff C. <jcl...@bb...> - 2011-01-27 22:13:47
|
It looks like it was the active locality. The function "bool
is_tpm_ready(uint32_t locality)" in flicker-02/intel/kmod-2.6.30/tpm.c
was not setting the locality to inactive properly. I replaced this with
a call to "bool release_locality(uint32_t locality)" from
"tboot/common/tpm.c" and it seemed to have fixed it.
I'm now getting a weird issue where if I run go.sh twice, the second
time SENTER fails. I'll be investigating and post what I find.
On a separate note, in the future should I keep flicker related
discoveries and issues off this mailing list? I don't want to wear out
my welcome by posting unwanted messages related to a different project.
-Jeff
On 01/14/2011 02:39 PM, Jeff Cleveland wrote:
> I do not believe the tpm_tis driver was loaded, however if I do load the
> module I get the same error code.
>
> It does seem the TPM has an active locality. I'm getting the debug
> output from this snippet of code in tpm.c:
>
> /*
> * must ensure TPM_ACCESS_0.activeLocality bit is clear
> * (: locality is not active)
> */
> read_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
> if ( reg_acc.active_locality != 0 ) {
> dbg("(in tpm.c) reg_acc.active_locality != 0\n");
> /* make inactive by writing a 1 */
> reg_acc.active_locality = 1;
> write_tpm_reg(locality, TPM_REG_ACCESS,®_acc);
> }
>
> At this point in the code before it enters the if statement and after it
> exits it reg_acc.active_locality is 1. I changed the line
>
> reg_acc.active_locality = 1;
>
> to
>
> reg_acc.active_locality = 0;
>
> but even after doing this the value of active_locality is 1. My guess is
> that there is something else I need to do to make it inactive.
>
> Thanks for the help, this has given me more of a direction to focus on.
> -Jeff
>
> On 01/14/2011 11:50 AM, Jonathan McCune wrote:
>> Although there are some distinct error codes for locality access
>> problems, you might check whether the Linux TPM driver is active. If
>> the TPM has an active locality (which would be locality 1 with Linux's
>> tpm_tis), then SENTER will not succeed. The easiest way to test if
>> this makes a difference is to boot Linux without loading tpm_tis, then
>> try a Flicker session, and see if it makes any difference.
>>
>> Also, with the SINIT module you're using, ACMOD_SIZE_MAX as defined in
>> flicker.h is too small in flicker-0.2. I generally use 64K instead of
>> 32K these days. Unfortunately the error handling in flicker-0.2 just
>> prints a small warning message and blindly keeps going with an
>> incomplete SINIT module if the buffer is too small. However, I would
>> expect that you would observe a different failure mode under those
>> conditions.
>>
>> Hope this helps,
>> -Jon
>>
>>
>>
>> On Fri, Jan 14, 2011 at 10:54 AM, Jeff Cleveland<jcl...@bb...> wrote:
>>> Hi list,
>>>
>>> My question stems from a TXT error I'm getting while trying to run
>>> Flicker. I have a dual core i5 laptop I'm testing on and using the sinit
>>> module i5_i7_DUAL_SINIT_18.bin. During execution of Flicker my computer
>>> reboots, upon startup I see the TXT ERRORCODE 0xc0003cd1, which parses
>>> as acm_type=1, progress=0d, error=f, and according to sinit_errors.txt
>>> that is "TPM PCR 17 was not properly initialized"
>>>
>>> The MLE Software Development Guide is pretty clear on how PCR 17 should
>>> be initialized, and yet I can't find in the Flicker or tboot source code
>>> where this initialization is happening. I was hoping to use the tboot
>>> source as a reference because on this machine GETSEC[SENTER] does
>>> successfully execute when I try launching tboot (loading the operating
>>> system fails afterwards but I believe thats a kernel configuration issue
>>> I haven't fixed yet).
>>>
>>> Any advice or pointers to where tboot initializes PCR 17 would be
>>> greatly appreciated.
>>>
>>> Thanks,
>>> Jeff
>>>
>>> ------------------------------------------------------------------------------
>>> Protect Your Site and Customers from Malware Attacks
>>> Learn about various malware tactics and how to avoid them. Understand
>>> malware threats, the impact they can have on your business, and how you
>>> can protect your company and customers by using code signing.
>>> http://p.sf.net/sfu/oracle-sfdevnl
>>> _______________________________________________
>>> tboot-devel mailing list
>>> tbo...@li...
>>> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>>>
>
--
Jeff Cleveland
Raytheon - BBN Technologies
617-873-2515
jcl...@bb...
|
|
From: Shane W. <sha...@in...> - 2011-01-25 08:24:31
|
This patch is to follow the recommended way in kconfig-language.txt to use HAVE_INTEL_TXT, so to add more explicit dependencies for CONFIG_INTEL_TXT. Signed-off-by: Jonathan McCune <jon...@cm...> Signed-off-by: Shane Wang <sha...@in...> --- Documentation/intel_txt.txt | 4 +++- arch/x86/Kconfig | 5 +---- security/Kconfig | 5 ++++- 3 files changed, 8 insertions(+), 6 deletions(-) diff -r 95e0d1104426 Documentation/intel_txt.txt --- a/Documentation/intel_txt.txt Thu Jan 27 07:04:38 2011 +0800 +++ b/Documentation/intel_txt.txt Thu Jan 27 07:37:23 2011 +0800 @@ -196,7 +196,9 @@ depends on the generic x86 support (to allow maximum flexibility in kernel build options), since the tboot code will detect whether the platform actually supports Intel TXT and thus whether any of the -kernel code is executed. +kernel code is executed. The kernel option for enabling Intel TXT +support will only appear if its dependencies are also enabled. +These are CONFIG_DMAR and CONFIG_ACPI. The Q35_SINIT_17.BIN file is what Intel TXT refers to as an Authenticated Code Module. It is specific to the chipset in the diff -r 95e0d1104426 arch/x86/Kconfig --- a/arch/x86/Kconfig Thu Jan 27 07:04:38 2011 +0800 +++ b/arch/x86/Kconfig Thu Jan 27 07:37:23 2011 +0800 @@ -65,6 +65,7 @@ select HAVE_SPARSE_IRQ select GENERIC_IRQ_PROBE select GENERIC_PENDING_IRQ if SMP + select HAVE_INTEL_TXT config INSTRUCTION_DECODER def_bool (KPROBES || PERF_EVENTS) @@ -199,10 +200,6 @@ config ARCH_SUPPORTS_DEBUG_PAGEALLOC def_bool y -config HAVE_INTEL_TXT - def_bool y - depends on EXPERIMENTAL && DMAR && ACPI - config USE_GENERIC_SMP_HELPERS def_bool y depends on SMP diff -r 95e0d1104426 security/Kconfig --- a/security/Kconfig Thu Jan 27 07:04:38 2011 +0800 +++ b/security/Kconfig Thu Jan 27 07:37:23 2011 +0800 @@ -103,9 +103,12 @@ implement pathname based access controls. If you are unsure how to answer this question, answer N. +config HAVE_INTEL_TXT + bool + config INTEL_TXT bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" - depends on HAVE_INTEL_TXT + depends on HAVE_INTEL_TXT && EXPERIMENTAL && DMAR && ACPI help This option enables support for booting the kernel with the Trusted Boot (tboot) module. This will utilize |
|
From: Américo W. <xiy...@gm...> - 2011-01-25 05:39:34
|
On Thu, Jan 27, 2011 at 02:37:22AM +0800, Shane Wang wrote: >This patch is to follow the recommended way in kconfig-language.txt to use HAVE_INTEL_TXT, so to add more explicit dependencies for CONFIG_INTEL_TXT. > >Signed-off-by: Jonathan McCune <jon...@cm...> >Signed-off-by: Shane Wang <sha...@in...> > Yes, this looks better. Reviewed-by: WANG Cong <xiy...@gm...> |
|
From: Shane W. <sha...@in...> - 2011-01-25 03:18:22
|
This patch is to follow the recommended way in kconfig-language.txt to use HAVE_INTEL_TXT, so to add more explicit dependencies for CONFIG_INTEL_TXT. Signed-off-by: Jonathan McCune <jon...@cm...> Signed-off-by: Shane Wang <sha...@in...> --- arch/x86/Kconfig | 5 +---- security/Kconfig | 5 ++++- 2 files changed, 5 insertions(+), 5 deletions(-) diff -r 2ec3d14a1901 arch/x86/Kconfig --- a/arch/x86/Kconfig Thu Jan 27 00:23:42 2011 +0800 +++ b/arch/x86/Kconfig Thu Jan 27 00:44:49 2011 +0800 @@ -65,6 +65,7 @@ select HAVE_SPARSE_IRQ select GENERIC_IRQ_PROBE select GENERIC_PENDING_IRQ if SMP + select HAVE_INTEL_TXT config INSTRUCTION_DECODER def_bool (KPROBES || PERF_EVENTS) @@ -199,10 +200,6 @@ config ARCH_SUPPORTS_DEBUG_PAGEALLOC def_bool y -config HAVE_INTEL_TXT - def_bool y - depends on EXPERIMENTAL && DMAR && ACPI - config USE_GENERIC_SMP_HELPERS def_bool y depends on SMP diff -r 2ec3d14a1901 security/Kconfig --- a/security/Kconfig Thu Jan 27 00:23:42 2011 +0800 +++ b/security/Kconfig Thu Jan 27 00:44:49 2011 +0800 @@ -103,9 +103,12 @@ implement pathname based access controls. If you are unsure how to answer this question, answer N. +config HAVE_INTEL_TXT + bool + config INTEL_TXT bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" - depends on HAVE_INTEL_TXT + depends on HAVE_INTEL_TXT && EXPERIMENTAL && DMAR && ACPI help This option enables support for booting the kernel with the Trusted Boot (tboot) module. This will utilize |
|
From: Jonathan M. <jon...@cm...> - 2011-01-24 20:38:16
|
Thanks, that thread helps a lot. I was previously unaware of the convention that HAVE_INTEL_TXT is following to better support other architectures. Generally when I can't find a kernel config option I use the forward-slash search command. Searching for TXT turns up the relevant CONFIG_INTEL_TXT CONFIG_HAVE_INTEL_TXT entries, but their dependencies are not identified completely in the help text, so it still strikes me as impossible to learn that _DMAR and _PCI_MSI are required without actually looking in the Kconfig files. Here is a screenshot showing the search results for TXT in `make menuconfig` with vanilla linux 2.6.37: http://sparrow.ece.cmu.edu/~jmmccune/search_TXT.jpg My intention was to convey that if CONFIG_DMAR and CONFIG_PCI_MSI (pre-req for DMAR) are not enabled, then the TXT options will not appear. I am somewhat surprised that `make menuconfig` is not displaying those dependencies since they are already in Kconfig for HAVE_INTEL_TXT. I don't know enough about the kernel build process to know why they might be omitted from the help text. Thoughts? Thanks, -Jon On Sun, Jan 23, 2011 at 8:05 PM, Wang, Shane <sha...@in...> wrote: > HAVE_INTEL_TXT definition is in arch/x86/Kconfig. It is the same as your patch. > When we put it into x86 folder, we intend to disable all TXT code on non-x86 platforms currently. > > config HAVE_INTEL_TXT > def_bool y > depends on EXPERIMENTAL && DMAR && ACPI > > The story is at the threads beginning with http://lkml.org/lkml/2009/6/30/664. > > Thanks. > Shane > >> -----Original Message----- >> From: Jonathan McCune [mailto:jon...@cm...] >> Sent: Saturday, January 22, 2011 3:10 AM >> To: tbo...@li... >> Subject: Re: [tboot-devel] [PATCH, TRIVIAL] Add more explicit dependencies >> for CONFIG_INTEL_TXT >> >> Hi Joe et al., >> >> What is the thinking behind the HAVE_INTEL_TXT option? Is the >> intention to disable all TXT-related code on non-x86 platforms? >> Wouldn't it be cleaner to add a dependency such as CONFIG_X86 to the >> CONFIG_INTEL_TXT line, instead of the pseudo-automatic >> HAVE_INTEL_TXT? >> >> Thanks, >> -Jon >> >> >> >> On Fri, Jan 21, 2011 at 1:58 PM, Randy Dunlap <rd...@xe...> >> wrote: >> > On Fri, 21 Jan 2011 13:39:19 -0500 Jonathan McCune wrote: >> > >> >> This patch makes the documentation slightly more explicit about how to >> >> enable Intel TXT support in the kernel, and adds two dependencies to >> >> the relevant option in Kconfig. Without this patch it is difficult to >> >> determine how to enable Intel TXT support without some knowledge of >> >> Kconfig. >> >> >> >> Signed-off-by: Jonathan McCune <jon...@cm...> >> >> >> >> --- >> >> Documentation/intel_txt.txt | 4 +++- >> >> security/Kconfig | 2 +- >> >> 2 files changed, 4 insertions(+), 2 deletions(-) >> >> >> >> diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt >> >> index 849de1a..8487f76 100644 >> >> --- a/Documentation/intel_txt.txt >> >> +++ b/Documentation/intel_txt.txt >> >> @@ -196,7 +196,9 @@ Execution Technology (TXT)". It is marked as >> >> EXPERIMENTAL and >> >> depends on the generic x86 support (to allow maximum flexibility in >> >> kernel build options), since the tboot code will detect whether the >> >> platform actually supports Intel TXT and thus whether any of the >> >> -kernel code is executed. >> >> +kernel code is executed. The kernel option for enabling Intel TXT >> >> +support will only appear if its dependencies are also enabled. >> >> +These are CONFIG_DMAR and CONFIG_PCI_MSI. >> > >> > Shouldn't that comment match the "depends on" line below?? >> > >> > >> >> The Q35_SINIT_17.BIN file is what Intel TXT refers to as an >> >> Authenticated Code Module. It is specific to the chipset in the >> >> diff --git a/security/Kconfig b/security/Kconfig >> >> index 95accd4..5fd4e35 100644 >> >> --- a/security/Kconfig >> >> +++ b/security/Kconfig >> >> @@ -136,7 +136,7 @@ config SECURITY_PATH >> >> >> >> config INTEL_TXT >> >> bool "Enable Intel(R) Trusted Execution Technology (Intel(R) >> TXT)" >> >> - depends on HAVE_INTEL_TXT >> >> + depends on HAVE_INTEL_TXT && EXPERIMENTAL && DMAR && >> ACPI >> >> help >> >> This option enables support for booting the kernel with the >> >> Trusted Boot (tboot) module. This will utilize >> >> -- >> > >> > >> > --- >> > ~Randy >> > *** Remember to use Documentation/SubmitChecklist when testing your >> code *** >> > >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> tboot-devel mailing list >> tbo...@li... >> https://lists.sourceforge.net/lists/listinfo/tboot-devel > |
15 messages has been excluded from this view by a project administrator.
