Menu
▾
▴
tboot-devel
|
From: Cihula, J. <jos...@in...> - 2008-10-03 22:19:27
|
As some people noticed, the recent "upgrade" of SourceForge broke the tboot mercurial repo. Since mercurial is not an officially supported SCM, and there is no longer shell access, I don't see how to fix it on SourceForge. So I have moved the repo to a new site: http://www.bughost.org/repos.hg/tboot.hg It contains all of the previous repo's history, etc. Let me know if there are any problems accessing it. Joe |
|
From: Lil E. <Lil...@gm...> - 2008-10-06 14:02:32
Attachments:
installed_policy.txt
tboot_output.txt
|
Hi, I ve been playing with the new repo straight away. seems that elf_defns.h got lost in revision 84, hence compilation fails. using old header file seems to work fine. However, verifying against policy fails. after debugging it seems PCR18 is initially not 0x0 and therefore gets extended with wrong values. debug just outs me the PCR value before extending. TBOOT: verifying module "/xen.gz iommu=1 dom0_mem=1024mb com1=1115200,8n1 console=vga,com1"... TBOOT: debug2: 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 TBOOT: debug3: 93 40 0a e2 86 6b 8a a3 5e f2 70 93 8f 2d a2 48 4b a5 a5 93 TBOOT: debug4: 93 40 0a e2 86 6b 8a a3 5e f2 70 93 8f 2d a2 48 4b a5 a5 93 Hence, I experience a policy mismatch every time. Cheers lIl -------- Original-Nachricht -------- > Datum: Fri, 3 Oct 2008 15:18:43 -0700 > Von: "Cihula, Joseph" <jos...@in...> > An: tbo...@li... > Betreff: [tboot-devel] new location for mercurial repo > As some people noticed, the recent "upgrade" of SourceForge broke the > tboot mercurial repo. Since mercurial is not an officially supported > SCM, and there is no longer shell access, I don't see how to fix it on > SourceForge. > > So I have moved the repo to a new site: > http://www.bughost.org/repos.hg/tboot.hg > > It contains all of the previous repo's history, etc. > > Let me know if there are any problems accessing it. > > Joe > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel -- GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! Jetzt dabei sein: http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx |
|
From: Cihula, J. <jos...@in...> - 2008-10-07 19:24:23
|
> From: Lil Evil [mailto:Lil...@gm...] > Sent: Monday, October 06, 2008 6:58 AM > > Hi, > > I ve been playing with the new repo straight away. > seems that elf_defns.h got lost in revision 84, hence compilation > fails. using old header file seems to work fine. Try the current tip. Some files got moved around when Linux support was added. I did a clean pull and it built fine. > However, verifying against policy fails. > after debugging it seems PCR18 is initially not 0x0 and therefore gets > extended with wrong values. The dynamic PCRs are set to all Fs on platform reset and only get cleared to 0s on initiation of a DRTM (e.g. SENTER). So if they are really not 0s before being extended then that would mean that the SENTER failed. And the code should not even try to extend them if SENTER fails. > debug just outs me the PCR value before extending. > > TBOOT: verifying module "/xen.gz iommu=1 dom0_mem=1024mb > com1=1115200,8n1 console=vga,com1"... > TBOOT: debug2: 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00 00 > 00 00 > TBOOT: debug3: 93 40 0a e2 86 6b 8a a3 5e f2 70 93 8f 2d a2 48 4b a5 > a5 93 > TBOOT: debug4: 93 40 0a e2 86 6b 8a a3 5e f2 70 93 8f 2d a2 48 4b a5 > a5 93 > > Hence, I experience a policy mismatch every time. The policy format has changed as of a month or so ago and the policy code got a lot of cleanup. Try with the current tip. > > Cheers > lIl > > > > -------- Original-Nachricht -------- > > Datum: Fri, 3 Oct 2008 15:18:43 -0700 > > Von: "Cihula, Joseph" <jos...@in...> > > An: tbo...@li... > > Betreff: [tboot-devel] new location for mercurial repo > > > As some people noticed, the recent "upgrade" of SourceForge broke the > > tboot mercurial repo. Since mercurial is not an officially supported > > SCM, and there is no longer shell access, I don't see how to fix it > on > > SourceForge. > > > > So I have moved the repo to a new site: > > http://www.bughost.org/repos.hg/tboot.hg > > > > It contains all of the previous repo's history, etc. > > > > Let me know if there are any problems accessing it. > > > > Joe > > > > --------------------------------------------------------------------- > - > > --- This SF.Net email is sponsored by the Moblin Your Move > Developer's > > challenge Build the coolest Linux based applications with Moblin SDK > & > > win great prizes Grand prize is a trip for two to an Open Source > event > > anywhere in the world > > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > -- > GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! > Jetzt dabei sein: > http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx |
|
From: Lil E. <Lil...@gm...> - 2008-10-08 09:13:25
|
1) Compilation to reproduce the compilation error, I did the following: [root@lil staging] hg clone http://www.bughost.org/repos.hg/tboot.hg destination directory: tboot.hg requesting all changes adding changesets adding manifests adding file changes added 91 changesets with 393 changes to 122 files updating working directory 118 files updated, 0 files merged, 0 files removed, 0 files unresolved [root@lil staging] cd tboot.hg [root@lil tboot.hg] make ... <compile> ... mlehash.c:47:34: error: ../include/elf_defns.h: No such file or directory [root@lil tboot.hg]# ls -la include/elf_defns.h ls: cannot access include/elf_defns.h: No such file or directory [root@lil tboot.hg]# hg reports the following changeset: changeset: 90:5d19b96f7c0e tag: tip user: Joseph Cihula <jos...@in...> date: Tue Oct 07 12:03:27 2008 -0700 summary: Added hg repo location to README I tried two different machines on different networks, same error. which changeset are you on? 2) I already adopted to the new policy format already, as I have been playing around with the mercurial repository a while ago. The debug line I added, just prints out the PCR before extending. I was a little bit surprised to see a none 0 row there. Something is fishy, either with me, or the build :) here is my policy gen script, btw: modprobe tpm_tis tcsd rm -rf mle_hash lcp.pol vl.pol #create hash of tboot lcp_mlehash /boot/tboot.gz > mle_hash # transform hash into policy lcp_crtpol -t hashonly -m mle_hash -o lcp.pol XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb com1=1115200,8n1 console=vga,com1" KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro root=/dev/VolGroup01/LogVol01 rhgb pciback.hide=(00:1d.7)(00:1d.1)" TPM_PW="" date > verbose.txt #create launch policy of the VMM tb_polgen --create --type nonfatal vl.pol tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$XENLINE" --image /boot/xen.gz vl.pol --verbose >> verbose.txt tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" --image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> verbose.txt tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image /boot/initrd-2.6.18.8-xen_unstable.img vl.pol --verbose >> verbose.txt #write policy lcp_writepol -i owner -f lcp.pol -p lcp_writepol -i 0x20000001 -f vl.pol -p 3) I also noticed with the stable tboot, on a reboot the GETSEC[SEXIT] command is not broadcasted. It is however on a shutdown. Just to let you know where I am standing at the moment. Cheers lIl -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer |
|
From: Cihula, J. <jos...@in...> - 2008-10-08 18:30:18
|
> From: Lil Evil [mailto:Lil...@gm...] > Sent: Wednesday, October 08, 2008 2:11 AM > > 1) Compilation > to reproduce the compilation error, I did the following: > > [root@lil staging] hg clone http://www.bughost.org/repos.hg/tboot.hg > destination directory: tboot.hg > requesting all changes > adding changesets > adding manifests > adding file changes > added 91 changesets with 393 changes to 122 files > updating working directory > 118 files updated, 0 files merged, 0 files removed, 0 files unresolved > [root@lil staging] cd tboot.hg > [root@lil tboot.hg] make > ... > <compile> > ... > > mlehash.c:47:34: error: ../include/elf_defns.h: No such file or > directory > > > [root@lil tboot.hg]# ls -la include/elf_defns.h > ls: cannot access include/elf_defns.h: No such file or directory > [root@lil tboot.hg]# > > hg reports the following changeset: > > changeset: 90:5d19b96f7c0e > tag: tip > user: Joseph Cihula <jos...@in...> > date: Tue Oct 07 12:03:27 2008 -0700 > summary: Added hg repo location to README > > I tried two different machines on different networks, same error. > which changeset are you on? OK, my bad (I only re-built tboot and not the tools). I have fixed this in the tip and uploaded a new tarfile. > 2) I already adopted to the new policy format already, as I have been > playing around with the mercurial repository a while ago. > The debug line I added, just prints out the PCR before extending. I was > a little bit surprised to see a none 0 row there. > Something is fishy, either with me, or the build :) > > here is my policy gen script, btw: > > modprobe tpm_tis > tcsd > rm -rf mle_hash lcp.pol vl.pol > > > #create hash of tboot > lcp_mlehash /boot/tboot.gz > mle_hash > > # transform hash into policy > lcp_crtpol -t hashonly -m mle_hash -o lcp.pol > > XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb > com1=1115200,8n1 console=vga,com1" > KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro root=/dev/VolGroup01/LogVol01 > rhgb pciback.hide=(00:1d.7)(00:1d.1)" > TPM_PW="" The new policy code strips the module name from the module string provided by GRUB so that location isn't part of the measurement (which it shouldn't be). Thus, you should not have '/xen.gz ' or '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. > #create launch policy of the VMM > tb_polgen --create --type nonfatal vl.pol > > tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$XENLINE" -- > image /boot/xen.gz vl.pol --verbose >> verbose.txt > tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" -- > image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> > verbose.txt > tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image > /boot/initrd-2.6.18.8-xen_unstable.img vl.pol --verbose >> verbose.txt > > #write policy > lcp_writepol -i owner -f lcp.pol -p > lcp_writepol -i 0x20000001 -f vl.pol -p > > > 3) I also noticed with the stable tboot, on a reboot the GETSEC[SEXIT] > command is not broadcasted. > It is however on a shutdown. When you say "broadcasted" do you mean it doesn't appear on the serial output? That is likely just due to buffering and when/how the platform actually disables the serial port. If SEXIT were not done, the system could not reboot successfully (it would TXT_RESET and then the subsequent boot could not launch TXT until a power cycle). > Just to let you know where I am standing at the moment. Thanks for your comments and we'll try to keep things fixed up better. > Cheers > lIl > > -- > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer |
|
From: Lil E. <Lil...@gm...> - 2008-10-09 10:23:31
|
Hi, okay verification works now fine. Must have skipped that part in the README :). I said broadcasted, because I assumed that it hasn't indeed been broadcasted. Meaning it didn't show up on the serial console. As I said it showed up during powering off, but not during rebooting. However, if I issue a reboot, the machine will hang with no screen at all. Only a hard reset brings it back to life. Hence, I assumed that TXT is protecting the machine, because it hasn't successfully issued SEXIT. But, it also could be an issue of my machine's BIOS, as I already encountered some. I keep on playing around and let you know what's happening. Cheers lIl -------- Original-Nachricht -------- > Datum: Wed, 8 Oct 2008 11:26:51 -0700 > Von: "Cihula, Joseph" <jos...@in...> > An: "Lil Evil" <Lil...@gm...>, tbo...@li... > Betreff: RE: [tboot-devel] new location for mercurial repo > > From: Lil Evil [mailto:Lil...@gm...] > > Sent: Wednesday, October 08, 2008 2:11 AM > > > > 1) Compilation > > to reproduce the compilation error, I did the following: > > > > [root@lil staging] hg clone http://www.bughost.org/repos.hg/tboot.hg > > destination directory: tboot.hg > > requesting all changes > > adding changesets > > adding manifests > > adding file changes > > added 91 changesets with 393 changes to 122 files > > updating working directory > > 118 files updated, 0 files merged, 0 files removed, 0 files unresolved > > [root@lil staging] cd tboot.hg > > [root@lil tboot.hg] make > > ... > > <compile> > > ... > > > > mlehash.c:47:34: error: ../include/elf_defns.h: No such file or > > directory > > > > > > [root@lil tboot.hg]# ls -la include/elf_defns.h > > ls: cannot access include/elf_defns.h: No such file or directory > > [root@lil tboot.hg]# > > > > hg reports the following changeset: > > > > changeset: 90:5d19b96f7c0e > > tag: tip > > user: Joseph Cihula <jos...@in...> > > date: Tue Oct 07 12:03:27 2008 -0700 > > summary: Added hg repo location to README > > > > I tried two different machines on different networks, same error. > > which changeset are you on? > > OK, my bad (I only re-built tboot and not the tools). I have fixed this > in the tip and uploaded a new tarfile. > > > 2) I already adopted to the new policy format already, as I have been > > playing around with the mercurial repository a while ago. > > The debug line I added, just prints out the PCR before extending. I was > > a little bit surprised to see a none 0 row there. > > Something is fishy, either with me, or the build :) > > > > here is my policy gen script, btw: > > > > modprobe tpm_tis > > tcsd > > rm -rf mle_hash lcp.pol vl.pol > > > > > > #create hash of tboot > > lcp_mlehash /boot/tboot.gz > mle_hash > > > > # transform hash into policy > > lcp_crtpol -t hashonly -m mle_hash -o lcp.pol > > > > XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb > > com1=1115200,8n1 console=vga,com1" > > KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro root=/dev/VolGroup01/LogVol01 > > rhgb pciback.hide=(00:1d.7)(00:1d.1)" > > TPM_PW="" > > The new policy code strips the module name from the module string provided > by GRUB so that location isn't part of the measurement (which it shouldn't > be). Thus, you should not have '/xen.gz ' or > '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. > > > #create launch policy of the VMM > > tb_polgen --create --type nonfatal vl.pol > > > > tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$XENLINE" -- > > image /boot/xen.gz vl.pol --verbose >> verbose.txt > > tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" -- > > image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> > > verbose.txt > > tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image > > /boot/initrd-2.6.18.8-xen_unstable.img vl.pol --verbose >> verbose.txt > > > > #write policy > > lcp_writepol -i owner -f lcp.pol -p > > lcp_writepol -i 0x20000001 -f vl.pol -p > > > > > > 3) I also noticed with the stable tboot, on a reboot the GETSEC[SEXIT] > > command is not broadcasted. > > It is however on a shutdown. > > When you say "broadcasted" do you mean it doesn't appear on the serial > output? That is likely just due to buffering and when/how the platform > actually disables the serial port. If SEXIT were not done, the system could not > reboot successfully (it would TXT_RESET and then the subsequent boot could > not launch TXT until a power cycle). > > > Just to let you know where I am standing at the moment. > > Thanks for your comments and we'll try to keep things fixed up better. > > > Cheers > > lIl > > > > -- > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer |
|
From: Cihula, J. <jos...@in...> - 2008-10-09 16:49:11
|
> From: Lil Evil [mailto:Lil...@gm...] > Sent: Thursday, October 09, 2008 3:21 AM > > Hi, > > okay verification works now fine. Must have skipped that part in the > README :). > > I said broadcasted, because I assumed that it hasn't indeed been > broadcasted. > Meaning it didn't show up on the serial console. > As I said it showed up during powering off, but not during rebooting. Can you send me the serial output? And what system is this? > However, if I issue a reboot, the machine will hang with no screen at > all. > Only a hard reset brings it back to life. > Hence, I assumed that TXT is protecting the machine, because it hasn't > successfully issued SEXIT. > But, it also could be an issue of my machine's BIOS, as I already > encountered some. This sounds like SEXIT is not finishing. Typical reasons for that are if not all of the CPUs got woken up or if some still had VMX on. > > I keep on playing around and let you know what's happening. > > Cheers > lIl > > > -------- Original-Nachricht -------- > > Datum: Wed, 8 Oct 2008 11:26:51 -0700 > > Von: "Cihula, Joseph" <jos...@in...> > > An: "Lil Evil" <Lil...@gm...>, tbo...@li... > > Betreff: RE: [tboot-devel] new location for mercurial repo > > > > From: Lil Evil [mailto:Lil...@gm...] > > > Sent: Wednesday, October 08, 2008 2:11 AM > > > > > > 1) Compilation > > > to reproduce the compilation error, I did the following: > > > > > > [root@lil staging] hg clone > http://www.bughost.org/repos.hg/tboot.hg > > > destination directory: tboot.hg > > > requesting all changes > > > adding changesets > > > adding manifests > > > adding file changes > > > added 91 changesets with 393 changes to 122 files > > > updating working directory > > > 118 files updated, 0 files merged, 0 files removed, 0 files > unresolved > > > [root@lil staging] cd tboot.hg > > > [root@lil tboot.hg] make > > > ... > > > <compile> > > > ... > > > > > > mlehash.c:47:34: error: ../include/elf_defns.h: No such file or > > > directory > > > > > > > > > [root@lil tboot.hg]# ls -la include/elf_defns.h > > > ls: cannot access include/elf_defns.h: No such file or directory > > > [root@lil tboot.hg]# > > > > > > hg reports the following changeset: > > > > > > changeset: 90:5d19b96f7c0e > > > tag: tip > > > user: Joseph Cihula <jos...@in...> > > > date: Tue Oct 07 12:03:27 2008 -0700 > > > summary: Added hg repo location to README > > > > > > I tried two different machines on different networks, same error. > > > which changeset are you on? > > > > OK, my bad (I only re-built tboot and not the tools). I have fixed > this > > in the tip and uploaded a new tarfile. > > > > > 2) I already adopted to the new policy format already, as I have > been > > > playing around with the mercurial repository a while ago. > > > The debug line I added, just prints out the PCR before extending. I > was > > > a little bit surprised to see a none 0 row there. > > > Something is fishy, either with me, or the build :) > > > > > > here is my policy gen script, btw: > > > > > > modprobe tpm_tis > > > tcsd > > > rm -rf mle_hash lcp.pol vl.pol > > > > > > > > > #create hash of tboot > > > lcp_mlehash /boot/tboot.gz > mle_hash > > > > > > # transform hash into policy > > > lcp_crtpol -t hashonly -m mle_hash -o lcp.pol > > > > > > XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb > > > com1=1115200,8n1 console=vga,com1" > > > KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro > root=/dev/VolGroup01/LogVol01 > > > rhgb pciback.hide=(00:1d.7)(00:1d.1)" > > > TPM_PW="" > > > > The new policy code strips the module name from the module string > provided > > by GRUB so that location isn't part of the measurement (which it > shouldn't > > be). Thus, you should not have '/xen.gz ' or > > '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. > > > > > #create launch policy of the VMM > > > tb_polgen --create --type nonfatal vl.pol > > > > > > tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$XENLINE" > -- > > > image /boot/xen.gz vl.pol --verbose >> verbose.txt > > > tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" - > - > > > image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> > > > verbose.txt > > > tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image > > > /boot/initrd-2.6.18.8-xen_unstable.img vl.pol --verbose >> > verbose.txt > > > > > > #write policy > > > lcp_writepol -i owner -f lcp.pol -p > > > lcp_writepol -i 0x20000001 -f vl.pol -p > > > > > > > > > 3) I also noticed with the stable tboot, on a reboot the > GETSEC[SEXIT] > > > command is not broadcasted. > > > It is however on a shutdown. > > > > When you say "broadcasted" do you mean it doesn't appear on the > serial > > output? That is likely just due to buffering and when/how the > platform > > actually disables the serial port. If SEXIT were not done, the > system could not > > reboot successfully (it would TXT_RESET and then the subsequent boot > could > > not launch TXT until a power cycle). > > > > > Just to let you know where I am standing at the moment. > > > > Thanks for your comments and we'll try to keep things fixed up > better. > > > > > Cheers > > > lIl > > > > > > -- > > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > > > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > -- > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > ----------------------------------------------------------------------- > -- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Lil E. <Lil...@gm...> - 2008-10-20 12:30:40
Attachments:
tboot_poweroff.txt
tboot_reboot.txt
|
-------- Original-Nachricht -------- > Datum: Thu, 9 Oct 2008 09:47:03 -0700 > Von: "Cihula, Joseph" <jos...@in...> > An: "Lil Evil" <Lil...@gm...>, tbo...@li... > Betreff: RE: [tboot-devel] new location for mercurial repo > > From: Lil Evil [mailto:Lil...@gm...] > > Sent: Thursday, October 09, 2008 3:21 AM > > > > Hi, > > > > okay verification works now fine. Must have skipped that part in the > > README :). > > > > I said broadcasted, because I assumed that it hasn't indeed been > > broadcasted. > > Meaning it didn't show up on the serial console. > > As I said it showed up during powering off, but not during rebooting. > > Can you send me the serial output? And what system is this? Machine is a HP DC7800 bios v1.26 tboot stable (version 2008613) and tboot.hg (revision 85), both show the same behaviour. tboot & verfication successful -> reboot doesn't execute getsec[sexit] -> machine hangs ( black screen ) see tboot_reboot.txt -> powerdown does execute getsec[sexit] see tboot_poweroff.txt I can see the getsec[sexit] here... > > > However, if I issue a reboot, the machine will hang with no screen at > > all. > > Only a hard reset brings it back to life. > > Hence, I assumed that TXT is protecting the machine, because it hasn't > > successfully issued SEXIT. > > But, it also could be an issue of my machine's BIOS, as I already > > encountered some. > > This sounds like SEXIT is not finishing. Typical reasons for that are if > not all of the CPUs got woken up or if some still had VMX on. > > > > > I keep on playing around and let you know what's happening. > > > > Cheers > > lIl > > > > > > -------- Original-Nachricht -------- > > > Datum: Wed, 8 Oct 2008 11:26:51 -0700 > > > Von: "Cihula, Joseph" <jos...@in...> > > > An: "Lil Evil" <Lil...@gm...>, tbo...@li... > > > Betreff: RE: [tboot-devel] new location for mercurial repo > > > > > > From: Lil Evil [mailto:Lil...@gm...] > > > > Sent: Wednesday, October 08, 2008 2:11 AM > > > > > > > > 1) Compilation > > > > to reproduce the compilation error, I did the following: > > > > > > > > [root@lil staging] hg clone > > http://www.bughost.org/repos.hg/tboot.hg > > > > destination directory: tboot.hg > > > > requesting all changes > > > > adding changesets > > > > adding manifests > > > > adding file changes > > > > added 91 changesets with 393 changes to 122 files > > > > updating working directory > > > > 118 files updated, 0 files merged, 0 files removed, 0 files > > unresolved > > > > [root@lil staging] cd tboot.hg > > > > [root@lil tboot.hg] make > > > > ... > > > > <compile> > > > > ... > > > > > > > > mlehash.c:47:34: error: ../include/elf_defns.h: No such file or > > > > directory > > > > > > > > > > > > [root@lil tboot.hg]# ls -la include/elf_defns.h > > > > ls: cannot access include/elf_defns.h: No such file or directory > > > > [root@lil tboot.hg]# > > > > > > > > hg reports the following changeset: > > > > > > > > changeset: 90:5d19b96f7c0e > > > > tag: tip > > > > user: Joseph Cihula <jos...@in...> > > > > date: Tue Oct 07 12:03:27 2008 -0700 > > > > summary: Added hg repo location to README > > > > > > > > I tried two different machines on different networks, same error. > > > > which changeset are you on? > > > > > > OK, my bad (I only re-built tboot and not the tools). I have fixed > > this > > > in the tip and uploaded a new tarfile. > > > > > > > 2) I already adopted to the new policy format already, as I have > > been > > > > playing around with the mercurial repository a while ago. > > > > The debug line I added, just prints out the PCR before extending. I > > was > > > > a little bit surprised to see a none 0 row there. > > > > Something is fishy, either with me, or the build :) > > > > > > > > here is my policy gen script, btw: > > > > > > > > modprobe tpm_tis > > > > tcsd > > > > rm -rf mle_hash lcp.pol vl.pol > > > > > > > > > > > > #create hash of tboot > > > > lcp_mlehash /boot/tboot.gz > mle_hash > > > > > > > > # transform hash into policy > > > > lcp_crtpol -t hashonly -m mle_hash -o lcp.pol > > > > > > > > XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb > > > > com1=1115200,8n1 console=vga,com1" > > > > KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro > > root=/dev/VolGroup01/LogVol01 > > > > rhgb pciback.hide=(00:1d.7)(00:1d.1)" > > > > TPM_PW="" > > > > > > The new policy code strips the module name from the module string > > provided > > > by GRUB so that location isn't part of the measurement (which it > > shouldn't > > > be). Thus, you should not have '/xen.gz ' or > > > '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. > > > > > > > #create launch policy of the VMM > > > > tb_polgen --create --type nonfatal vl.pol > > > > > > > > tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$XENLINE" > > -- > > > > image /boot/xen.gz vl.pol --verbose >> verbose.txt > > > > tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" - > > - > > > > image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> > > > > verbose.txt > > > > tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image > > > > /boot/initrd-2.6.18.8-xen_unstable.img vl.pol --verbose >> > > verbose.txt > > > > > > > > #write policy > > > > lcp_writepol -i owner -f lcp.pol -p > > > > lcp_writepol -i 0x20000001 -f vl.pol -p > > > > > > > > > > > > 3) I also noticed with the stable tboot, on a reboot the > > GETSEC[SEXIT] > > > > command is not broadcasted. > > > > It is however on a shutdown. > > > > > > When you say "broadcasted" do you mean it doesn't appear on the > > serial > > > output? That is likely just due to buffering and when/how the > > platform > > > actually disables the serial port. If SEXIT were not done, the > > system could not > > > reboot successfully (it would TXT_RESET and then the subsequent boot > > could > > > not launch TXT until a power cycle). > > > > > > > Just to let you know where I am standing at the moment. > > > > > > Thanks for your comments and we'll try to keep things fixed up > > better. > > > > > > > Cheers > > > > lIl > > > > > > > > -- > > > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > > > > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > > > -- > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > > > ----------------------------------------------------------------------- > > -- > > This SF.Net email is sponsored by the Moblin Your Move Developer's > > challenge > > Build the coolest Linux based applications with Moblin SDK & win great > > prizes > > Grand prize is a trip for two to an Open Source event anywhere in the > > world > > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer |
|
From: Wang, S. <sha...@in...> - 2008-10-21 08:29:55
|
If poweroff can do but reboot can't, it is strange. Can you output Xen messages on the serial port? And by the way, tell me which debug tools are available for you, besides serial port? Lil Evil wrote: > -------- Original-Nachricht -------- >> Datum: Thu, 9 Oct 2008 09:47:03 -0700 >> Von: "Cihula, Joseph" <jos...@in...> >> An: "Lil Evil" <Lil...@gm...>, tbo...@li... >> Betreff: RE: [tboot-devel] new location for mercurial repo > >>> From: Lil Evil [mailto:Lil...@gm...] >>> Sent: Thursday, October 09, 2008 3:21 AM >>> >>> Hi, >>> >>> okay verification works now fine. Must have skipped that part in >>> the README :). >>> >>> I said broadcasted, because I assumed that it hasn't indeed been >>> broadcasted. Meaning it didn't show up on the serial console. >>> As I said it showed up during powering off, but not during >>> rebooting. >> >> Can you send me the serial output? And what system is this? > > Machine is a HP DC7800 bios v1.26 > tboot stable (version 2008613) and tboot.hg (revision 85), both show > the same behaviour. > > tboot & verfication successful > > -> reboot doesn't execute getsec[sexit] > -> machine hangs ( black screen ) > see tboot_reboot.txt > > -> powerdown does execute getsec[sexit] > see tboot_poweroff.txt > I can see the getsec[sexit] here... > > > >> >>> However, if I issue a reboot, the machine will hang with no screen >>> at all. Only a hard reset brings it back to life. >>> Hence, I assumed that TXT is protecting the machine, because it >>> hasn't successfully issued SEXIT. But, it also could be an issue of >>> my machine's BIOS, as I already encountered some. >> >> This sounds like SEXIT is not finishing. Typical reasons for that >> are if not all of the CPUs got woken up or if some still had VMX on. >> >>> >>> I keep on playing around and let you know what's happening. >>> >>> Cheers >>> lIl >>> >>> >>> -------- Original-Nachricht -------- >>>> Datum: Wed, 8 Oct 2008 11:26:51 -0700 >>>> Von: "Cihula, Joseph" <jos...@in...> >>>> An: "Lil Evil" <Lil...@gm...>, tbo...@li... >>>> Betreff: RE: [tboot-devel] new location for mercurial repo >>> >>>>> From: Lil Evil [mailto:Lil...@gm...] >>>>> Sent: Wednesday, October 08, 2008 2:11 AM >>>>> >>>>> 1) Compilation >>>>> to reproduce the compilation error, I did the following: >>>>> >>>>> [root@lil staging] hg clone >>> http://www.bughost.org/repos.hg/tboot.hg >>>>> destination directory: tboot.hg >>>>> requesting all changes >>>>> adding changesets >>>>> adding manifests >>>>> adding file changes >>>>> added 91 changesets with 393 changes to 122 files >>>>> updating working directory >>>>> 118 files updated, 0 files merged, 0 files removed, 0 files >>>>> unresolved [root@lil staging] cd tboot.hg >>>>> [root@lil tboot.hg] make >>>>> ... >>>>> <compile> >>>>> ... >>>>> >>>>> mlehash.c:47:34: error: ../include/elf_defns.h: No such file or >>>>> directory >>>>> >>>>> >>>>> [root@lil tboot.hg]# ls -la include/elf_defns.h >>>>> ls: cannot access include/elf_defns.h: No such file or directory >>>>> [root@lil tboot.hg]# >>>>> >>>>> hg reports the following changeset: >>>>> >>>>> changeset: 90:5d19b96f7c0e >>>>> tag: tip >>>>> user: Joseph Cihula <jos...@in...> >>>>> date: Tue Oct 07 12:03:27 2008 -0700 >>>>> summary: Added hg repo location to README >>>>> >>>>> I tried two different machines on different networks, same error. >>>>> which changeset are you on? >>>> >>>> OK, my bad (I only re-built tboot and not the tools). I have >>>> fixed this in the tip and uploaded a new tarfile. >>>> >>>>> 2) I already adopted to the new policy format already, as I have >>>>> been playing around with the mercurial repository a while ago. >>>>> The debug line I added, just prints out the PCR before extending. >>>>> I was a little bit surprised to see a none 0 row there. >>>>> Something is fishy, either with me, or the build :) >>>>> >>>>> here is my policy gen script, btw: >>>>> >>>>> modprobe tpm_tis >>>>> tcsd >>>>> rm -rf mle_hash lcp.pol vl.pol >>>>> >>>>> >>>>> #create hash of tboot >>>>> lcp_mlehash /boot/tboot.gz > mle_hash >>>>> >>>>> # transform hash into policy >>>>> lcp_crtpol -t hashonly -m mle_hash -o lcp.pol >>>>> >>>>> XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb >>>>> com1=1115200,8n1 console=vga,com1" >>>>> KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro >>>>> root=/dev/VolGroup01/LogVol01 rhgb >>>>> pciback.hide=(00:1d.7)(00:1d.1)" >>>>> TPM_PW="" >>>> >>>> The new policy code strips the module name from the module string >>>> provided by GRUB so that location isn't part of the measurement >>>> (which it shouldn't be). Thus, you should not have '/xen.gz ' or >>>> '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. >>>> >>>>> #create launch policy of the VMM >>>>> tb_polgen --create --type nonfatal vl.pol >>>>> >>>>> tb_polgen --add --num 0 --pcr 18 --hash image --cmdline >>>>> "$XENLINE" -- image /boot/xen.gz vl.pol --verbose >> verbose.txt >>>>> tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" >>>>> - - image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> >>>>> verbose.txt tb_polgen --add --num 2 --pcr 19 --hash image >>>>> --cmdline "" --image /boot/initrd-2.6.18.8-xen_unstable.img >>>>> vl.pol --verbose >> verbose.txt >>>>> >>>>> #write policy >>>>> lcp_writepol -i owner -f lcp.pol -p >>>>> lcp_writepol -i 0x20000001 -f vl.pol -p >>>>> >>>>> >>>>> 3) I also noticed with the stable tboot, on a reboot the >>>>> GETSEC[SEXIT] command is not broadcasted. It is however on a >>>>> shutdown. >>>> >>>> When you say "broadcasted" do you mean it doesn't appear on the >>>> serial output? That is likely just due to buffering and when/how >>>> the platform actually disables the serial port. If SEXIT were not >>>> done, the system could not reboot successfully (it would TXT_RESET >>>> and then the subsequent boot could not launch TXT until a power >>>> cycle). >>>> >>>>> Just to let you know where I am standing at the moment. >>>> >>>> Thanks for your comments and we'll try to keep things fixed up >>>> better. >>>> >>>>> Cheers >>>>> lIl >>>>> >>>>> -- >>>>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! >>>>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer >>> >>> -- >>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! >>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer >>> >>> ----------------------------------------------------------------------- >>> -- This SF.Net email is sponsored by the Moblin Your Move >>> Developer's challenge Build the coolest Linux based applications >>> with Moblin SDK & win great prizes Grand prize is a trip for two to >>> an Open Source event anywhere in the world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> tboot-devel mailing list >>> tbo...@li... >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel |
|
From: Lil E. <Lil...@gm...> - 2008-10-21 13:58:03
Attachments:
xen_debug.txt
|
Hi Shane, Not sure what you mean by debugging tools available?? Do you mean what I am using to get those error messages? I haven't chased this issue up recently as I have been busy. please find the xen debug output attached to this mail. cheers lIl -------- Original-Nachricht -------- > Datum: Tue, 21 Oct 2008 16:25:37 +0800 > Von: "Wang, Shane" <sha...@in...> > An: Lil Evil <Lil...@gm...>, "tbo...@li..." <tbo...@li...> > Betreff: RE: [tboot-devel] new location for mercurial repo > If poweroff can do but reboot can't, it is strange. > > Can you output Xen messages on the serial port? > And by the way, tell me which debug tools are available for you, besides > serial port? > > Lil Evil wrote: > > -------- Original-Nachricht -------- > >> Datum: Thu, 9 Oct 2008 09:47:03 -0700 > >> Von: "Cihula, Joseph" <jos...@in...> > >> An: "Lil Evil" <Lil...@gm...>, tbo...@li... > >> Betreff: RE: [tboot-devel] new location for mercurial repo > > > >>> From: Lil Evil [mailto:Lil...@gm...] > >>> Sent: Thursday, October 09, 2008 3:21 AM > >>> > >>> Hi, > >>> > >>> okay verification works now fine. Must have skipped that part in > >>> the README :). > >>> > >>> I said broadcasted, because I assumed that it hasn't indeed been > >>> broadcasted. Meaning it didn't show up on the serial console. > >>> As I said it showed up during powering off, but not during > >>> rebooting. > >> > >> Can you send me the serial output? And what system is this? > > > > Machine is a HP DC7800 bios v1.26 > > tboot stable (version 2008613) and tboot.hg (revision 85), both show > > the same behaviour. > > > > tboot & verfication successful > > > > -> reboot doesn't execute getsec[sexit] > > -> machine hangs ( black screen ) > > see tboot_reboot.txt > > > > -> powerdown does execute getsec[sexit] > > see tboot_poweroff.txt > > I can see the getsec[sexit] here... > > > > > > > >> > >>> However, if I issue a reboot, the machine will hang with no screen > >>> at all. Only a hard reset brings it back to life. > >>> Hence, I assumed that TXT is protecting the machine, because it > >>> hasn't successfully issued SEXIT. But, it also could be an issue of > >>> my machine's BIOS, as I already encountered some. > >> > >> This sounds like SEXIT is not finishing. Typical reasons for that > >> are if not all of the CPUs got woken up or if some still had VMX on. > >> > >>> > >>> I keep on playing around and let you know what's happening. > >>> > >>> Cheers > >>> lIl > >>> > >>> > >>> -------- Original-Nachricht -------- > >>>> Datum: Wed, 8 Oct 2008 11:26:51 -0700 > >>>> Von: "Cihula, Joseph" <jos...@in...> > >>>> An: "Lil Evil" <Lil...@gm...>, tbo...@li... > >>>> Betreff: RE: [tboot-devel] new location for mercurial repo > >>> > >>>>> From: Lil Evil [mailto:Lil...@gm...] > >>>>> Sent: Wednesday, October 08, 2008 2:11 AM > >>>>> > >>>>> 1) Compilation > >>>>> to reproduce the compilation error, I did the following: > >>>>> > >>>>> [root@lil staging] hg clone > >>> http://www.bughost.org/repos.hg/tboot.hg > >>>>> destination directory: tboot.hg > >>>>> requesting all changes > >>>>> adding changesets > >>>>> adding manifests > >>>>> adding file changes > >>>>> added 91 changesets with 393 changes to 122 files > >>>>> updating working directory > >>>>> 118 files updated, 0 files merged, 0 files removed, 0 files > >>>>> unresolved [root@lil staging] cd tboot.hg > >>>>> [root@lil tboot.hg] make > >>>>> ... > >>>>> <compile> > >>>>> ... > >>>>> > >>>>> mlehash.c:47:34: error: ../include/elf_defns.h: No such file or > >>>>> directory > >>>>> > >>>>> > >>>>> [root@lil tboot.hg]# ls -la include/elf_defns.h > >>>>> ls: cannot access include/elf_defns.h: No such file or directory > >>>>> [root@lil tboot.hg]# > >>>>> > >>>>> hg reports the following changeset: > >>>>> > >>>>> changeset: 90:5d19b96f7c0e > >>>>> tag: tip > >>>>> user: Joseph Cihula <jos...@in...> > >>>>> date: Tue Oct 07 12:03:27 2008 -0700 > >>>>> summary: Added hg repo location to README > >>>>> > >>>>> I tried two different machines on different networks, same error. > >>>>> which changeset are you on? > >>>> > >>>> OK, my bad (I only re-built tboot and not the tools). I have > >>>> fixed this in the tip and uploaded a new tarfile. > >>>> > >>>>> 2) I already adopted to the new policy format already, as I have > >>>>> been playing around with the mercurial repository a while ago. > >>>>> The debug line I added, just prints out the PCR before extending. > >>>>> I was a little bit surprised to see a none 0 row there. > >>>>> Something is fishy, either with me, or the build :) > >>>>> > >>>>> here is my policy gen script, btw: > >>>>> > >>>>> modprobe tpm_tis > >>>>> tcsd > >>>>> rm -rf mle_hash lcp.pol vl.pol > >>>>> > >>>>> > >>>>> #create hash of tboot > >>>>> lcp_mlehash /boot/tboot.gz > mle_hash > >>>>> > >>>>> # transform hash into policy > >>>>> lcp_crtpol -t hashonly -m mle_hash -o lcp.pol > >>>>> > >>>>> XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb > >>>>> com1=1115200,8n1 console=vga,com1" > >>>>> KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro > >>>>> root=/dev/VolGroup01/LogVol01 rhgb > >>>>> pciback.hide=(00:1d.7)(00:1d.1)" > >>>>> TPM_PW="" > >>>> > >>>> The new policy code strips the module name from the module string > >>>> provided by GRUB so that location isn't part of the measurement > >>>> (which it shouldn't be). Thus, you should not have '/xen.gz ' or > >>>> '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. > >>>> > >>>>> #create launch policy of the VMM > >>>>> tb_polgen --create --type nonfatal vl.pol > >>>>> > >>>>> tb_polgen --add --num 0 --pcr 18 --hash image --cmdline > >>>>> "$XENLINE" -- image /boot/xen.gz vl.pol --verbose >> verbose.txt > >>>>> tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$KERNEL" > >>>>> - - image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol --verbose >> > >>>>> verbose.txt tb_polgen --add --num 2 --pcr 19 --hash image > >>>>> --cmdline "" --image /boot/initrd-2.6.18.8-xen_unstable.img > >>>>> vl.pol --verbose >> verbose.txt > >>>>> > >>>>> #write policy > >>>>> lcp_writepol -i owner -f lcp.pol -p > >>>>> lcp_writepol -i 0x20000001 -f vl.pol -p > >>>>> > >>>>> > >>>>> 3) I also noticed with the stable tboot, on a reboot the > >>>>> GETSEC[SEXIT] command is not broadcasted. It is however on a > >>>>> shutdown. > >>>> > >>>> When you say "broadcasted" do you mean it doesn't appear on the > >>>> serial output? That is likely just due to buffering and when/how > >>>> the platform actually disables the serial port. If SEXIT were not > >>>> done, the system could not reboot successfully (it would TXT_RESET > >>>> and then the subsequent boot could not launch TXT until a power > >>>> cycle). > >>>> > >>>>> Just to let you know where I am standing at the moment. > >>>> > >>>> Thanks for your comments and we'll try to keep things fixed up > >>>> better. > >>>> > >>>>> Cheers > >>>>> lIl > >>>>> > >>>>> -- > >>>>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > >>>>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > >>> > >>> -- > >>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > >>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > >>> > >>> > ----------------------------------------------------------------------- > >>> -- This SF.Net email is sponsored by the Moblin Your Move > >>> Developer's challenge Build the coolest Linux based applications > >>> with Moblin SDK & win great prizes Grand prize is a trip for two to > >>> an Open Source event anywhere in the world > >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ > >>> _______________________________________________ > >>> tboot-devel mailing list > >>> tbo...@li... > >>> https://lists.sourceforge.net/lists/listinfo/tboot-devel -- GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion! http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196 |
|
From: Wang, S. <sha...@in...> - 2008-10-22 02:07:41
|
No. I just want to see what kind of debug tool you can use? then to determine how to debug it. Only printk on serial port? I just want to see whether the program runs into tboot_shutdown() in xen/arch/x86/tboot.c when you do poweroff or reboot. >From the result of your poweroff, it is obvious it rans into the function. >From the result of your reboot, if it didn't, or if it did but it map_pages_to_xen() wrongly, sexit will not be invoked. Anyway, I will try it again first on my side. Shane Lil Evil wrote: > Hi Shane, > > Not sure what you mean by debugging tools available?? > Do you mean what I am using to get those error messages? > I haven't chased this issue up recently as I have been busy. > please find the xen debug output attached to this mail. > > cheers > lIl > > > -------- Original-Nachricht -------- >> Datum: Tue, 21 Oct 2008 16:25:37 +0800 >> Von: "Wang, Shane" <sha...@in...> >> An: Lil Evil <Lil...@gm...>, "tbo...@li..." >> <tbo...@li...> Betreff: RE: [tboot-devel] new >> location for mercurial repo > >> If poweroff can do but reboot can't, it is strange. >> >> Can you output Xen messages on the serial port? >> And by the way, tell me which debug tools are available for you, >> besides >> serial port? >> >> Lil Evil wrote: >>> -------- Original-Nachricht -------- >>>> Datum: Thu, 9 Oct 2008 09:47:03 -0700 >>>> Von: "Cihula, Joseph" <jos...@in...> >>>> An: "Lil Evil" <Lil...@gm...>, tbo...@li... >>>> Betreff: RE: [tboot-devel] new location for mercurial repo >>> >>>>> From: Lil Evil [mailto:Lil...@gm...] >>>>> Sent: Thursday, October 09, 2008 3:21 AM >>>>> >>>>> Hi, >>>>> >>>>> okay verification works now fine. Must have skipped that part in >>>>> the README :). >>>>> >>>>> I said broadcasted, because I assumed that it hasn't indeed been >>>>> broadcasted. Meaning it didn't show up on the serial console. >>>>> As I said it showed up during powering off, but not during >>>>> rebooting. >>>> >>>> Can you send me the serial output? And what system is this? >>> >>> Machine is a HP DC7800 bios v1.26 >>> tboot stable (version 2008613) and tboot.hg (revision 85), both >>> show the same behaviour. >>> >>> tboot & verfication successful >>> >>> -> reboot doesn't execute getsec[sexit] >>> -> machine hangs ( black screen ) >>> see tboot_reboot.txt >>> >>> -> powerdown does execute getsec[sexit] >>> see tboot_poweroff.txt >>> I can see the getsec[sexit] here... >>> >>> >>> >>>> >>>>> However, if I issue a reboot, the machine will hang with no screen >>>>> at all. Only a hard reset brings it back to life. >>>>> Hence, I assumed that TXT is protecting the machine, because it >>>>> hasn't successfully issued SEXIT. But, it also could be an issue >>>>> of my machine's BIOS, as I already encountered some. >>>> >>>> This sounds like SEXIT is not finishing. Typical reasons for that >>>> are if not all of the CPUs got woken up or if some still had VMX >>>> on. >>>> >>>>> >>>>> I keep on playing around and let you know what's happening. >>>>> >>>>> Cheers >>>>> lIl >>>>> >>>>> >>>>> -------- Original-Nachricht -------- >>>>>> Datum: Wed, 8 Oct 2008 11:26:51 -0700 >>>>>> Von: "Cihula, Joseph" <jos...@in...> >>>>>> An: "Lil Evil" <Lil...@gm...>, >>>>>> tbo...@li... Betreff: RE: [tboot-devel] new >>>>>> location for mercurial repo >>>>> >>>>>>> From: Lil Evil [mailto:Lil...@gm...] >>>>>>> Sent: Wednesday, October 08, 2008 2:11 AM >>>>>>> >>>>>>> 1) Compilation >>>>>>> to reproduce the compilation error, I did the following: >>>>>>> >>>>>>> [root@lil staging] hg clone >>>>> http://www.bughost.org/repos.hg/tboot.hg >>>>>>> destination directory: tboot.hg >>>>>>> requesting all changes >>>>>>> adding changesets >>>>>>> adding manifests >>>>>>> adding file changes >>>>>>> added 91 changesets with 393 changes to 122 files >>>>>>> updating working directory >>>>>>> 118 files updated, 0 files merged, 0 files removed, 0 files >>>>>>> unresolved [root@lil staging] cd tboot.hg >>>>>>> [root@lil tboot.hg] make >>>>>>> ... >>>>>>> <compile> >>>>>>> ... >>>>>>> >>>>>>> mlehash.c:47:34: error: ../include/elf_defns.h: No such file or >>>>>>> directory >>>>>>> >>>>>>> >>>>>>> [root@lil tboot.hg]# ls -la include/elf_defns.h >>>>>>> ls: cannot access include/elf_defns.h: No such file or >>>>>>> directory [root@lil tboot.hg]# >>>>>>> >>>>>>> hg reports the following changeset: >>>>>>> >>>>>>> changeset: 90:5d19b96f7c0e >>>>>>> tag: tip >>>>>>> user: Joseph Cihula <jos...@in...> >>>>>>> date: Tue Oct 07 12:03:27 2008 -0700 >>>>>>> summary: Added hg repo location to README >>>>>>> >>>>>>> I tried two different machines on different networks, same >>>>>>> error. which changeset are you on? >>>>>> >>>>>> OK, my bad (I only re-built tboot and not the tools). I have >>>>>> fixed this in the tip and uploaded a new tarfile. >>>>>> >>>>>>> 2) I already adopted to the new policy format already, as I have >>>>>>> been playing around with the mercurial repository a while ago. >>>>>>> The debug line I added, just prints out the PCR before >>>>>>> extending. I was a little bit surprised to see a none 0 row >>>>>>> there. >>>>>>> Something is fishy, either with me, or the build :) >>>>>>> >>>>>>> here is my policy gen script, btw: >>>>>>> >>>>>>> modprobe tpm_tis >>>>>>> tcsd >>>>>>> rm -rf mle_hash lcp.pol vl.pol >>>>>>> >>>>>>> >>>>>>> #create hash of tboot >>>>>>> lcp_mlehash /boot/tboot.gz > mle_hash >>>>>>> >>>>>>> # transform hash into policy >>>>>>> lcp_crtpol -t hashonly -m mle_hash -o lcp.pol >>>>>>> >>>>>>> XENLINE="/xen.gz tboot=0x01019040 iommu=1 vtd=1 dom0_mem=1024mb >>>>>>> com1=1115200,8n1 console=vga,com1" >>>>>>> KERNEL="/vmlinuz-2.6.18.8-xen_unstable ro >>>>>>> root=/dev/VolGroup01/LogVol01 rhgb >>>>>>> pciback.hide=(00:1d.7)(00:1d.1)" >>>>>>> TPM_PW="" >>>>>> >>>>>> The new policy code strips the module name from the module string >>>>>> provided by GRUB so that location isn't part of the measurement >>>>>> (which it shouldn't be). Thus, you should not have '/xen.gz ' or >>>>>> '/vmlinuz-2.6.18.8-xen_unstable ' in your strings. >>>>>> >>>>>>> #create launch policy of the VMM >>>>>>> tb_polgen --create --type nonfatal vl.pol >>>>>>> >>>>>>> tb_polgen --add --num 0 --pcr 18 --hash image --cmdline >>>>>>> "$XENLINE" -- image /boot/xen.gz vl.pol --verbose >> verbose.txt >>>>>>> tb_polgen --add --num 1 --pcr 19 --hash image --cmdline >>>>>>> "$KERNEL" - - image /boot/vmlinuz-2.6.18.8-xen_unstable vl.pol >>>>>>> --verbose >> verbose.txt tb_polgen --add --num 2 --pcr 19 >>>>>>> --hash image --cmdline "" --image >>>>>>> /boot/initrd-2.6.18.8-xen_unstable.img vl.pol --verbose >> >>>>>>> verbose.txt >>>>>>> >>>>>>> #write policy >>>>>>> lcp_writepol -i owner -f lcp.pol -p >>>>>>> lcp_writepol -i 0x20000001 -f vl.pol -p >>>>>>> >>>>>>> >>>>>>> 3) I also noticed with the stable tboot, on a reboot the >>>>>>> GETSEC[SEXIT] command is not broadcasted. It is however on a >>>>>>> shutdown. >>>>>> >>>>>> When you say "broadcasted" do you mean it doesn't appear on the >>>>>> serial output? That is likely just due to buffering and when/how >>>>>> the platform actually disables the serial port. If SEXIT were >>>>>> not done, the system could not reboot successfully (it would >>>>>> TXT_RESET and then the subsequent boot could not launch TXT >>>>>> until a power cycle). >>>>>> >>>>>>> Just to let you know where I am standing at the moment. >>>>>> >>>>>> Thanks for your comments and we'll try to keep things fixed up >>>>>> better. >>>>>> >>>>>>> Cheers >>>>>>> lIl >>>>>>> >>>>>>> -- >>>>>>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu >>>>>>> sparen! Ideal für Modem und ISDN: >>>>>>> http://www.gmx.net/de/go/smartsurfer >>>>> >>>>> -- >>>>> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! >>>>> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer >>>>> >>>>> >> ----------------------------------------------------------------------- >>>>> -- This SF.Net email is sponsored by the Moblin Your Move >>>>> Developer's challenge Build the coolest Linux based applications >>>>> with Moblin SDK & win great prizes Grand prize is a trip for two >>>>> to an Open Source event anywhere in the world >>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>> _______________________________________________ >>>>> tboot-devel mailing list >>>>> tbo...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/tboot-devel |
Thanks for helping keep SourceForge clean.
X