Menu
▾
▴
tboot-devel — Developer support
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(19) |
Feb
(24) |
Mar
(8) |
Apr
(14) |
May
(8) |
Jun
(10) |
Jul
(14) |
Aug
(3) |
Sep
(13) |
Oct
(27) |
Nov
(39) |
Dec
(24) |
| 2009 |
Jan
(19) |
Feb
(4) |
Mar
(2) |
Apr
(15) |
May
|
Jun
(2) |
Jul
(44) |
Aug
(21) |
Sep
(20) |
Oct
(2) |
Nov
(1) |
Dec
(7) |
| 2010 |
Jan
(7) |
Feb
(10) |
Mar
(2) |
Apr
(12) |
May
(7) |
Jun
(2) |
Jul
(18) |
Aug
(11) |
Sep
(4) |
Oct
(25) |
Nov
(8) |
Dec
(1) |
| 2011 |
Jan
(27) |
Feb
(2) |
Mar
(19) |
Apr
(8) |
May
(16) |
Jun
(11) |
Jul
(9) |
Aug
(9) |
Sep
(35) |
Oct
(9) |
Nov
(8) |
Dec
(32) |
| 2012 |
Jan
(37) |
Feb
(20) |
Mar
(2) |
Apr
(24) |
May
(4) |
Jun
(3) |
Jul
(5) |
Aug
(21) |
Sep
(8) |
Oct
(15) |
Nov
(1) |
Dec
(7) |
| 2013 |
Jan
(4) |
Feb
(8) |
Mar
(38) |
Apr
(9) |
May
(42) |
Jun
(4) |
Jul
(21) |
Aug
(4) |
Sep
|
Oct
(7) |
Nov
(2) |
Dec
(3) |
| 2014 |
Jan
(8) |
Feb
(8) |
Mar
(5) |
Apr
(9) |
May
(19) |
Jun
(1) |
Jul
(10) |
Aug
(25) |
Sep
(6) |
Oct
(2) |
Nov
(5) |
Dec
(1) |
| 2015 |
Jan
|
Feb
|
Mar
(5) |
Apr
|
May
(12) |
Jun
|
Jul
(2) |
Aug
(5) |
Sep
(11) |
Oct
(5) |
Nov
(3) |
Dec
(1) |
| 2016 |
Jan
(2) |
Feb
(24) |
Mar
|
Apr
(6) |
May
(26) |
Jun
(20) |
Jul
(8) |
Aug
(15) |
Sep
(21) |
Oct
(1) |
Nov
(7) |
Dec
(24) |
| 2017 |
Jan
(12) |
Feb
(2) |
Mar
(6) |
Apr
(8) |
May
(18) |
Jun
(13) |
Jul
(12) |
Aug
(8) |
Sep
(5) |
Oct
(1) |
Nov
|
Dec
|
| 2018 |
Jan
(2) |
Feb
(12) |
Mar
(8) |
Apr
(5) |
May
(7) |
Jun
(1) |
Jul
(4) |
Aug
(8) |
Sep
(2) |
Oct
(3) |
Nov
(4) |
Dec
(3) |
| 2019 |
Jan
(8) |
Feb
|
Mar
(2) |
Apr
|
May
(3) |
Jun
(4) |
Jul
(1) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2020 |
Jan
(25) |
Feb
(12) |
Mar
(2) |
Apr
(13) |
May
(44) |
Jun
(9) |
Jul
|
Aug
(3) |
Sep
(5) |
Oct
(4) |
Nov
(2) |
Dec
|
| 2021 |
Jan
(6) |
Feb
|
Mar
(7) |
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
(16) |
Sep
(4) |
Oct
(6) |
Nov
(1) |
Dec
(6) |
| 2022 |
Jan
(5) |
Feb
(4) |
Mar
(22) |
Apr
(6) |
May
(4) |
Jun
(17) |
Jul
(2) |
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(2) |
| 2023 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2024 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(3) |
|
From: Prashant K. <pra...@gm...> - 2010-11-22 06:44:48
|
Hello all,
I am trying installing tboot, but I have several problems. My PC is HP
Compaq 6000 Pro microtower ("Intel Core-2-due E8400 processor" and "Intel
Q43 chipset") with Fedora 13.
I have downloaded SINIT(Q45_Q43_SINIT_19.BIN) and tboot-20101005.tar.gz.
I compiled the "tboot-20101005" sorce code and following is my grub.conf I
have modified.
title Fedora (2.6.36 )
root (hd0,0)
kernel /tboot.gz logging=serial,vga,memory
module /vmlinuz-2.6.36 ro root=LABEL=/ rhgb quiet intel_iommu=on
console=ttyS0,115200
module /initrd-2.6.36.img
module /Q45_Q43_SINIT_19.BIN
But I am getting following error message whenever booting this kernel,
TBOOT:mod_num:0
TBOOT:PCR:None
TBOOT:hash_Type:TB_HType_Any
TBOOT:num hashesh:0
TBOOT:policy entry [1]
TBOOT:mod_num any
TBOOT:pcr:19
TBOOT:hash_Type:TB_HType_Any
TBOOT:num_hashesh:0
TBOOT:TPM: Write n11 20000002, offset 000000,000004 bytes return=000000
TBOOT:CPU is SMX_capable
TBOOT:Error:SENTERT disabled by feature control MSR(d)
TBOOT:SMX not supported
TBOOT:no LCP Module found
TBOOT:Error: ELF margin number not matched
TBOOT:Assuming kernel is linux format
TBOOT:initrd from 0x7b208000 to 0x7b9a1400
TBOOT:kernel (procted mode) from 0x0c000000 to 0xf415c0
TBOOT:kernel (real mode) from 0x90000 to 0x94200
TBOOT:Trasfering control to kernel !0xc00000
Can someone help me solve this problem?
Do you have any suggestions?
Thanks very much.
-- Prashant Kulkarni
|
|
From: Cihula, J. <jos...@in...> - 2010-11-04 17:02:04
|
First, your TPM is reporting incorrect timeout values:
TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0
but tboot will detect this and set them to the defaults.
BIOS is not enabling TXT:
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
This indicates that only VT is enabled. You need to enable TXT in the BIOS (assuming it supports TXT).
In your GRUB config, you should duplicate the module name so that tboot will get it (GRUB2 difference):
multiboot /boot/tboot.gz placeholder logging=serial,vga,memory
e.g. replace 'placeholder' with 'tboot.gz' and do this for every module entry.
gigabyte P55A-UD5
On the GIGABYTE website I wasn't able to find any indication whether this mb/BIOS supports TXT. The CPU and chipset do. So you would need to contact GIGABTYE to find out whether this system supports TXT.
Joe
From: Jungho Song [mailto:jh...@ca...]
Sent: Wednesday, November 03, 2010 11:24 PM
To: tbo...@li...
Subject: [tboot-devel] IA32_FEATURE_CONTROL_MSR problem
TBOOT: ******************* TBOOT *******************
TBOOT: unavailable
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009f800 (1)
TBOOT: 000000000009f800 - 00000000000a0000 (2)
TBOOT: 00000000000f0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000df7a0000 (1)
TBOOT: 00000000df7a0000 - 00000000df7d2000 (4)
TBOOT: 00000000df7d2000 - 00000000df7e0000 (2)
TBOOT: 00000000df7e0000 - 00000000df800000 (2)
TBOOT: 00000000f4000000 - 00000000f8000000 (2)
TBOOT: 00000000fec00000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000120000000 (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: FALSE
TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 4
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35 49
TBOOT: hashes[1]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35 49
TBOOT: hashes[2]: db 47 fa 5f 2d 10 75 9b 82 fd 45 f6 7f 2c 85 8e f4 b1 71 86
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 99 c8 25 17 7e de 00 14 61 04 f4 d7 48 fa a7 74 19 2d de 78
TBOOT: hashes[1]: 8a 6e 89 56 e1 60 8f a1 27 20 dc f1 6a 0c c8 05 55 dd 85 0d
TBOOT: hashes[2]: e7 d5 eb 17 7f cc 06 30 38 93 e3 95 2e 5a 63 e8 a3 f0 11 1e
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 2
TBOOT: hashes[0]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf 49
TBOOT: hashes[1]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf 49
TBOOT: policy entry[3]:
TBOOT: mod_num: 3
TBOOT: pcr: 20
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 92 b8 4f 5b 0f 57 1a fd 7f 3a b3 67 af 43 06 60 a6 f4 f9 09
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: CPU is VMX-capable
TBOOT: ERR: VMXON disabled by feature control MSR (5)
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE=0
TBOOT: LT.ESTS=0
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: CPU is VMX-capable
TBOOT: ERR: VMXON disabled by feature control MSR (5)
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: unsupported BIOS data version (4026589891)
TBOOT: BIOS data specifies too many CPUs (4026597029)
TBOOT: generic fatal error.
TBOOT: TPM: tpm_validate_locality timeout
TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_HALT
TBOOT: ******************* TBOOT *******************
TBOOT: unavailable
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009f800 (1)
TBOOT: 000000000009f800 - 00000000000a0000 (2)
TBOOT: 00000000000f0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000df7a0000 (1)
TBOOT: 00000000df7a0000 - 00000000df7d2000 (4)
TBOOT: 00000000df7d2000 - 00000000df7e0000 (2)
TBOOT: 00000000df7e0000 - 00000000df800000 (2)
TBOOT: 00000000f4000000 - 00000000f8000000 (2)
TBOOT: 00000000fec00000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000120000000 (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: FALSE
TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 4
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35 49
TBOOT: hashes[1]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35 49
TBOOT: hashes[2]: db 47 fa 5f 2d 10 75 9b 82 fd 45 f6 7f 2c 85 8e f4 b1 71 86
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 99 c8 25 17 7e de 00 14 61 04 f4 d7 48 fa a7 74 19 2d de 78
TBOOT: hashes[1]: 8a 6e 89 56 e1 60 8f a1 27 20 dc f1 6a 0c c8 05 55 dd 85 0d
TBOOT: hashes[2]: e7 d5 eb 17 7f cc 06 30 38 93 e3 95 2e 5a 63 e8 a3 f0 11 1e
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 2
TBOOT: hashes[0]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf 49
TBOOT: hashes[1]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf 49
TBOOT: policy entry[3]:
TBOOT: mod_num: 3
TBOOT: pcr: 20
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 92 b8 4f 5b 0f 57 1a fd 7f 3a b3 67 af 43 06 60 a6 f4 f9 09
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: SMX not supported.
TBOOT: no LCP module found
TBOOT: kernel is ELF format
TBOOT: transfering control to kernel @0x100000...
CPU : i7 860 (2.8)
M/B : gigabyte P55A-UD5
Tboot : 20101015 version
XEN : 4.0.1
grub.cfg (grub2)
menuentry 'Xen 4.0.1 / Debian Linux 2.6.32.23 / Intel(R) Trusted Execution Technology'
{
insmod part_msdos
insmod ext2
set root='(hd0,msdos1)'
search --no-floppy --fs-uuid --set 02d55450-a706-4474-8aec-f4632c1f0792
echo 'tBoot with Xen 4.0.1 / Linux 2.6.32.23 ...'
multiboot /boot/tboot.gz placeholder logging=serial,vga,memory
module /boot/xen-4.0.1.gz console=com1,vga com1=115200,8n1
module /boot/vmlinuz-2.6.32.23 placeholder root=UUID=02d55450-a706-4474-8aec-f4632c1f0792 ro quieti
echo 'Loading initial ramdisk ...'
module /boot/initrd.img-2.6.32.23
echo 'SINIT ...'
module /boot/i7_QUAD_SINIT_20.BIN
}
--------------------------------------------------------------------------------------------------------------------------------
problem is that I can set up feature_control_msr to ff0f.
so, tboot can't execute 'SENTER' instruction.
I think it may be M/B or BIOS problem.
why feature_control_msr value is 5 ?
I can't find reason of that..
thx to read
from jhSong
|
|
From: Jungho S. <jh...@ca...> - 2010-11-04 11:21:50
|
I have a problem with tboot. I think it is about M/B issue. I use gigabyte P55A-UD5 M/B. I want to know M/B list that can support tboot. thx to read. from jh Song |
|
From: Jungho S. <jh...@ca...> - 2010-11-04 07:34:09
|
TBOOT: ******************* TBOOT *******************
TBOOT: unavailable
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009f800 (1)
TBOOT: 000000000009f800 - 00000000000a0000 (2)
TBOOT: 00000000000f0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000df7a0000 (1)
TBOOT: 00000000df7a0000 - 00000000df7d2000 (4)
TBOOT: 00000000df7d2000 - 00000000df7e0000 (2)
TBOOT: 00000000df7e0000 - 00000000df800000 (2)
TBOOT: 00000000f4000000 - 00000000f8000000 (2)
TBOOT: 00000000fec00000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000120000000 (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: FALSE
TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 4
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35
49
TBOOT: hashes[1]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35
49
TBOOT: hashes[2]: db 47 fa 5f 2d 10 75 9b 82 fd 45 f6 7f 2c 85 8e f4 b1 71
86
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 99 c8 25 17 7e de 00 14 61 04 f4 d7 48 fa a7 74 19 2d de
78
TBOOT: hashes[1]: 8a 6e 89 56 e1 60 8f a1 27 20 dc f1 6a 0c c8 05 55 dd 85
0d
TBOOT: hashes[2]: e7 d5 eb 17 7f cc 06 30 38 93 e3 95 2e 5a 63 e8 a3 f0 11
1e
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 2
TBOOT: hashes[0]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf
49
TBOOT: hashes[1]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf
49
TBOOT: policy entry[3]:
TBOOT: mod_num: 3
TBOOT: pcr: 20
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 92 b8 4f 5b 0f 57 1a fd 7f 3a b3 67 af 43 06 60 a6 f4 f9
09
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: CPU is VMX-capable
TBOOT: ERR: VMXON disabled by feature control MSR (5)
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE=0
TBOOT: LT.ESTS=0
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: CPU is VMX-capable
TBOOT: ERR: VMXON disabled by feature control MSR (5)
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: unsupported BIOS data version (4026589891)
TBOOT: BIOS data specifies too many CPUs (4026597029)
TBOOT: generic fatal error.
TBOOT: TPM: tpm_validate_locality timeout
TBOOT: shutdown_system() called for shutdown_type: TB_SHUTDOWN_HALT
TBOOT: ******************* TBOOT *******************
TBOOT: unavailable
TBOOT: *********************************************
TBOOT: command line: logging=serial,vga,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009f800 (1)
TBOOT: 000000000009f800 - 00000000000a0000 (2)
TBOOT: 00000000000f0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 00000000df7a0000 (1)
TBOOT: 00000000df7a0000 - 00000000df7d2000 (4)
TBOOT: 00000000df7d2000 - 00000000df7e0000 (2)
TBOOT: 00000000df7e0000 - 00000000df800000 (2)
TBOOT: 00000000f4000000 - 00000000f8000000 (2)
TBOOT: 00000000fec00000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000120000000 (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: FALSE
TBOOT: TPM timeout values: A: 0, B: 0, C: 2, D: 0
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 4
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35
49
TBOOT: hashes[1]: 63 39 a5 b6 9e 3b 1a b3 e8 4c f6 1f 7b fb 9d f4 ce 73 35
49
TBOOT: hashes[2]: db 47 fa 5f 2d 10 75 9b 82 fd 45 f6 7f 2c 85 8e f4 b1 71
86
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 3
TBOOT: hashes[0]: 99 c8 25 17 7e de 00 14 61 04 f4 d7 48 fa a7 74 19 2d de
78
TBOOT: hashes[1]: 8a 6e 89 56 e1 60 8f a1 27 20 dc f1 6a 0c c8 05 55 dd 85
0d
TBOOT: hashes[2]: e7 d5 eb 17 7f cc 06 30 38 93 e3 95 2e 5a 63 e8 a3 f0 11
1e
TBOOT: policy entry[2]:
TBOOT: mod_num: 2
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 2
TBOOT: hashes[0]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf
49
TBOOT: hashes[1]: 94 89 7e 63 5b c6 9b 44 83 84 0a ec c8 c0 11 13 89 e9 bf
49
TBOOT: policy entry[3]:
TBOOT: mod_num: 3
TBOOT: pcr: 20
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 92 b8 4f 5b 0f 57 1a fd 7f 3a b3 67 af 43 06 60 a6 f4 f9
09
TBOOT: IA32_FEATURE_CONTROL_MSR: 00000005
TBOOT: CPU is SMX-capable
TBOOT: ERR: SENTER disabled by feature control MSR (5)
TBOOT: SMX not supported.
TBOOT: no LCP module found
TBOOT: kernel is ELF format
TBOOT: transfering control to kernel @0x100000...
CPU : i7 860 (2.8)
M/B : gigabyte P55A-UD5
Tboot : 20101015 version
XEN : 4.0.1
grub.cfg (grub2)
menuentry 'Xen 4.0.1 / Debian Linux 2.6.32.23 / Intel(R) Trusted Execution
Technology'
{
insmod part_msdos
insmod ext2
set root='(hd0,msdos1)'
search --no-floppy --fs-uuid --set 02d55450-a706-4474-8aec-f4632c1f0792
echo 'tBoot with Xen 4.0.1 / Linux 2.6.32.23 ...'
multiboot /boot/tboot.gz placeholder logging=serial,vga,memory
module /boot/xen-4.0.1.gz console=com1,vga com1=115200,8n1
module /boot/vmlinuz-2.6.32.23 placeholder
root=UUID=02d55450-a706-4474-8aec-f4632c1f0792 ro quieti
echo 'Loading initial ramdisk ...'
module /boot/initrd.img-2.6.32.23
echo 'SINIT ...'
module /boot/i7_QUAD_SINIT_20.BIN
}
--------------------------------------------------------------------------------------------------------------------------------
problem is that I can set up feature_control_msr to ff0f.
so, tboot can't execute 'SENTER' instruction.
I think it may be M/B or BIOS problem.
why feature_control_msr value is 5 ?
I can't find reason of that..
thx to read
from jhSong
|
|
From: Wang, S. <sha...@in...> - 2010-10-28 04:07:32
|
<resend> ACKed-by: Shane Wang <sha...@in...> Joe Perches wrote: > Move the define before any #include and use the more > standard KBUILD_MODNAME. No change in output. > > Signed-off-by: Joe Perches <jo...@pe...> > --- > arch/x86/kernel/tboot.c | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c > index c2f1b26..b9a0077 100644 > --- a/arch/x86/kernel/tboot.c > +++ b/arch/x86/kernel/tboot.c > @@ -19,6 +19,8 @@ > * > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/dma_remapping.h> > #include <linux/init_task.h> > #include <linux/spinlock.h> > @@ -51,9 +53,6 @@ EXPORT_SYMBOL(tboot); > /* timeout for APs (in secs) to enter wait-for-SIPI state during > shutdown */ #define AP_WAIT_TIMEOUT 1 > > -#undef pr_fmt > -#define pr_fmt(fmt) "tboot: " fmt > - > static u8 tboot_uuid[16] __initdata = TBOOT_UUID; > > void __init tboot_probe(void) |
|
From: Wang, S. <sha...@in...> - 2010-10-28 02:01:20
|
ACK Shane Joe Perches wrote: > Move the define before any #include and use the more > standard KBUILD_MODNAME. No change in output. > > Signed-off-by: Joe Perches <jo...@pe...> > --- > arch/x86/kernel/tboot.c | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c > index c2f1b26..b9a0077 100644 > --- a/arch/x86/kernel/tboot.c > +++ b/arch/x86/kernel/tboot.c > @@ -19,6 +19,8 @@ > * > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/dma_remapping.h> > #include <linux/init_task.h> > #include <linux/spinlock.h> > @@ -51,9 +53,6 @@ EXPORT_SYMBOL(tboot); > /* timeout for APs (in secs) to enter wait-for-SIPI state during > shutdown */ #define AP_WAIT_TIMEOUT 1 > > -#undef pr_fmt > -#define pr_fmt(fmt) "tboot: " fmt > - > static u8 tboot_uuid[16] __initdata = TBOOT_UUID; > > void __init tboot_probe(void) |
|
From: Braaten, E. <ed....@in...> - 2010-10-21 01:56:31
|
The following proposed patch to the lcp_mlehash tool fixes the diagnostics so that the -v option can
be used at any time, plus ensures that an error message is output to the stderr stream when the tool aborts
on an error.
Signed-off-by: Ed Braaten <ed....@in...>
---
--- tboot.241.hg/lcptools/mlehash.c 2010-10-13 11:16:20.491168002 -0700
+++ tboot.241-mlemods/lcptools/mlehash.c 2010-10-14 08:33:05.291168001 -0700
@@ -52,7 +52,7 @@
static bool verbose = false;
-#define log_info(fmt, ...) verbose ? printf(fmt, ##__VA_ARGS__) : 0
+#define log_info(fmt, ...) verbose ? fprintf(stderr, fmt, ##__VA_ARGS__) : 0
/*
@@ -65,7 +65,7 @@
{
elf_header_t *elf;
- log_info("checking whether image is an elf image ... ");
+ log_info("Checking whether image is an elf image...");
if ( image == NULL ) {
log_info(": failed! - Pointer is zero.\n");
return false;
@@ -175,7 +175,7 @@
{
int i;
- log_info("expanding elf image ... ");
+ log_info("Expanding elf image...");
if ( elf == NULL ) {
log_info(": failed! - ELF header pointer is zero.\n");
return false;
@@ -190,7 +190,7 @@
if (ph->p_type == PT_LOAD) {
if ( ph->p_memsz > size ) {
- log_info("expanded image exceeded allocated size\n");
+ log_info(": failed! Expanded image exceeded allocated size.\n");
return false;
}
memcpy(base, (void *)elf + ph->p_offset, ph->p_filesz);
@@ -200,7 +200,7 @@
}
}
- log_info(": succeeded!.\n");
+ log_info(": succeeded!\n");
return true;
}
@@ -243,13 +243,13 @@
*buffer = NULL;
/* check the file exists or not */
- log_info("checking whether the file exists or not ... ");
+ log_info("Checking whether the file '%s' exists or not...", filename);
if ( stat(filename, &filestat) )
goto error;
log_info(": existed!\n");
/* try uncompress the file (gzopen will handle uncompressed files too) */
- log_info("trying to uncompress the file ... ");
+ log_info("Trying to uncompress %s...", filename);
fcompressed = gzopen(filename, "rb");
if ( !fcompressed ) {
log_info(": failed!\n");
@@ -257,13 +257,13 @@
}
log_info(": succeeded!\n");
- log_info("creating a temporary file to uncompress ... ");
+ log_info("Creating a temporary file to uncompress...");
fdecompressed = tmpfile();
if ( !fdecompressed )
goto error;
log_info(": succeeded!\n");
- log_info("opening the decompressed file ... ");
+ log_info("Opening the decompressed file...");
while ( !gzeof(fcompressed) ) {
i = gzread(fcompressed, tmpbuffer, 1024);
*length += i;
@@ -274,7 +274,7 @@
gzclose(fcompressed);
fcompressed = NULL;
- log_info("testing decompression is ... ");
+ log_info("Testing decompression...");
if ( *length > 0 ) {
log_info(": succeeded!\n");
/* uncompression succeeded */
@@ -286,7 +286,7 @@
}
/* read file into buffer */
- log_info("reading the decompressed file ... ");
+ log_info("Reading the decompressed file...");
*buffer = malloc(*length);
if ( *buffer == NULL )
goto error;
@@ -310,6 +310,7 @@
static mle_hdr_t *find_mle_hdr(void *start, size_t size)
{
void *end;
+log_info("MLE Header size = %lu bytes\n", sizeof(mle_hdr_t));
end = start + size - sizeof(uuid_t);
while ( start <= end ) {
@@ -350,25 +351,25 @@
break;
case 'c':
if ( optarg == NULL ) {
- printf("Misssing command line string for -c option\n");
+ fprintf(stderr, "Missing command line string for -c option\n");
return 1;
}
cmdline = malloc(strlen(optarg) + 1);
if ( cmdline == NULL ) {
- printf("Out of memory\n");
+ fprintf(stderr, "Out of memory\n");
return 1;
}
strcpy(cmdline, optarg);
break;
default:
- printf("Unknonw command line option\n");
+ fprintf(stderr, "Unknown command line option\n");
break;
}
}
if ( help || (optind == argc) ) {
printf("mhash [-h] [-v] [-c cmdline] mle_file\n"
"\t-h Help: will print out this help message.\n"
- "\t-v Verbose: display progress indications.\n"
+ "\t-v Verbose: display progress indications on stderr.\n"
"\t-c cmdline Command line: specify quote-delimited command line.\n"
"\tmle_file: file name of MLE binary (gzip or not) to hash.\n");
free(cmdline);
@@ -391,7 +392,7 @@
exp_size = elf_end - elf_start;
exp_start = malloc(exp_size);
if ( exp_start == NULL ) {
- log_info("not enough memory for expanded image\n");
+ log_info("Not enough memory for expanded image\n");
goto error;
}
@@ -402,7 +403,7 @@
/* find the MLE header in the expanded image */
mle_hdr = find_mle_hdr(exp_start, exp_size);
if ( mle_hdr == NULL ) {
- log_info("no MLE header found in image\n");
+ log_info("No MLE header found in image!\n");
goto error;
}
@@ -410,33 +411,41 @@
command line param to it */
if ( mle_hdr->cmdline_end_off > mle_hdr->cmdline_start_off &&
cmdline != NULL ) {
+ log_info("Copying '%s' to MLE command line area...", cmdline);
memset(exp_start + mle_hdr->cmdline_start_off, '\0',
mle_hdr->cmdline_end_off - mle_hdr->cmdline_start_off);
strncpy(exp_start + mle_hdr->cmdline_start_off, cmdline,
mle_hdr->cmdline_end_off - mle_hdr->cmdline_start_off - 1);
+ log_info(": done.\n");
}
/* SHA-1 the MLE portion of the image */
+ log_info("Computing SHA-1 of MLE portion of image (size=%d bytes)...",
+ mle_hdr->mle_end_off - mle_hdr->mle_start_off);
md = EVP_sha1();
EVP_DigestInit(&ctx, md);
EVP_DigestUpdate(&ctx, exp_start + mle_hdr->mle_start_off,
mle_hdr->mle_end_off - mle_hdr->mle_start_off);
EVP_DigestFinal(&ctx, (unsigned char *)hash, NULL);
- log_info("SHA-1 = ");
+ log_info(": done.\n");
- /* we always print the hash regardless of verbose mode */
+ /* we always print the hash to stdout regardless of verbose mode */
+ log_info("SHA-1 = ");
for ( i = 0; i < SHA1_LENGTH; i++ ) {
printf("%02x", hash[i]);
+ log_info("%02x ", hash[i]);
if ( i < SHA1_LENGTH - 1 )
printf(" ");
}
printf("\n");
+ log_info("\n");
free(base);
free(exp_start);
return 0;
error:
+ fprintf(stderr, "Error! Aborting...\n");
free(base);
free(exp_start);
return 1;
|
|
From: Joe P. <jo...@pe...> - 2010-10-20 18:24:25
|
Move the define before any #include and use the more standard KBUILD_MODNAME. No change in output. Signed-off-by: Joe Perches <jo...@pe...> --- arch/x86/kernel/tboot.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index c2f1b26..b9a0077 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -19,6 +19,8 @@ * */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/dma_remapping.h> #include <linux/init_task.h> #include <linux/spinlock.h> @@ -51,9 +53,6 @@ EXPORT_SYMBOL(tboot); /* timeout for APs (in secs) to enter wait-for-SIPI state during shutdown */ #define AP_WAIT_TIMEOUT 1 -#undef pr_fmt -#define pr_fmt(fmt) "tboot: " fmt - static u8 tboot_uuid[16] __initdata = TBOOT_UUID; void __init tboot_probe(void) |
|
From: Kuniyasu S. <k.s...@ai...> - 2010-10-18 10:14:12
|
Does anybody use tboot on ThinkPAD? Current ThinkPAD has Core i7-620M which includes Intel TXT. I want to buy such ThinkPAD. ------ suzaki |
|
From: Wenchao H. <hua...@gm...> - 2010-10-14 14:05:50
|
Hi, I've tried to change the run level from 5 to 3, and it remained the same. The kernel log in dmesg shows the resolution changes at here: --------------------------------------------------------------------------------------------------------- vgaarb: device changed decodes: PCI:0000:00:02.0,olddecodes=io+mem,decodes=io+mem:owns=io+mem fbcon: inteldrmfb (fb0) is primary device Console: switching to colour frame buffer device 160x50 fb0: inteldrmfb frame buffer device drm: registered panic notifier ........ -------------------------------------------------------------------------------------------------------- it seems that something is wrong with the vga device switching here, which is before running level 3. so it remains the same to me, if I change the run level. 在 2010年10月14日 下午9:44,Satish Kagathara <sat...@gm...> 写道: > Hi, > Mine is Intel Core2Duo 3.0Ghz. > Yes, the behaviour that you are seeing seems to be the same. Only graphics > having some issues. I think you can change run level from 5 to 3 and see > what happens? > > Thanks, > Satish. > > 2010/10/14 Wenchao Huang <hua...@gm...> >> >> is it possible that it is due to the bug of the intel graphic driver? >> My computer is Thinkpad X201, and what is yours? >> >> though, the destop is abnormal when I boot with tboot, the systems >> seems fine, for when I enter with a series of command like this: >> 1. ctrl+alt+F2 //enter tty2 >> 2. input user name >> 3. input password >> 4. input "sudo reboot" >> 5. enter password >> It succeeds in rebooting the Fedora. >> >> 在 2010年10月13日 下午9:59,Satish Kagathara <sat...@gm...> 写道: >> > Hi, >> > >> > When i was facing this problem, i had downloaded source of 2.6.33.1 and >> > rebuilt kernel with Intel TXT=y to resolve this problem. Then i switched >> > to >> > light weight linux distribution Arch (kernel 2.6.33.4 and kernel 2.6.35) >> > but >> > i did not faced this issue with tboot. >> > >> > However, if i specifiy intel_iommu=on and intel_iommu=igfx_off on kernel >> > command line then this graphics issue still appears with tboot on this >> > distribution too. I did not install any desktop environment on it. >> > >> > Satish. >> > >> > 2010/10/13 Cihula, Joseph <jos...@in...> >> >> >> >> > From: 黄文超 [mailto:hua...@gm...] >> >> > Sent: Tuesday, October 12, 2010 9:44 PM >> >> > >> >> > I've tried the kernel 2.6.36-rc7, but it is still the same.. >> >> >> >> What happens if you boot without tboot? What about without tboot but >> >> specify 'iommu=force' on kernel command line? >> >> >> >> Joe >> >> >> >> > is it possible that I have to install the X201 GMA 5700m driver? >> >> > >You should try the latest 2.6.36 kernel, which contains fixes for >> >> > > this >> >> > > issue. >> >> > >> >> > >Joe >> >> > >> >> > >> >> > -- >> >> > 黄文超 >> >> > >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Beautiful is writing same markup. Internet Explorer 9 supports >> >> > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> >> > Spend less time writing and rewriting code and more time creating >> >> > great >> >> > experiences on the web. Be a part of the beta today. >> >> > http://p.sf.net/sfu/beautyoftheweb >> >> > _______________________________________________ >> >> > tboot-devel mailing list >> >> > tbo...@li... >> >> > https://lists.sourceforge.net/lists/listinfo/tboot-devel >> > >> > >> >> >> >> -- >> Wenchao Huang > > -- Wenchao Huang |
|
From: Satish K. <sat...@gm...> - 2010-10-14 13:45:09
|
Hi, Mine is Intel Core2Duo 3.0Ghz. Yes, the behaviour that you are seeing seems to be the same. Only graphics having some issues. I think you can change run level from 5 to 3 and see what happens? Thanks, Satish. 2010/10/14 Wenchao Huang <hua...@gm...> > is it possible that it is due to the bug of the intel graphic driver? > My computer is Thinkpad X201, and what is yours? > > though, the destop is abnormal when I boot with tboot, the systems > seems fine, for when I enter with a series of command like this: > 1. ctrl+alt+F2 //enter tty2 > 2. input user name > 3. input password > 4. input "sudo reboot" > 5. enter password > It succeeds in rebooting the Fedora. > > 在 2010年10月13日 下午9:59,Satish Kagathara <sat...@gm...> 写道: > > Hi, > > > > When i was facing this problem, i had downloaded source of 2.6.33.1 and > > rebuilt kernel with Intel TXT=y to resolve this problem. Then i switched > to > > light weight linux distribution Arch (kernel 2.6.33.4 and kernel 2.6.35) > but > > i did not faced this issue with tboot. > > > > However, if i specifiy intel_iommu=on and intel_iommu=igfx_off on kernel > > command line then this graphics issue still appears with tboot on this > > distribution too. I did not install any desktop environment on it. > > > > Satish. > > > > 2010/10/13 Cihula, Joseph <jos...@in...> > >> > >> > From: 黄文超 [mailto:hua...@gm...] > >> > Sent: Tuesday, October 12, 2010 9:44 PM > >> > > >> > I've tried the kernel 2.6.36-rc7, but it is still the same.. > >> > >> What happens if you boot without tboot? What about without tboot but > >> specify 'iommu=force' on kernel command line? > >> > >> Joe > >> > >> > is it possible that I have to install the X201 GMA 5700m driver? > >> > >You should try the latest 2.6.36 kernel, which contains fixes for > this > >> > > issue. > >> > > >> > >Joe > >> > > >> > > >> > -- > >> > 黄文超 > >> > > >> > > >> > > ------------------------------------------------------------------------------ > >> > Beautiful is writing same markup. Internet Explorer 9 supports > >> > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > >> > Spend less time writing and rewriting code and more time creating > great > >> > experiences on the web. Be a part of the beta today. > >> > http://p.sf.net/sfu/beautyoftheweb > >> > _______________________________________________ > >> > tboot-devel mailing list > >> > tbo...@li... > >> > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > > > > -- > Wenchao Huang > |
|
From: Wenchao H. <hua...@gm...> - 2010-10-14 07:21:27
|
is it possible that it is due to the bug of the intel graphic driver? My computer is Thinkpad X201, and what is yours? though, the destop is abnormal when I boot with tboot, the systems seems fine, for when I enter with a series of command like this: 1. ctrl+alt+F2 //enter tty2 2. input user name 3. input password 4. input "sudo reboot" 5. enter password It succeeds in rebooting the Fedora. 在 2010年10月13日 下午9:59,Satish Kagathara <sat...@gm...> 写道: > Hi, > > When i was facing this problem, i had downloaded source of 2.6.33.1 and > rebuilt kernel with Intel TXT=y to resolve this problem. Then i switched to > light weight linux distribution Arch (kernel 2.6.33.4 and kernel 2.6.35) but > i did not faced this issue with tboot. > > However, if i specifiy intel_iommu=on and intel_iommu=igfx_off on kernel > command line then this graphics issue still appears with tboot on this > distribution too. I did not install any desktop environment on it. > > Satish. > > 2010/10/13 Cihula, Joseph <jos...@in...> >> >> > From: 黄文超 [mailto:hua...@gm...] >> > Sent: Tuesday, October 12, 2010 9:44 PM >> > >> > I've tried the kernel 2.6.36-rc7, but it is still the same.. >> >> What happens if you boot without tboot? What about without tboot but >> specify 'iommu=force' on kernel command line? >> >> Joe >> >> > is it possible that I have to install the X201 GMA 5700m driver? >> > >You should try the latest 2.6.36 kernel, which contains fixes for this >> > > issue. >> > >> > >Joe >> > >> > >> > -- >> > 黄文超 >> > >> > >> > ------------------------------------------------------------------------------ >> > Beautiful is writing same markup. Internet Explorer 9 supports >> > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> > Spend less time writing and rewriting code and more time creating great >> > experiences on the web. Be a part of the beta today. >> > http://p.sf.net/sfu/beautyoftheweb >> > _______________________________________________ >> > tboot-devel mailing list >> > tbo...@li... >> > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > -- Wenchao Huang |
|
From: Satish K. <sat...@gm...> - 2010-10-13 14:00:00
|
Hi, When i was facing this problem, i had downloaded source of 2.6.33.1 and rebuilt kernel with Intel TXT=y to resolve this problem. Then i switched to light weight linux distribution Arch (kernel 2.6.33.4 and kernel 2.6.35) but i did not faced this issue with tboot. However, if i specifiy intel_iommu=on and intel_iommu=igfx_off on kernel command line then this graphics issue still appears with tboot on this distribution too. I did not install any desktop environment on it. Satish. 2010/10/13 Cihula, Joseph <jos...@in...> > > From: 黄文超 [mailto:hua...@gm...] > > Sent: Tuesday, October 12, 2010 9:44 PM > > > > I've tried the kernel 2.6.36-rc7, but it is still the same.. > > What happens if you boot without tboot? What about without tboot but > specify 'iommu=force' on kernel command line? > > Joe > > > is it possible that I have to install the X201 GMA 5700m driver? > > >You should try the latest 2.6.36 kernel, which contains fixes for this > issue. > > > > >Joe > > > > > > -- > > 黄文超 > > > > > ------------------------------------------------------------------------------ > > Beautiful is writing same markup. Internet Explorer 9 supports > > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > > Spend less time writing and rewriting code and more time creating great > > experiences on the web. Be a part of the beta today. > > http://p.sf.net/sfu/beautyoftheweb > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > |
|
From: 黄文超 <hua...@gm...> - 2010-10-13 06:17:08
|
2010/10/13 Cihula, Joseph <jos...@in...>:
>> From: 黄文超 [mailto:hua...@gm...]
>> Sent: Tuesday, October 12, 2010 9:58 PM
>>
>> 2010/10/13 Cihula, Joseph <jos...@in...>:
>> >> From: 黄文超 [mailto:hua...@gm...]
>> >> Sent: Tuesday, October 12, 2010 9:44 PM
>> >>
>> >> I've tried the kernel 2.6.36-rc7, but it is still the same..
>> >
>> > What happens if you boot without tboot? What about without tboot but specify 'iommu=force'
>> on kernel command line?
>> It works fine!
>
> Please send the dmesg of the tboot boot and the dmesg of no tboot but 'iommu=on' ('force is for Xen; my mistake).
The dmesg files are in the attachment: dmesg.tar.gz
>
> Joe
>
>>
>> >
>> > Joe
>> >
>> >> is it possible that I have to install the X201 GMA 5700m driver?
>> >> >You should try the latest 2.6.36 kernel, which contains fixes for this issue.
>> >>
>> >> >Joe
>> >>
>> >>
>> >> --
>> >> 黄文超
>> >>
>> >> ------------------------------------------------------------------------------
>> >> Beautiful is writing same markup. Internet Explorer 9 supports
>> >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
>> >> Spend less time writing and rewriting code and more time creating great
>> >> experiences on the web. Be a part of the beta today.
>> >> http://p.sf.net/sfu/beautyoftheweb
>> >> _______________________________________________
>> >> tboot-devel mailing list
>> >> tbo...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>> >
>>
>>
>>
>> --
>> 黄文超
>
--
黄文超
|
|
From: 黄文超 <hua...@gm...> - 2010-10-13 05:51:10
|
2010/10/13 Cihula, Joseph <jos...@in...>:
>> From: 黄文超 [mailto:hua...@gm...]
>> Sent: Tuesday, October 12, 2010 9:58 PM
>>
>> 2010/10/13 Cihula, Joseph <jos...@in...>:
>> >> From: 黄文超 [mailto:hua...@gm...]
>> >> Sent: Tuesday, October 12, 2010 9:44 PM
>> >>
>> >> I've tried the kernel 2.6.36-rc7, but it is still the same..
>> >
>> > What happens if you boot without tboot? What about without tboot but specify 'iommu=force'
>> on kernel command line?
>> It works fine!
>
> Please send the dmesg of the tboot boot and the dmesg of no tboot but 'iommu=on' ('force is for Xen; my mistake).
the dmesg files are in the attachment
>
> Joe
>
>>
>> >
>> > Joe
>> >
>> >> is it possible that I have to install the X201 GMA 5700m driver?
>> >> >You should try the latest 2.6.36 kernel, which contains fixes for this issue.
>> >>
>> >> >Joe
>> >>
>> >>
>> >> --
>> >> 黄文超
>> >>
>> >> ------------------------------------------------------------------------------
>> >> Beautiful is writing same markup. Internet Explorer 9 supports
>> >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
>> >> Spend less time writing and rewriting code and more time creating great
>> >> experiences on the web. Be a part of the beta today.
>> >> http://p.sf.net/sfu/beautyoftheweb
>> >> _______________________________________________
>> >> tboot-devel mailing list
>> >> tbo...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>> >
>>
>>
>>
>> --
>> 黄文超
>
--
黄文超
|
|
From: Cihula, J. <jos...@in...> - 2010-10-13 05:13:28
|
> From: 黄文超 [mailto:hua...@gm...]
> Sent: Tuesday, October 12, 2010 9:58 PM
>
> 2010/10/13 Cihula, Joseph <jos...@in...>:
> >> From: 黄文超 [mailto:hua...@gm...]
> >> Sent: Tuesday, October 12, 2010 9:44 PM
> >>
> >> I've tried the kernel 2.6.36-rc7, but it is still the same..
> >
> > What happens if you boot without tboot? What about without tboot but specify 'iommu=force'
> on kernel command line?
> It works fine!
Please send the dmesg of the tboot boot and the dmesg of no tboot but 'iommu=on' ('force is for Xen; my mistake).
Joe
>
> >
> > Joe
> >
> >> is it possible that I have to install the X201 GMA 5700m driver?
> >> >You should try the latest 2.6.36 kernel, which contains fixes for this issue.
> >>
> >> >Joe
> >>
> >>
> >> --
> >> 黄文超
> >>
> >> ------------------------------------------------------------------------------
> >> Beautiful is writing same markup. Internet Explorer 9 supports
> >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> >> Spend less time writing and rewriting code and more time creating great
> >> experiences on the web. Be a part of the beta today.
> >> http://p.sf.net/sfu/beautyoftheweb
> >> _______________________________________________
> >> tboot-devel mailing list
> >> tbo...@li...
> >> https://lists.sourceforge.net/lists/listinfo/tboot-devel
> >
>
>
>
> --
> 黄文超
|
|
From: 黄文超 <hua...@gm...> - 2010-10-13 04:58:13
|
2010/10/13 Cihula, Joseph <jos...@in...>: >> From: 黄文超 [mailto:hua...@gm...] >> Sent: Tuesday, October 12, 2010 9:44 PM >> >> I've tried the kernel 2.6.36-rc7, but it is still the same.. > > What happens if you boot without tboot? What about without tboot but specify 'iommu=force' on kernel command line? It works fine! > > Joe > >> is it possible that I have to install the X201 GMA 5700m driver? >> >You should try the latest 2.6.36 kernel, which contains fixes for this issue. >> >> >Joe >> >> >> -- >> 黄文超 >> >> ------------------------------------------------------------------------------ >> Beautiful is writing same markup. Internet Explorer 9 supports >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> Spend less time writing and rewriting code and more time creating great >> experiences on the web. Be a part of the beta today. >> http://p.sf.net/sfu/beautyoftheweb >> _______________________________________________ >> tboot-devel mailing list >> tbo...@li... >> https://lists.sourceforge.net/lists/listinfo/tboot-devel > -- 黄文超 |
|
From: Cihula, J. <jos...@in...> - 2010-10-13 04:48:08
|
> From: 黄文超 [mailto:hua...@gm...] > Sent: Tuesday, October 12, 2010 9:44 PM > > I've tried the kernel 2.6.36-rc7, but it is still the same.. What happens if you boot without tboot? What about without tboot but specify 'iommu=force' on kernel command line? Joe > is it possible that I have to install the X201 GMA 5700m driver? > >You should try the latest 2.6.36 kernel, which contains fixes for this issue. > > >Joe > > > -- > 黄文超 > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today. > http://p.sf.net/sfu/beautyoftheweb > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: 黄文超 <hua...@gm...> - 2010-10-13 04:43:58
|
I've tried the kernel 2.6.36-rc7, but it is still the same.. is it possible that I have to install the X201 GMA 5700m driver? >You should try the latest 2.6.36 kernel, which contains fixes for this issue. >Joe -- 黄文超 |
|
From: Cihula, J. <jos...@in...> - 2010-10-12 16:10:28
|
> From: 黄文超 [mailto:hua...@gm...] > Sent: Tuesday, October 12, 2010 8:20 AM > > Hi, > I'm facing with the similar problem as yours: > (My laptop is X201) > > I've install Fedora 13 today, but the kernel is already higher than > 2.6.33.1-24.fc13.i686. So, when the system starts with tboot, > " It boots properly and shows TBOOT messages during boot but it does > not shows proper desktop/display. It shows some square boxes/lines on > my display. Cursor is square box which i was able to move it.". > > Have you already solved the problem? Any help will be appreciated! You should try the latest 2.6.36 kernel, which contains fixes for this issue. Joe > > Thanks > -- > 黄文超 > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today. > http://p.sf.net/sfu/beautyoftheweb > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: 黄文超 <hua...@gm...> - 2010-10-12 15:19:51
|
Hi, I'm facing with the similar problem as yours: (My laptop is X201) I've install Fedora 13 today, but the kernel is already higher than 2.6.33.1-24.fc13.i686. So, when the system starts with tboot, " It boots properly and shows TBOOT messages during boot but it does not shows proper desktop/display. It shows some square boxes/lines on my display. Cursor is square box which i was able to move it.". Have you already solved the problem? Any help will be appreciated! Thanks -- 黄文超 |
|
From: 黄文超 <hua...@gm...> - 2010-10-09 01:55:22
|
Hi > I don't know if 10.04 has TXT/tboot support compiled in or not. I saw the tboot need kernel>=2.6.33, but original 10.04 didn't fit, so I changed the kernel to 2.6.35-19. However, it still didn't work. I'm wondering if tboot not only depends on the kernel but also depends on the upper configuration of Ubuntu? Meanwhile, I download the 2.6.35-19, and compiled it with default configuration, is it possible that I must change some config on this kernel? and where? > You don't need to change bootloaders--tboot will work with grub2, but you need to duplicate the module names. > This looks like an error with either the 'root=' command line param or with module support in the initrd. Can you paste your entire grub.conf file? The config in menu.lst is like this (my computer is left in lab, I can paste the entire menu.lst on Monday, however I still remember the configuration the tboot entry ): title tboot kernel /boot/tboot.gz logging=serial,vga,memory module /boot/vmlinuz-2.6.35.19 ro root=UUID=.............#(can't remember) module /boot/initrd-2.6.35.19.img module /boot/sinit.bin I've already tested the menu.lst in grub, as in the previous mail: >> 1. remove the sinit module in menu.lst >> the kernel was launched successfully, which shows begin_launch() and >> launch_kernel(false) works. But it didn't enter into post_launch(), >> which means it was not a measured launch. It seems the root= or initd works both fine, or it will not success in booting kernel if "module /boot/sinit.bin" is removed. Thank you for your letter! -- 黄文超 |
|
From: Cihula, J. <jos...@in...> - 2010-10-08 17:05:09
|
> From: 黄文超 [mailto:hua...@gm...] > Sent: Friday, October 08, 2010 1:25 AM > > Hi, I saw the previous mail showing that tboot will work on feroda 13. > However, I'm wondering if it will work on Ubuntu 10.04, for I was > suffering from installing the tboot for several days. I don't know if 10.04 has TXT/tboot support compiled in or not. > I've changed the default grub2 to grub, and made the same grub You don't need to change bootloaders--tboot will work with grub2, but you need to duplicate the module names. > configuration as in the previous mail, and change the kernel to > 2.6.35-19 . It succeeded in launching the tboot.gz (including the > begin_launch() and post_launch() ), and transferring the control to > linux kernel, however, it fails, and stops while launching the kernel, > showing the message like this: > "ALERT! /dev/disk/by-uuid/.... does not exist. Dropping a shell!" This looks like an error with either the 'root=' command line param or with module support in the initrd. Can you paste your entire grub.conf file? > I tried to boot pc with several configurations, in order to dig more > information: > 1. remove the sinit module in menu.lst > the kernel was launched successfully, which shows begin_launch() and > launch_kernel(false) works. But it didn't enter into post_launch(), > which means it was not a measured launch. > 2. edit the source code in post_launch() where launch_kernel(true) > turns to launch_kernel(false) > It also failed and showed the message:"ALERT!......Dropping a shell!!" > I thought launch_kernel(false) worked fine in begin_launch() where > the policy was TB_POLACT_UNMEASURED_LAUNCH, and it would work as well > in post_launch. However, it turned out that I was wrong. > > So, until now, I still cannot figure out what's wrong with the > configuration, and expect if someone would help me with this. > Thanks very much > > > > -- > Colahuang > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today. > http://p.sf.net/sfu/beautyoftheweb > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Cihula, J. <jos...@in...> - 2010-10-08 16:16:00
|
Your grub below is fine, except you need a more recent kernel that has TXT/tboot support (see previous email). The message about not finding an LCP module is not an error and is not a problem. But the kernel version won’t affect SENTER. Do you get a hang or a reset? If a reset, what is the errorcode (tboot will display it on the next boot after the reset)? Also, please make sure that you have the latest BIOS version. Joe From: 魏成龙 [mailto:che...@16...] Sent: Friday, October 08, 2010 1:32 AM To: tbo...@li... Subject: [tboot-devel] how to install tboot Hello: I am installing Tboot now, but I have several problems. My PC is IBM T400 with Fedora 10. I have downloaded SINIT(GM45_GS45_PM45_SINIT_21.BIN) and tboot-20100427-1.fc12.src.rpm. But I failed to install tboot. Error message is that "no LCP module found" and it stopped at executing GETSEC[SENTER]... I think the grub I haved modified may be fault. Can you give me an example about how to modify grub.conf to support tboot? Following is my grub.conf I have modified. Thank you. title Fedora (2.6.27.53) kernel /boot/tboot.gz logging=serial,vga,memory module /boot/vmlinuz-2.6.27.53 ro root=UUID=2d052b74-4adf-45b3-95fe-326239a5ac56 rhgb quiet module /boot/initrd-2.6.27.53.img module /boot/GM45_GS45_PM45_SINIT_21.BIN ________________________________ 全国最低价,天天在家冲照片,24小时发货上门!<http://yxp.163.com/photo/ep.html?sss=fromyx0911> |
|
From: Martin P. <Mar...@ia...> - 2010-10-08 08:50:07
|
Following up, IAIK releases another Trusted Computing package, the second public release of the acTvSM platform - download at [1]. acTvSM is a proof-of-concept integration of Trusted Computing and Intel TXT into an off-the-shelf Debian Linux system. TBoot is used to anchor the chain-of-trust in the DRTM and the initial ramdisk obtains the key for the encrypted system root partition only if the TPM PCRs are in the correct state. Also, acTvSM provides management scripts for the sysadmin to reseal the system to a new administrator defined state. Using KVM, on top of the tightly controlled base system custom virtual applications can be run. This is an experimental prototype, it still contains sharp edges to hurt yourself and some debugging code obviously contrary to security. However, there are no bugs ;-) Again, we want to thank every helping hand who contributed to this platform. Have fun, Martin & Ronald [1] http://trustedjava.sourceforge.net/ |
15 messages has been excluded from this view by a project administrator.
