Menu
▾
▴
tboot-devel — Developer support
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(19) |
Feb
(24) |
Mar
(8) |
Apr
(14) |
May
(8) |
Jun
(10) |
Jul
(14) |
Aug
(3) |
Sep
(13) |
Oct
(27) |
Nov
(39) |
Dec
(24) |
| 2009 |
Jan
(19) |
Feb
(4) |
Mar
(2) |
Apr
(15) |
May
|
Jun
(2) |
Jul
(44) |
Aug
(21) |
Sep
(20) |
Oct
(2) |
Nov
(1) |
Dec
(7) |
| 2010 |
Jan
(7) |
Feb
(10) |
Mar
(2) |
Apr
(12) |
May
(7) |
Jun
(2) |
Jul
(18) |
Aug
(11) |
Sep
(4) |
Oct
(25) |
Nov
(8) |
Dec
(1) |
| 2011 |
Jan
(27) |
Feb
(2) |
Mar
(19) |
Apr
(8) |
May
(16) |
Jun
(11) |
Jul
(9) |
Aug
(9) |
Sep
(35) |
Oct
(9) |
Nov
(8) |
Dec
(32) |
| 2012 |
Jan
(37) |
Feb
(20) |
Mar
(2) |
Apr
(24) |
May
(4) |
Jun
(3) |
Jul
(5) |
Aug
(21) |
Sep
(8) |
Oct
(15) |
Nov
(1) |
Dec
(7) |
| 2013 |
Jan
(4) |
Feb
(8) |
Mar
(38) |
Apr
(9) |
May
(42) |
Jun
(4) |
Jul
(21) |
Aug
(4) |
Sep
|
Oct
(7) |
Nov
(2) |
Dec
(3) |
| 2014 |
Jan
(8) |
Feb
(8) |
Mar
(5) |
Apr
(9) |
May
(19) |
Jun
(1) |
Jul
(10) |
Aug
(25) |
Sep
(6) |
Oct
(2) |
Nov
(5) |
Dec
(1) |
| 2015 |
Jan
|
Feb
|
Mar
(5) |
Apr
|
May
(12) |
Jun
|
Jul
(2) |
Aug
(5) |
Sep
(11) |
Oct
(5) |
Nov
(3) |
Dec
(1) |
| 2016 |
Jan
(2) |
Feb
(24) |
Mar
|
Apr
(6) |
May
(26) |
Jun
(20) |
Jul
(8) |
Aug
(15) |
Sep
(21) |
Oct
(1) |
Nov
(7) |
Dec
(24) |
| 2017 |
Jan
(12) |
Feb
(2) |
Mar
(6) |
Apr
(8) |
May
(18) |
Jun
(13) |
Jul
(12) |
Aug
(8) |
Sep
(5) |
Oct
(1) |
Nov
|
Dec
|
| 2018 |
Jan
(2) |
Feb
(12) |
Mar
(8) |
Apr
(5) |
May
(7) |
Jun
(1) |
Jul
(4) |
Aug
(8) |
Sep
(2) |
Oct
(3) |
Nov
(4) |
Dec
(3) |
| 2019 |
Jan
(8) |
Feb
|
Mar
(2) |
Apr
|
May
(3) |
Jun
(4) |
Jul
(1) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2020 |
Jan
(25) |
Feb
(12) |
Mar
(2) |
Apr
(13) |
May
(44) |
Jun
(9) |
Jul
|
Aug
(3) |
Sep
(5) |
Oct
(4) |
Nov
(2) |
Dec
|
| 2021 |
Jan
(6) |
Feb
|
Mar
(7) |
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
(16) |
Sep
(4) |
Oct
(6) |
Nov
(1) |
Dec
(6) |
| 2022 |
Jan
(5) |
Feb
(4) |
Mar
(22) |
Apr
(6) |
May
(4) |
Jun
(17) |
Jul
(2) |
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(2) |
| 2023 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2024 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
|
From: Jonathan M. M. <jon...@cm...> - 2009-01-05 22:00:31
|
Hi guys, Thanks for the info. My goal was to enable memory logging, and I had missed the need to add 'logging=vga,serial,memory' to enable the various types of logging. I was also thrown off since MEM_LOGGING doesn't seem to appear in any of the source code. But, it's working now. :) -Jon Cihula, Joseph wrote: >> From: Wang, Shane [mailto:sha...@in...] >> Sent: Saturday, January 03, 2009 9:26 PM >> >> I think that should be your txt public config space is reserved by kernel. see variable >> iomem_resource. >> I haven't tried it on the kernel but on xen unstable. I think there must be somewhere to >> reserve it, perhaps e820 parsing in the kernel since the range is reserved in e820 table. >> Can you try to remove the range out of iomem_resource? >> >> Shane >> > > The txt-test code has gotten a bit crufty since txt-stat was developed. Really, the only reason I've kept txt-test around is because it contains some test cases for whether regions have been properly protected, that can't be implemented in user space. But these are really not something that I expect others to use. In general, txt-stat should provide you with all of the info you need and is easier to build and run. > > Joe > > >> Jonathan M. McCune wrote: >> >>> Hi Shane, >>> >>> Thanks, that fixed the build process. I still get the following >>> errors, though I haven't made an effort to track them down yet. >>> >>> # insmod txt-test.ko >>> insmod: error inserting 'txt-test.ko': -1 Device or resource busy >>> >>> # dmesg | tail >>> [ 160.097624] txt_test: module license 'BSD' taints kernel. >>> [ 160.099563] ERROR: TXT public config space is already reserved >>> >>> Thanks, >>> -Jon >>> >>> >>> Wang, Shane wrote: >>> >>>> I guess this is because of some chaos of linux kernel build >>>> environment in the header files. >>>> >>>> Please try the patch attached and build again. >>>> >>>> Shane >>>> >>>> Jonathan M. McCune wrote: >>>> >>>> >>>>> Hello list, >>>>> >>>>> I grabbed the latest tboot from mercurial: >>>>> >>>>> hg clone http://www.bughost.org/repos.hg/tboot.hg >>>>> >>>>> I edited tboot.hg/txt-test/Makefile to set these directories (and >>>>> uncommented the MOD_TARGET line): >>>>> >>>>> LINUX_BASE_DIR = /usr/src/linux >>>>> LINUX_BUILD_DIR = /usr/src/linux >>>>> LINUX_SRC_DIR = /usr/src/linux >>>>> >>>>> Make then fails as follows: >>>>> >>>>> # make >>>>> gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 >>>>> -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c txt-stat.c -o >>>>> txt-stat.o gcc -Wall -Werror -Wstrict-prototypes >>>>> -fno-strict-aliasing -O2 -std=gnu99 -Wno-array-bounds -m32 >>>>> -march=i686 txt-stat.o -o txt-stat gcc -Wall -Werror >>>>> -Wstrict-prototypes -fno-strict-aliasing -O2 -std=gnu99 >>>>> -Wno-array-bounds -m32 -march=i686 -c acminfo.c -o acminfo.o gcc >>>>> -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 >>>>> -std=gnu99 -Wno-array-bounds -m32 -march=i686 acminfo.o -o >>>>> acminfo make -C /usr/src/linux M=/root/tboot.hg/txt-test modules >>>>> make[1]: Entering directory `/usr/src/linux-source-2.6.27' CC [M] >>>>> /root/tboot.hg/txt-test/txt-test.o >>>>> In file included from include/linux/kernel.h:12, >>>>> from include/linux/delay.h:10, >>>>> from /root/tboot.hg/txt-test/txt-test.c:39: >>>>> include/linux/stddef.h:16: error: expected identifier before >>>>> numeric constant In file included from include/linux/kernel.h:13, >>>>> from include/linux/delay.h:10, >>>>> from /root/tboot.hg/txt-test/txt-test.c:39: >>>>> include/linux/types.h:33: error: two or more data types in >>>>> declaration specifiers include/linux/types.h:33: warning: useless >>>>> type name in empty declaration In file included from >>>>> /root/tboot.hg/txt-test/txt-test.c:49: >>>>> /root/tboot.hg/txt-test/../include/config.h:69:1: warning: >>>>> "__packed" redefined In file included from >>>>> include/linux/compiler-gcc4.h:6, from >>>>> include/linux/compiler.h:40, from >>>>> include/linux/linkage.h:4, from >>>>> include/linux/kernel.h:11, from >>>>> include/linux/delay.h:10, from >>>>> /root/tboot.hg/txt-test/txt-test.c:39: >>>>> include/linux/compiler-gcc.h:43:1: warning: this is the location of >>>>> the previous definition make[2]: *** >>>>> [/root/tboot.hg/txt-test/txt-test.o] Error 1 >>>>> make[1]: *** [_module_/root/tboot.hg/txt-test] Error 2 >>>>> make[1]: Leaving directory `/usr/src/linux-source-2.6.27' >>>>> make: *** [txt-test.ko] Error 2 >>>>> >>>>> >>>>> >>>>> >>>>> # gcc -v >>>>> Using built-in specs. >>>>> Target: i486-linux-gnu >>>>> Configured with: ../src/configure -v --with-pkgversion='Ubuntu >>>>> 4.3.2-1ubuntu11' >>>>> --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs >>>>> --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr >>>>> --enable-shared --with-system-zlib --libexecdir=/usr/lib >>>>> --without-included-gettext --enable-threads=posix --enable-nls >>>>> --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 >>>>> --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc >>>>> --enable-mpfr --enable-targets=all --enable-checking=release >>>>> --build=i486-linux-gnu --host=i486-linux-gnu >>>>> --target=i486-linux-gnu Thread model: posix gcc version 4.3.2 >>>>> (Ubuntu 4.3.2-1ubuntu11) >>>>> >>>>> # hg tip >>>>> changeset: 111:e009b057d5b0 >>>>> tag: tip >>>>> user: Joseph Cihula <jos...@in...> >>>>> date: Fri Jan 02 22:04:28 2009 -0800 >>>>> summary: Fixed bug with command line handling in S3; added >>>>> rollback attack protections to S3 >>>>> >>>>> I'm using a custom-compiled 2.6.27 from Ubuntu 8.10, but I have not >>>>> done any tboot-specific patches. The system boots just fine with >>>>> tboot in the grub menu: >>>>> >>>>> title TBOOT + Ubuntu 8.10, kernel 2.6.27.2jm1 >>>>> uuid a8d5e68a-d490-4035-9877-0a0d25ea047f >>>>> kernel /boot/tboot.gz >>>>> module /boot/vmlinuz-2.6.27.2jm1 >>>>> root=UUID=a8d5e68a-d490-4035-9877-0a0d25ea047f ro crashker >>>>> nel=384M-2G:64M@16M,2G-:128M@16M >>>>> module /boot/initrd.img-2.6.27.2jm1 >>>>> module /boot/GM45_PM45_SINIT_19.BIN >>>>> boot >>>>> >>>>> But this is a Lenovo T400 laptop with no serial port and I can't >>>>> tell if tboot does anything or not. >>>>> >>>>> Thanks for any help you can provide, >>>>> -Jon >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> _______________________________________________ >>>>> tboot-devel mailing list >>>>> tbo...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/tboot-devel >>>>> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> tboot-devel mailing list >> tbo...@li... >> https://lists.sourceforge.net/lists/listinfo/tboot-devel >> > > |
|
From: Cihula, J. <jos...@in...> - 2009-01-04 23:25:18
|
> From: Wang, Shane [mailto:sha...@in...] > Sent: Saturday, January 03, 2009 9:26 PM > > I think that should be your txt public config space is reserved by kernel. see variable > iomem_resource. > I haven't tried it on the kernel but on xen unstable. I think there must be somewhere to > reserve it, perhaps e820 parsing in the kernel since the range is reserved in e820 table. > Can you try to remove the range out of iomem_resource? > > Shane The txt-test code has gotten a bit crufty since txt-stat was developed. Really, the only reason I've kept txt-test around is because it contains some test cases for whether regions have been properly protected, that can't be implemented in user space. But these are really not something that I expect others to use. In general, txt-stat should provide you with all of the info you need and is easier to build and run. Joe > > Jonathan M. McCune wrote: > > Hi Shane, > > > > Thanks, that fixed the build process. I still get the following > > errors, though I haven't made an effort to track them down yet. > > > > # insmod txt-test.ko > > insmod: error inserting 'txt-test.ko': -1 Device or resource busy > > > > # dmesg | tail > > [ 160.097624] txt_test: module license 'BSD' taints kernel. > > [ 160.099563] ERROR: TXT public config space is already reserved > > > > Thanks, > > -Jon > > > > > > Wang, Shane wrote: > >> I guess this is because of some chaos of linux kernel build > >> environment in the header files. > >> > >> Please try the patch attached and build again. > >> > >> Shane > >> > >> Jonathan M. McCune wrote: > >> > >>> Hello list, > >>> > >>> I grabbed the latest tboot from mercurial: > >>> > >>> hg clone http://www.bughost.org/repos.hg/tboot.hg > >>> > >>> I edited tboot.hg/txt-test/Makefile to set these directories (and > >>> uncommented the MOD_TARGET line): > >>> > >>> LINUX_BASE_DIR = /usr/src/linux > >>> LINUX_BUILD_DIR = /usr/src/linux > >>> LINUX_SRC_DIR = /usr/src/linux > >>> > >>> Make then fails as follows: > >>> > >>> # make > >>> gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 > >>> -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c txt-stat.c -o > >>> txt-stat.o gcc -Wall -Werror -Wstrict-prototypes > >>> -fno-strict-aliasing -O2 -std=gnu99 -Wno-array-bounds -m32 > >>> -march=i686 txt-stat.o -o txt-stat gcc -Wall -Werror > >>> -Wstrict-prototypes -fno-strict-aliasing -O2 -std=gnu99 > >>> -Wno-array-bounds -m32 -march=i686 -c acminfo.c -o acminfo.o gcc > >>> -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 > >>> -std=gnu99 -Wno-array-bounds -m32 -march=i686 acminfo.o -o > >>> acminfo make -C /usr/src/linux M=/root/tboot.hg/txt-test modules > >>> make[1]: Entering directory `/usr/src/linux-source-2.6.27' CC [M] > >>> /root/tboot.hg/txt-test/txt-test.o > >>> In file included from include/linux/kernel.h:12, > >>> from include/linux/delay.h:10, > >>> from /root/tboot.hg/txt-test/txt-test.c:39: > >>> include/linux/stddef.h:16: error: expected identifier before > >>> numeric constant In file included from include/linux/kernel.h:13, > >>> from include/linux/delay.h:10, > >>> from /root/tboot.hg/txt-test/txt-test.c:39: > >>> include/linux/types.h:33: error: two or more data types in > >>> declaration specifiers include/linux/types.h:33: warning: useless > >>> type name in empty declaration In file included from > >>> /root/tboot.hg/txt-test/txt-test.c:49: > >>> /root/tboot.hg/txt-test/../include/config.h:69:1: warning: > >>> "__packed" redefined In file included from > >>> include/linux/compiler-gcc4.h:6, from > >>> include/linux/compiler.h:40, from > >>> include/linux/linkage.h:4, from > >>> include/linux/kernel.h:11, from > >>> include/linux/delay.h:10, from > >>> /root/tboot.hg/txt-test/txt-test.c:39: > >>> include/linux/compiler-gcc.h:43:1: warning: this is the location of > >>> the previous definition make[2]: *** > >>> [/root/tboot.hg/txt-test/txt-test.o] Error 1 > >>> make[1]: *** [_module_/root/tboot.hg/txt-test] Error 2 > >>> make[1]: Leaving directory `/usr/src/linux-source-2.6.27' > >>> make: *** [txt-test.ko] Error 2 > >>> > >>> > >>> > >>> > >>> # gcc -v > >>> Using built-in specs. > >>> Target: i486-linux-gnu > >>> Configured with: ../src/configure -v --with-pkgversion='Ubuntu > >>> 4.3.2-1ubuntu11' > >>> --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs > >>> --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr > >>> --enable-shared --with-system-zlib --libexecdir=/usr/lib > >>> --without-included-gettext --enable-threads=posix --enable-nls > >>> --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 > >>> --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc > >>> --enable-mpfr --enable-targets=all --enable-checking=release > >>> --build=i486-linux-gnu --host=i486-linux-gnu > >>> --target=i486-linux-gnu Thread model: posix gcc version 4.3.2 > >>> (Ubuntu 4.3.2-1ubuntu11) > >>> > >>> # hg tip > >>> changeset: 111:e009b057d5b0 > >>> tag: tip > >>> user: Joseph Cihula <jos...@in...> > >>> date: Fri Jan 02 22:04:28 2009 -0800 > >>> summary: Fixed bug with command line handling in S3; added > >>> rollback attack protections to S3 > >>> > >>> I'm using a custom-compiled 2.6.27 from Ubuntu 8.10, but I have not > >>> done any tboot-specific patches. The system boots just fine with > >>> tboot in the grub menu: > >>> > >>> title TBOOT + Ubuntu 8.10, kernel 2.6.27.2jm1 > >>> uuid a8d5e68a-d490-4035-9877-0a0d25ea047f > >>> kernel /boot/tboot.gz > >>> module /boot/vmlinuz-2.6.27.2jm1 > >>> root=UUID=a8d5e68a-d490-4035-9877-0a0d25ea047f ro crashker > >>> nel=384M-2G:64M@16M,2G-:128M@16M > >>> module /boot/initrd.img-2.6.27.2jm1 > >>> module /boot/GM45_PM45_SINIT_19.BIN > >>> boot > >>> > >>> But this is a Lenovo T400 laptop with no serial port and I can't > >>> tell if tboot does anything or not. > >>> > >>> Thanks for any help you can provide, > >>> -Jon > >>> > >>> > >>> > >>> > >>> > >>> ------------------------------------------------------------------------------ > >>> _______________________________________________ > >>> tboot-devel mailing list > >>> tbo...@li... > >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > ------------------------------------------------------------------------------ > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Wang, S. <sha...@in...> - 2009-01-04 05:25:52
|
I think that should be your txt public config space is reserved by kernel. see variable iomem_resource. I haven't tried it on the kernel but on xen unstable. I think there must be somewhere to reserve it, perhaps e820 parsing in the kernel since the range is reserved in e820 table. Can you try to remove the range out of iomem_resource? Shane Jonathan M. McCune wrote: > Hi Shane, > > Thanks, that fixed the build process. I still get the following > errors, though I haven't made an effort to track them down yet. > > # insmod txt-test.ko > insmod: error inserting 'txt-test.ko': -1 Device or resource busy > > # dmesg | tail > [ 160.097624] txt_test: module license 'BSD' taints kernel. > [ 160.099563] ERROR: TXT public config space is already reserved > > Thanks, > -Jon > > > Wang, Shane wrote: >> I guess this is because of some chaos of linux kernel build >> environment in the header files. >> >> Please try the patch attached and build again. >> >> Shane >> >> Jonathan M. McCune wrote: >> >>> Hello list, >>> >>> I grabbed the latest tboot from mercurial: >>> >>> hg clone http://www.bughost.org/repos.hg/tboot.hg >>> >>> I edited tboot.hg/txt-test/Makefile to set these directories (and >>> uncommented the MOD_TARGET line): >>> >>> LINUX_BASE_DIR = /usr/src/linux >>> LINUX_BUILD_DIR = /usr/src/linux >>> LINUX_SRC_DIR = /usr/src/linux >>> >>> Make then fails as follows: >>> >>> # make >>> gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 >>> -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c txt-stat.c -o >>> txt-stat.o gcc -Wall -Werror -Wstrict-prototypes >>> -fno-strict-aliasing -O2 -std=gnu99 -Wno-array-bounds -m32 >>> -march=i686 txt-stat.o -o txt-stat gcc -Wall -Werror >>> -Wstrict-prototypes -fno-strict-aliasing -O2 -std=gnu99 >>> -Wno-array-bounds -m32 -march=i686 -c acminfo.c -o acminfo.o gcc >>> -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 >>> -std=gnu99 -Wno-array-bounds -m32 -march=i686 acminfo.o -o >>> acminfo make -C /usr/src/linux M=/root/tboot.hg/txt-test modules >>> make[1]: Entering directory `/usr/src/linux-source-2.6.27' CC [M] >>> /root/tboot.hg/txt-test/txt-test.o >>> In file included from include/linux/kernel.h:12, >>> from include/linux/delay.h:10, >>> from /root/tboot.hg/txt-test/txt-test.c:39: >>> include/linux/stddef.h:16: error: expected identifier before >>> numeric constant In file included from include/linux/kernel.h:13, >>> from include/linux/delay.h:10, >>> from /root/tboot.hg/txt-test/txt-test.c:39: >>> include/linux/types.h:33: error: two or more data types in >>> declaration specifiers include/linux/types.h:33: warning: useless >>> type name in empty declaration In file included from >>> /root/tboot.hg/txt-test/txt-test.c:49: >>> /root/tboot.hg/txt-test/../include/config.h:69:1: warning: >>> "__packed" redefined In file included from >>> include/linux/compiler-gcc4.h:6, from >>> include/linux/compiler.h:40, from >>> include/linux/linkage.h:4, from >>> include/linux/kernel.h:11, from >>> include/linux/delay.h:10, from >>> /root/tboot.hg/txt-test/txt-test.c:39: >>> include/linux/compiler-gcc.h:43:1: warning: this is the location of >>> the previous definition make[2]: *** >>> [/root/tboot.hg/txt-test/txt-test.o] Error 1 >>> make[1]: *** [_module_/root/tboot.hg/txt-test] Error 2 >>> make[1]: Leaving directory `/usr/src/linux-source-2.6.27' >>> make: *** [txt-test.ko] Error 2 >>> >>> >>> >>> >>> # gcc -v >>> Using built-in specs. >>> Target: i486-linux-gnu >>> Configured with: ../src/configure -v --with-pkgversion='Ubuntu >>> 4.3.2-1ubuntu11' >>> --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs >>> --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr >>> --enable-shared --with-system-zlib --libexecdir=/usr/lib >>> --without-included-gettext --enable-threads=posix --enable-nls >>> --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 >>> --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc >>> --enable-mpfr --enable-targets=all --enable-checking=release >>> --build=i486-linux-gnu --host=i486-linux-gnu >>> --target=i486-linux-gnu Thread model: posix gcc version 4.3.2 >>> (Ubuntu 4.3.2-1ubuntu11) >>> >>> # hg tip >>> changeset: 111:e009b057d5b0 >>> tag: tip >>> user: Joseph Cihula <jos...@in...> >>> date: Fri Jan 02 22:04:28 2009 -0800 >>> summary: Fixed bug with command line handling in S3; added >>> rollback attack protections to S3 >>> >>> I'm using a custom-compiled 2.6.27 from Ubuntu 8.10, but I have not >>> done any tboot-specific patches. The system boots just fine with >>> tboot in the grub menu: >>> >>> title TBOOT + Ubuntu 8.10, kernel 2.6.27.2jm1 >>> uuid a8d5e68a-d490-4035-9877-0a0d25ea047f >>> kernel /boot/tboot.gz >>> module /boot/vmlinuz-2.6.27.2jm1 >>> root=UUID=a8d5e68a-d490-4035-9877-0a0d25ea047f ro crashker >>> nel=384M-2G:64M@16M,2G-:128M@16M >>> module /boot/initrd.img-2.6.27.2jm1 >>> module /boot/GM45_PM45_SINIT_19.BIN >>> boot >>> >>> But this is a Lenovo T400 laptop with no serial port and I can't >>> tell if tboot does anything or not. >>> >>> Thanks for any help you can provide, >>> -Jon >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> tboot-devel mailing list >>> tbo...@li... >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Jonathan M. M. <jon...@cm...> - 2009-01-04 03:50:43
|
Hi Shane, Thanks, that fixed the build process. I still get the following errors, though I haven't made an effort to track them down yet. # insmod txt-test.ko insmod: error inserting 'txt-test.ko': -1 Device or resource busy # dmesg | tail [ 160.097624] txt_test: module license 'BSD' taints kernel. [ 160.099563] ERROR: TXT public config space is already reserved Thanks, -Jon Wang, Shane wrote: > I guess this is because of some chaos of linux kernel build environment in the header files. > > Please try the patch attached and build again. > > Shane > > Jonathan M. McCune wrote: > >> Hello list, >> >> I grabbed the latest tboot from mercurial: >> >> hg clone http://www.bughost.org/repos.hg/tboot.hg >> >> I edited tboot.hg/txt-test/Makefile to set these directories (and >> uncommented the MOD_TARGET line): >> >> LINUX_BASE_DIR = /usr/src/linux >> LINUX_BUILD_DIR = /usr/src/linux >> LINUX_SRC_DIR = /usr/src/linux >> >> Make then fails as follows: >> >> # make >> gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 >> -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c txt-stat.c -o >> txt-stat.o gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing >> -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 txt-stat.o -o >> txt-stat gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing >> -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c acminfo.c -o >> acminfo.o gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing >> -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 acminfo.o -o >> acminfo make -C /usr/src/linux M=/root/tboot.hg/txt-test modules >> make[1]: Entering directory `/usr/src/linux-source-2.6.27' >> CC [M] /root/tboot.hg/txt-test/txt-test.o >> In file included from include/linux/kernel.h:12, >> from include/linux/delay.h:10, >> from /root/tboot.hg/txt-test/txt-test.c:39: >> include/linux/stddef.h:16: error: expected identifier before numeric >> constant >> In file included from include/linux/kernel.h:13, >> from include/linux/delay.h:10, >> from /root/tboot.hg/txt-test/txt-test.c:39: >> include/linux/types.h:33: error: two or more data types in declaration >> specifiers >> include/linux/types.h:33: warning: useless type name in empty >> declaration In file included from >> /root/tboot.hg/txt-test/txt-test.c:49: >> /root/tboot.hg/txt-test/../include/config.h:69:1: warning: "__packed" >> redefined >> In file included from include/linux/compiler-gcc4.h:6, >> from include/linux/compiler.h:40, >> from include/linux/linkage.h:4, >> from include/linux/kernel.h:11, >> from include/linux/delay.h:10, >> from /root/tboot.hg/txt-test/txt-test.c:39: >> include/linux/compiler-gcc.h:43:1: warning: this is the location of >> the previous definition >> make[2]: *** [/root/tboot.hg/txt-test/txt-test.o] Error 1 >> make[1]: *** [_module_/root/tboot.hg/txt-test] Error 2 >> make[1]: Leaving directory `/usr/src/linux-source-2.6.27' >> make: *** [txt-test.ko] Error 2 >> >> >> >> >> # gcc -v >> Using built-in specs. >> Target: i486-linux-gnu >> Configured with: ../src/configure -v --with-pkgversion='Ubuntu >> 4.3.2-1ubuntu11' >> --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs >> --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr >> --enable-shared --with-system-zlib --libexecdir=/usr/lib >> --without-included-gettext --enable-threads=posix --enable-nls >> --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 >> --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc >> --enable-mpfr --enable-targets=all --enable-checking=release >> --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu >> Thread model: posix >> gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu11) >> >> # hg tip >> changeset: 111:e009b057d5b0 >> tag: tip >> user: Joseph Cihula <jos...@in...> >> date: Fri Jan 02 22:04:28 2009 -0800 >> summary: Fixed bug with command line handling in S3; added >> rollback attack protections to S3 >> >> I'm using a custom-compiled 2.6.27 from Ubuntu 8.10, but I have not >> done any tboot-specific patches. The system boots just fine with >> tboot in the grub menu: >> >> title TBOOT + Ubuntu 8.10, kernel 2.6.27.2jm1 >> uuid a8d5e68a-d490-4035-9877-0a0d25ea047f >> kernel /boot/tboot.gz >> module /boot/vmlinuz-2.6.27.2jm1 >> root=UUID=a8d5e68a-d490-4035-9877-0a0d25ea047f ro crashker >> nel=384M-2G:64M@16M,2G-:128M@16M >> module /boot/initrd.img-2.6.27.2jm1 >> module /boot/GM45_PM45_SINIT_19.BIN >> boot >> >> But this is a Lenovo T400 laptop with no serial port and I can't tell >> if tboot does anything or not. >> >> Thanks for any help you can provide, >> -Jon >> >> >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> tboot-devel mailing list >> tbo...@li... >> https://lists.sourceforge.net/lists/listinfo/tboot-devel >> > > |
|
From: Wang, S. <sha...@in...> - 2009-01-04 03:03:34
|
I guess this is because of some chaos of linux kernel build environment in the header files. Please try the patch attached and build again. Shane Jonathan M. McCune wrote: > Hello list, > > I grabbed the latest tboot from mercurial: > > hg clone http://www.bughost.org/repos.hg/tboot.hg > > I edited tboot.hg/txt-test/Makefile to set these directories (and > uncommented the MOD_TARGET line): > > LINUX_BASE_DIR = /usr/src/linux > LINUX_BUILD_DIR = /usr/src/linux > LINUX_SRC_DIR = /usr/src/linux > > Make then fails as follows: > > # make > gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 > -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c txt-stat.c -o > txt-stat.o gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing > -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 txt-stat.o -o > txt-stat gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing > -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c acminfo.c -o > acminfo.o gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing > -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 acminfo.o -o > acminfo make -C /usr/src/linux M=/root/tboot.hg/txt-test modules > make[1]: Entering directory `/usr/src/linux-source-2.6.27' > CC [M] /root/tboot.hg/txt-test/txt-test.o > In file included from include/linux/kernel.h:12, > from include/linux/delay.h:10, > from /root/tboot.hg/txt-test/txt-test.c:39: > include/linux/stddef.h:16: error: expected identifier before numeric > constant > In file included from include/linux/kernel.h:13, > from include/linux/delay.h:10, > from /root/tboot.hg/txt-test/txt-test.c:39: > include/linux/types.h:33: error: two or more data types in declaration > specifiers > include/linux/types.h:33: warning: useless type name in empty > declaration In file included from > /root/tboot.hg/txt-test/txt-test.c:49: > /root/tboot.hg/txt-test/../include/config.h:69:1: warning: "__packed" > redefined > In file included from include/linux/compiler-gcc4.h:6, > from include/linux/compiler.h:40, > from include/linux/linkage.h:4, > from include/linux/kernel.h:11, > from include/linux/delay.h:10, > from /root/tboot.hg/txt-test/txt-test.c:39: > include/linux/compiler-gcc.h:43:1: warning: this is the location of > the previous definition > make[2]: *** [/root/tboot.hg/txt-test/txt-test.o] Error 1 > make[1]: *** [_module_/root/tboot.hg/txt-test] Error 2 > make[1]: Leaving directory `/usr/src/linux-source-2.6.27' > make: *** [txt-test.ko] Error 2 > > > > > # gcc -v > Using built-in specs. > Target: i486-linux-gnu > Configured with: ../src/configure -v --with-pkgversion='Ubuntu > 4.3.2-1ubuntu11' > --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs > --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr > --enable-shared --with-system-zlib --libexecdir=/usr/lib > --without-included-gettext --enable-threads=posix --enable-nls > --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 > --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc > --enable-mpfr --enable-targets=all --enable-checking=release > --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu > Thread model: posix > gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu11) > > # hg tip > changeset: 111:e009b057d5b0 > tag: tip > user: Joseph Cihula <jos...@in...> > date: Fri Jan 02 22:04:28 2009 -0800 > summary: Fixed bug with command line handling in S3; added > rollback attack protections to S3 > > I'm using a custom-compiled 2.6.27 from Ubuntu 8.10, but I have not > done any tboot-specific patches. The system boots just fine with > tboot in the grub menu: > > title TBOOT + Ubuntu 8.10, kernel 2.6.27.2jm1 > uuid a8d5e68a-d490-4035-9877-0a0d25ea047f > kernel /boot/tboot.gz > module /boot/vmlinuz-2.6.27.2jm1 > root=UUID=a8d5e68a-d490-4035-9877-0a0d25ea047f ro crashker > nel=384M-2G:64M@16M,2G-:128M@16M > module /boot/initrd.img-2.6.27.2jm1 > module /boot/GM45_PM45_SINIT_19.BIN > boot > > But this is a Lenovo T400 laptop with no serial port and I can't tell > if tboot does anything or not. > > Thanks for any help you can provide, > -Jon > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Jonathan M. M. <jon...@cm...> - 2009-01-03 22:15:22
|
Hello list, I grabbed the latest tboot from mercurial: hg clone http://www.bughost.org/repos.hg/tboot.hg I edited tboot.hg/txt-test/Makefile to set these directories (and uncommented the MOD_TARGET line): LINUX_BASE_DIR = /usr/src/linux LINUX_BUILD_DIR = /usr/src/linux LINUX_SRC_DIR = /usr/src/linux Make then fails as follows: # make gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c txt-stat.c -o txt-stat.o gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 txt-stat.o -o txt-stat gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 -c acminfo.c -o acminfo.o gcc -Wall -Werror -Wstrict-prototypes -fno-strict-aliasing -O2 -std=gnu99 -Wno-array-bounds -m32 -march=i686 acminfo.o -o acminfo make -C /usr/src/linux M=/root/tboot.hg/txt-test modules make[1]: Entering directory `/usr/src/linux-source-2.6.27' CC [M] /root/tboot.hg/txt-test/txt-test.o In file included from include/linux/kernel.h:12, from include/linux/delay.h:10, from /root/tboot.hg/txt-test/txt-test.c:39: include/linux/stddef.h:16: error: expected identifier before numeric constant In file included from include/linux/kernel.h:13, from include/linux/delay.h:10, from /root/tboot.hg/txt-test/txt-test.c:39: include/linux/types.h:33: error: two or more data types in declaration specifiers include/linux/types.h:33: warning: useless type name in empty declaration In file included from /root/tboot.hg/txt-test/txt-test.c:49: /root/tboot.hg/txt-test/../include/config.h:69:1: warning: "__packed" redefined In file included from include/linux/compiler-gcc4.h:6, from include/linux/compiler.h:40, from include/linux/linkage.h:4, from include/linux/kernel.h:11, from include/linux/delay.h:10, from /root/tboot.hg/txt-test/txt-test.c:39: include/linux/compiler-gcc.h:43:1: warning: this is the location of the previous definition make[2]: *** [/root/tboot.hg/txt-test/txt-test.o] Error 1 make[1]: *** [_module_/root/tboot.hg/txt-test] Error 2 make[1]: Leaving directory `/usr/src/linux-source-2.6.27' make: *** [txt-test.ko] Error 2 # gcc -v Using built-in specs. Target: i486-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.3.2-1ubuntu11' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --enable-targets=all --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu Thread model: posix gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu11) # hg tip changeset: 111:e009b057d5b0 tag: tip user: Joseph Cihula <jos...@in...> date: Fri Jan 02 22:04:28 2009 -0800 summary: Fixed bug with command line handling in S3; added rollback attack protections to S3 I'm using a custom-compiled 2.6.27 from Ubuntu 8.10, but I have not done any tboot-specific patches. The system boots just fine with tboot in the grub menu: title TBOOT + Ubuntu 8.10, kernel 2.6.27.2jm1 uuid a8d5e68a-d490-4035-9877-0a0d25ea047f kernel /boot/tboot.gz module /boot/vmlinuz-2.6.27.2jm1 root=UUID=a8d5e68a-d490-4035-9877-0a0d25ea047f ro crashker nel=384M-2G:64M@16M,2G-:128M@16M module /boot/initrd.img-2.6.27.2jm1 module /boot/GM45_PM45_SINIT_19.BIN boot But this is a Lenovo T400 laptop with no serial port and I can't tell if tboot does anything or not. Thanks for any help you can provide, -Jon |
|
From: Cihula, J. <jos...@in...> - 2008-12-18 19:52:14
|
This is my error in reading the specs. The GS45 *does* support Intel(R) TXT and I'll update the SINIT package accordingly. Sorry for the confusion. Joe > -----Original Message----- > From: Jonathan M. McCune [mailto:jon...@cm...] > Sent: Tuesday, December 16, 2008 12:57 PM > To: Cihula, Joseph > Cc: tbo...@li... > Subject: Re: [tboot-devel] GS45 chipset support? > > Ah, so even if the system says vPro, it is not guaranteed to support TXT? > > Thanks, > -Jon > > > Cihula, Joseph wrote: > > The GS45 does not support Intel(R) TXT. > > > > Joe > > > > > > |
|
From: Jonathan M. M. <jon...@cm...> - 2008-12-16 20:57:40
|
Ah, so even if the system says vPro, it is not guaranteed to support TXT? Thanks, -Jon Cihula, Joseph wrote: > The GS45 does not support Intel(R) TXT. > > Joe > > > |
|
From: Cihula, J. <jos...@in...> - 2008-12-16 20:54:09
|
> From: Jonathan M. McCune [mailto:jon...@cm...] > Sent: Tuesday, December 16, 2008 7:20 AM > > Hello list, > > What is the difference between the GS45 and GM45 chipsets? I.e., will > the GM45 sinit module work on a system with the GS45 chipset? If not, > are there plans to release an sinit module for the GS45 chipset? > > I looked here > (http://www.intel.com/Products/Notebook/Chipsets/GS45/GS45-overview.htm) > and here > (http://www.intel.com/products/notebook/chipsets/gm45/gm45-overview.htm) > and they look quite similar. > > Thanks, > -Jon Unfortunately, the Intel web site doesn't do the best job of making the differences in products clear. According to one of our support folks, the GS45 is for Small Form Factor systems and it only supports 800 and 1066MHZ FSBs and does not support dual independent displays. The GM45 is for regular form factor systems and supports 667/800/and 1066MHz FSBs. There are other differences as well. The GS45 does not support Intel(R) TXT. Joe |
|
From: Jonathan M. M. <jon...@cm...> - 2008-12-16 15:20:12
|
Hello list, What is the difference between the GS45 and GM45 chipsets? I.e., will the GM45 sinit module work on a system with the GS45 chipset? If not, are there plans to release an sinit module for the GS45 chipset? I looked here (http://www.intel.com/Products/Notebook/Chipsets/GS45/GS45-overview.htm) and here (http://www.intel.com/products/notebook/chipsets/gm45/gm45-overview.htm) and they look quite similar. Thanks, -Jon |
|
From: Do, T. T. <td...@sw...> - 2008-12-09 20:32:00
|
I was unable to get Intel TXT working on this system. I have emailed the vendor for support. Thanks, --Tam Do ________________________________ From: Do, Tam T. [mailto:ta...@sw...] Sent: Tuesday, December 09, 2008 8:06 AM To: Cihula, Joseph; Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems The system is advertised as supporting Intel vPRO which can be accessed when you build the computer. The Intel TXT option is available in the bios screen, but only recently support has been added (as of bios version A06). I'll try updating the bios to see if this gets us anywhere. --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 6:28 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems Are you sure that this system supports TXT? I don't see anything on the Web indicating that it does-do you have a TXT BIOS option (I also don't see the TXT-related TPM NV indices)? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 3:53 PM To: Cihula, Joseph; tbo...@li... Subject: RE: tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Martin T. <ma...@th...> - 2008-12-09 14:50:48
|
Great :) I remember in the past getting some strange error when I
tried to use Xen (without TXT) with TXT enabled in the BIOS - I think
it was something like that virtualization was not enabled (which makes
sense given the way the bit was previously documentet in the IA32
manuals - before TXT was introduced). The reason I wrote before was
just to say that the problem may be more common than one might think
(I actually thought it was a bug in the BIOS for my specific board but
as far as I remember someone wrote it was the same in Intel's own
boards).
Best regards,
Martin Thiim
On Tue, Dec 9, 2008 at 11:55 AM, Ross Philipson
<Ros...@ci...> wrote:
> I hadn't seen that thread - I probably joined more recently than that. I
> agree that it is a perfectly valid configuration set by the vendor BIOS -
> though a bit annoying ;) The only thing we did was to modify Xen a bit to
> print out a more useful message about why it couldn't enable VMX - like
> "check to see if TXT is enabled".
>
> Thanks
> Ross
> ________________________________
> From: Martin Thiim [mailto:ma...@th...]
> Sent: Tue 12/9/2008 3:37 AM
> To: Ross Philipson
> Subject: Re: [tboot-devel] tboot policy problems
>
> Ok, I made a similar observation earlier this year and wrote to the
> list ("Question on feature control bits and some observations") and
> was told that this was actually the "standard" way that BIOS'es should
> handle it (i.e. enabling TXT should disable use of virtualization
> outside of TXT). It is annoying for TXT testers that would also like
> to run a VMWare with hardware acceleration, that's for sure ;) But it
> is up to the BIOS, how it configures the feature control MSR.
>
> Best regards,
>
> Martin Thiim
>
>
> On Tue, Dec 9, 2008 at 1:40 AM, Ross Philipson
> <Ros...@ci...> wrote:
>>> When booting xen there is a message which flashes by about disabling TXT.
>>> Additionally it seems I am unable to run HVM domains with TXT enabled in
>>> the bios.
>>
>> Yeah I think we added that message in Xen a few months back. We saw that
>> on
>> certain platforms the BIOS was setting up the MSR feature bits to where if
>> you had TXT enabled you had to enter SMX mode to enable VMX mode. It was
>> definitely something OEM BIOS specific - I saw it on a Dell 755.
>>
>> Thanks
>> Ross
>> ________________________________
>> From: Do, Tam T. [mailto:td...@sw...]
>> Sent: Mon 12/8/2008 6:53 PM
>> To: Cihula, Joseph; tbo...@li...
>> Subject: Re: [tboot-devel] tboot policy problems
>>
>> Yes I have already taken ownership auth of the tpm.
>>
>>
>>
>> I get the following output when I run tpmnv_getcap:
>>
>>
>>
>> The response data is:
>>
>> 01 00 00 40 02 00 00 20
>>
>>
>>
>> 2 indices have been defined
>>
>> list of indices for defined NV storage areas:
>>
>> 0x01000040 0x02000020
>>
>>
>>
>> I have also noticed a few strange things about my machine… When booting
>> xen
>> there is a message which flashes by about disabling TXT. Additionally it
>> seems I am unable to run HVM domains with TXT enabled in the bios. This
>> may
>> be a problem with the vendor's bios as this system is fairly new… I will
>> attempt to update the bios to version A09 from A06 and will update you on
>> the results if any different.
>>
>>
>>
>> Thanks,
>>
>>
>>
>> --Tam Do
>>
>>
>>
>> ________________________________
>>
>> From: Cihula, Joseph [mailto:jos...@in...]
>> Sent: Monday, December 08, 2008 3:43 PM
>> To: Do, Tam T.; tbo...@li...
>> Subject: RE: tboot policy problems
>>
>>
>>
>> And you've taken ownership and set the owner auth to "TPM-password"? What
>> do you get if you run tpmnv_getcap?
>>
>>
>>
>> Joe
>>
>>
>>
>> From: Do, Tam T. [mailto:td...@sw...]
>> Sent: Monday, December 08, 2008 10:38 AM
>> To: tbo...@li...
>> Subject: Re: [tboot-devel] tboot policy problems
>>
>>
>>
>> Dell Latitude E6500
>>
>>
>>
>> Linux 2.6.18.18.8-xen (unstable build)
>>
>>
>>
>> --Tam Do
>>
>>
>>
>>
>>
>> ________________________________
>>
>> From: Cihula, Joseph [mailto:jos...@in...]
>> Sent: Monday, December 08, 2008 11:44 AM
>> To: Do, Tam T.; tbo...@li...
>> Subject: RE: tboot policy problems
>>
>>
>>
>> What model is your computer and what version of Linux are you using?
>>
>>
>>
>> Joe
>>
>>
>>
>> From: Do, Tam T. [mailto:td...@sw...]
>> Sent: Monday, December 08, 2008 9:00 AM
>> To: tbo...@li...
>> Cc: Cihula, Joseph
>> Subject: tboot policy problems
>>
>>
>>
>>> I am running into some problems with the tpm when following the steps
>>
>>> in /docs/policy.txt to set up a default policy.
>>
>>>
>>
>>> When I reach the step Define tboot error TPM NV index: and enter the
>>
>>> command
>>
>>>
>>
>>> tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p
>>
>>> TPM-password
>>
>>>
>>
>>> I receive the following error:
>>
>>>
>>
>>> Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command
>>
>>> DefIndex failed:
>>
>>> TSS API failed
>>
>>
>>
>> I have verified that the tpm_tis driver has been properly loaded and the
>> pcrs file contains non-0 values.
>>
>>
>>
>> When running trousers in the foreground with debug options enabled I
>> receive
>> the following output:
>>
>>
>>
>> TCSD TDDL ioctl: (25) Inappropriate ioctl for device
>>
>> TCSD TDDL Falling back to Read/Write device support.
>>
>> TCSD trousers 0.3.1: TCSD up and running
>>
>>
>>
>> Thanks,
>>
>>
>>
>> --Tam Do
>>
>>
>> ------------------------------------------------------------------------------
>> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas,
>> Nevada.
>> The future of the web can't happen without you. Join us at MIX09 to help
>> pave the way to the Next Web now. Learn more and register at
>>
>> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
>> _______________________________________________
>> tboot-devel mailing list
>> tbo...@li...
>> https://lists.sourceforge.net/lists/listinfo/tboot-devel
>>
>>
>
|
|
From: Ross P. <Ros...@ci...> - 2008-12-09 14:16:11
|
I was referred to an earlier thread where this was discussed: "Question on feature control bits and some observations". I was not implying that this was a bug or a mis-configuration; it is a valid configuration for the BIOS to setup. I have only seen it on one platform so far. We put the message in Xen just to give people a hint as to why Xen failed to enter VMX mode. I don't think there is a way around it other than turning TXT on and off depending on what you are doing. Thanks Ross From: Do, Tam T. [mailto:td...@sw...] Sent: Tuesday, December 09, 2008 9:08 AM To: Ross Philipson; Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] tboot policy problems If this is the case, Is there an easy way to enable running HVM domains with TXT enabled? --Tam Do ________________________________ From: Ross Philipson [mailto:Ros...@ci...] Sent: Monday, December 08, 2008 6:40 PM To: Do, Tam T.; Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] tboot policy problems > When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. Yeah I think we added that message in Xen a few months back. We saw that on certain platforms the BIOS was setting up the MSR feature bits to where if you had TXT enabled you had to enter SMX mode to enable VMX mode. It was definitely something OEM BIOS specific - I saw it on a Dell 755. Thanks Ross ________________________________ From: Do, Tam T. [mailto:td...@sw...] Sent: Mon 12/8/2008 6:53 PM To: Cihula, Joseph; tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Do, T. T. <td...@sw...> - 2008-12-09 14:07:52
|
If this is the case, Is there an easy way to enable running HVM domains with TXT enabled? --Tam Do ________________________________ From: Ross Philipson [mailto:Ros...@ci...] Sent: Monday, December 08, 2008 6:40 PM To: Do, Tam T.; Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] tboot policy problems > When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. Yeah I think we added that message in Xen a few months back. We saw that on certain platforms the BIOS was setting up the MSR feature bits to where if you had TXT enabled you had to enter SMX mode to enable VMX mode. It was definitely something OEM BIOS specific - I saw it on a Dell 755. Thanks Ross ________________________________ From: Do, Tam T. [mailto:td...@sw...] Sent: Mon 12/8/2008 6:53 PM To: Cihula, Joseph; tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Do, T. T. <td...@sw...> - 2008-12-09 14:05:58
|
The system is advertised as supporting Intel vPRO which can be accessed when you build the computer. The Intel TXT option is available in the bios screen, but only recently support has been added (as of bios version A06). I'll try updating the bios to see if this gets us anywhere. --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 6:28 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems Are you sure that this system supports TXT? I don't see anything on the Web indicating that it does-do you have a TXT BIOS option (I also don't see the TXT-related TPM NV indices)? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 3:53 PM To: Cihula, Joseph; tbo...@li... Subject: RE: tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Cihula, J. <jos...@in...> - 2008-12-09 01:29:53
|
Are you sure that this system supports TXT? I don't see anything on the Web indicating that it does-do you have a TXT BIOS option (I also don't see the TXT-related TPM NV indices)? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 3:53 PM To: Cihula, Joseph; tbo...@li... Subject: RE: tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Ross P. <Ros...@ci...> - 2008-12-09 00:40:57
|
> When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. Yeah I think we added that message in Xen a few months back. We saw that on certain platforms the BIOS was setting up the MSR feature bits to where if you had TXT enabled you had to enter SMX mode to enable VMX mode. It was definitely something OEM BIOS specific - I saw it on a Dell 755. Thanks Ross ________________________________ From: Do, Tam T. [mailto:td...@sw...] Sent: Mon 12/8/2008 6:53 PM To: Cihula, Joseph; tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Do, T. T. <td...@sw...> - 2008-12-08 23:53:33
|
Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Cihula, J. <jos...@in...> - 2008-12-08 22:07:47
|
And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Do, T. T. <td...@sw...> - 2008-12-08 18:38:05
|
Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Cihula, J. <jos...@in...> - 2008-12-08 17:44:11
|
What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Do, T. T. <td...@sw...> - 2008-12-08 17:17:33
|
> I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
|
From: Jonathan M. M. <jon...@cm...> - 2008-12-05 13:45:07
|
Can anybody confirm that tboot did (not should :-) work on one of these systems, nevermind the Linux TPM driver? Thanks, -Jon Ross Philipson wrote: > > "default time out" values should be set before call request_locality() > > in tpm_tis_init function. > I saw that too and modified something to get the driver to load. Dang, > I should have written down what I was doing at the time. > > Ross > > > ------------------------------------------------------------------------ > *From:* Seiji Munetoh [mailto:sei...@gm...] > *Sent:* Thu 12/4/2008 5:41 AM > *To:* Ross Philipson > *Cc:* Cihula, Joseph; tbo...@li...; tpmdd-devel; > Marcin Obara > *Subject:* Re: [tboot-devel] [tpmdd-devel] TPM driver problem on GM45 > > Hi Ross, > > On Tue, Dec 2, 2008 at 10:44 PM, Ross Philipson > <Ros...@ci...> wrote: > > Yeah, I saw the same thing when I was trying to get it to work. I forced > > it to load and saw the status check fail in the debugger. I think I > > tried working around issue at the time by ignoring the status but > > something failed downstream and I couldn't use the iTPM even though the > > driver loaded and ready. Did you actually try sending it work to do - > > you may find it still doesn't work? Anyway it was a while ago so I don't > > remember all the details. > > I can take the ownership of iTPM, but don't run testsuite. > > I have take a look the tpm_tis code a bit more. > "default time out" values should be set before call request_locality() > in tpm_tis_init function. > This is the reason why first modprobe with force=1 is fail. > > regards, > Seiji > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > ------------------------------------------------------------------------ > > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel > |
|
From: Ross P. <Ros...@ci...> - 2008-12-04 12:36:39
|
> "default time out" values should be set before call request_locality() > in tpm_tis_init function. I saw that too and modified something to get the driver to load. Dang, I should have written down what I was doing at the time. Ross ________________________________ From: Seiji Munetoh [mailto:sei...@gm...] Sent: Thu 12/4/2008 5:41 AM To: Ross Philipson Cc: Cihula, Joseph; tbo...@li...; tpmdd-devel; Marcin Obara Subject: Re: [tboot-devel] [tpmdd-devel] TPM driver problem on GM45 Hi Ross, On Tue, Dec 2, 2008 at 10:44 PM, Ross Philipson <Ros...@ci...> wrote: > Yeah, I saw the same thing when I was trying to get it to work. I forced > it to load and saw the status check fail in the debugger. I think I > tried working around issue at the time by ignoring the status but > something failed downstream and I couldn't use the iTPM even though the > driver loaded and ready. Did you actually try sending it work to do - > you may find it still doesn't work? Anyway it was a while ago so I don't > remember all the details. I can take the ownership of iTPM, but don't run testsuite. I have take a look the tpm_tis code a bit more. "default time out" values should be set before call request_locality() in tpm_tis_init function. This is the reason why first modprobe with force=1 is fail. regards, Seiji |
|
From: Seiji M. <sei...@gm...> - 2008-12-04 10:41:39
|
Hi Ross, On Tue, Dec 2, 2008 at 10:44 PM, Ross Philipson <Ros...@ci...> wrote: > Yeah, I saw the same thing when I was trying to get it to work. I forced > it to load and saw the status check fail in the debugger. I think I > tried working around issue at the time by ignoring the status but > something failed downstream and I couldn't use the iTPM even though the > driver loaded and ready. Did you actually try sending it work to do - > you may find it still doesn't work? Anyway it was a while ago so I don't > remember all the details. I can take the ownership of iTPM, but don't run testsuite. I have take a look the tpm_tis code a bit more. "default time out" values should be set before call request_locality() in tpm_tis_init function. This is the reason why first modprobe with force=1 is fail. regards, Seiji |
15 messages has been excluded from this view by a project administrator.
