From: Do, T. T. <td...@sw...> - 2008-12-08 17:17:33
|
> I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Cihula, J. <jos...@in...> - 2008-12-08 17:44:11
|
What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Do, T. T. <td...@sw...> - 2008-12-08 18:38:05
|
Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Cihula, J. <jos...@in...> - 2008-12-08 22:07:47
|
And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Ross P. <Ros...@ci...> - 2008-12-09 00:40:57
|
> When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. Yeah I think we added that message in Xen a few months back. We saw that on certain platforms the BIOS was setting up the MSR feature bits to where if you had TXT enabled you had to enter SMX mode to enable VMX mode. It was definitely something OEM BIOS specific - I saw it on a Dell 755. Thanks Ross ________________________________ From: Do, Tam T. [mailto:td...@sw...] Sent: Mon 12/8/2008 6:53 PM To: Cihula, Joseph; tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Do, T. T. <td...@sw...> - 2008-12-08 23:53:33
|
Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Cihula, J. <jos...@in...> - 2008-12-09 01:29:53
|
Are you sure that this system supports TXT? I don't see anything on the Web indicating that it does-do you have a TXT BIOS option (I also don't see the TXT-related TPM NV indices)? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 3:53 PM To: Cihula, Joseph; tbo...@li... Subject: RE: tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Martin T. <ma...@th...> - 2008-12-09 14:50:48
|
Great :) I remember in the past getting some strange error when I tried to use Xen (without TXT) with TXT enabled in the BIOS - I think it was something like that virtualization was not enabled (which makes sense given the way the bit was previously documentet in the IA32 manuals - before TXT was introduced). The reason I wrote before was just to say that the problem may be more common than one might think (I actually thought it was a bug in the BIOS for my specific board but as far as I remember someone wrote it was the same in Intel's own boards). Best regards, Martin Thiim On Tue, Dec 9, 2008 at 11:55 AM, Ross Philipson <Ros...@ci...> wrote: > I hadn't seen that thread - I probably joined more recently than that. I > agree that it is a perfectly valid configuration set by the vendor BIOS - > though a bit annoying ;) The only thing we did was to modify Xen a bit to > print out a more useful message about why it couldn't enable VMX - like > "check to see if TXT is enabled". > > Thanks > Ross > ________________________________ > From: Martin Thiim [mailto:ma...@th...] > Sent: Tue 12/9/2008 3:37 AM > To: Ross Philipson > Subject: Re: [tboot-devel] tboot policy problems > > Ok, I made a similar observation earlier this year and wrote to the > list ("Question on feature control bits and some observations") and > was told that this was actually the "standard" way that BIOS'es should > handle it (i.e. enabling TXT should disable use of virtualization > outside of TXT). It is annoying for TXT testers that would also like > to run a VMWare with hardware acceleration, that's for sure ;) But it > is up to the BIOS, how it configures the feature control MSR. > > Best regards, > > Martin Thiim > > > On Tue, Dec 9, 2008 at 1:40 AM, Ross Philipson > <Ros...@ci...> wrote: >>> When booting xen there is a message which flashes by about disabling TXT. >>> Additionally it seems I am unable to run HVM domains with TXT enabled in >>> the bios. >> >> Yeah I think we added that message in Xen a few months back. We saw that >> on >> certain platforms the BIOS was setting up the MSR feature bits to where if >> you had TXT enabled you had to enter SMX mode to enable VMX mode. It was >> definitely something OEM BIOS specific - I saw it on a Dell 755. >> >> Thanks >> Ross >> ________________________________ >> From: Do, Tam T. [mailto:td...@sw...] >> Sent: Mon 12/8/2008 6:53 PM >> To: Cihula, Joseph; tbo...@li... >> Subject: Re: [tboot-devel] tboot policy problems >> >> Yes I have already taken ownership auth of the tpm. >> >> >> >> I get the following output when I run tpmnv_getcap: >> >> >> >> The response data is: >> >> 01 00 00 40 02 00 00 20 >> >> >> >> 2 indices have been defined >> >> list of indices for defined NV storage areas: >> >> 0x01000040 0x02000020 >> >> >> >> I have also noticed a few strange things about my machine… When booting >> xen >> there is a message which flashes by about disabling TXT. Additionally it >> seems I am unable to run HVM domains with TXT enabled in the bios. This >> may >> be a problem with the vendor's bios as this system is fairly new… I will >> attempt to update the bios to version A09 from A06 and will update you on >> the results if any different. >> >> >> >> Thanks, >> >> >> >> --Tam Do >> >> >> >> ________________________________ >> >> From: Cihula, Joseph [mailto:jos...@in...] >> Sent: Monday, December 08, 2008 3:43 PM >> To: Do, Tam T.; tbo...@li... >> Subject: RE: tboot policy problems >> >> >> >> And you've taken ownership and set the owner auth to "TPM-password"? What >> do you get if you run tpmnv_getcap? >> >> >> >> Joe >> >> >> >> From: Do, Tam T. [mailto:td...@sw...] >> Sent: Monday, December 08, 2008 10:38 AM >> To: tbo...@li... >> Subject: Re: [tboot-devel] tboot policy problems >> >> >> >> Dell Latitude E6500 >> >> >> >> Linux 2.6.18.18.8-xen (unstable build) >> >> >> >> --Tam Do >> >> >> >> >> >> ________________________________ >> >> From: Cihula, Joseph [mailto:jos...@in...] >> Sent: Monday, December 08, 2008 11:44 AM >> To: Do, Tam T.; tbo...@li... >> Subject: RE: tboot policy problems >> >> >> >> What model is your computer and what version of Linux are you using? >> >> >> >> Joe >> >> >> >> From: Do, Tam T. [mailto:td...@sw...] >> Sent: Monday, December 08, 2008 9:00 AM >> To: tbo...@li... >> Cc: Cihula, Joseph >> Subject: tboot policy problems >> >> >> >>> I am running into some problems with the tpm when following the steps >> >>> in /docs/policy.txt to set up a default policy. >> >>> >> >>> When I reach the step Define tboot error TPM NV index: and enter the >> >>> command >> >>> >> >>> tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p >> >>> TPM-password >> >>> >> >>> I receive the following error: >> >>> >> >>> Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command >> >>> DefIndex failed: >> >>> TSS API failed >> >> >> >> I have verified that the tpm_tis driver has been properly loaded and the >> pcrs file contains non-0 values. >> >> >> >> When running trousers in the foreground with debug options enabled I >> receive >> the following output: >> >> >> >> TCSD TDDL ioctl: (25) Inappropriate ioctl for device >> >> TCSD TDDL Falling back to Read/Write device support. >> >> TCSD trousers 0.3.1: TCSD up and running >> >> >> >> Thanks, >> >> >> >> --Tam Do >> >> >> ------------------------------------------------------------------------------ >> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, >> Nevada. >> The future of the web can't happen without you. Join us at MIX09 to help >> pave the way to the Next Web now. Learn more and register at >> >> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ >> _______________________________________________ >> tboot-devel mailing list >> tbo...@li... >> https://lists.sourceforge.net/lists/listinfo/tboot-devel >> >> > |
From: Do, T. T. <td...@sw...> - 2008-12-09 14:05:58
|
The system is advertised as supporting Intel vPRO which can be accessed when you build the computer. The Intel TXT option is available in the bios screen, but only recently support has been added (as of bios version A06). I'll try updating the bios to see if this gets us anywhere. --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 6:28 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems Are you sure that this system supports TXT? I don't see anything on the Web indicating that it does-do you have a TXT BIOS option (I also don't see the TXT-related TPM NV indices)? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 3:53 PM To: Cihula, Joseph; tbo...@li... Subject: RE: tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Do, T. T. <td...@sw...> - 2008-12-09 14:07:52
|
If this is the case, Is there an easy way to enable running HVM domains with TXT enabled? --Tam Do ________________________________ From: Ross Philipson [mailto:Ros...@ci...] Sent: Monday, December 08, 2008 6:40 PM To: Do, Tam T.; Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] tboot policy problems > When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. Yeah I think we added that message in Xen a few months back. We saw that on certain platforms the BIOS was setting up the MSR feature bits to where if you had TXT enabled you had to enter SMX mode to enable VMX mode. It was definitely something OEM BIOS specific - I saw it on a Dell 755. Thanks Ross ________________________________ From: Do, Tam T. [mailto:td...@sw...] Sent: Mon 12/8/2008 6:53 PM To: Cihula, Joseph; tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Ross P. <Ros...@ci...> - 2008-12-09 14:16:11
|
I was referred to an earlier thread where this was discussed: "Question on feature control bits and some observations". I was not implying that this was a bug or a mis-configuration; it is a valid configuration for the BIOS to setup. I have only seen it on one platform so far. We put the message in Xen just to give people a hint as to why Xen failed to enter VMX mode. I don't think there is a way around it other than turning TXT on and off depending on what you are doing. Thanks Ross From: Do, Tam T. [mailto:td...@sw...] Sent: Tuesday, December 09, 2008 9:08 AM To: Ross Philipson; Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] tboot policy problems If this is the case, Is there an easy way to enable running HVM domains with TXT enabled? --Tam Do ________________________________ From: Ross Philipson [mailto:Ros...@ci...] Sent: Monday, December 08, 2008 6:40 PM To: Do, Tam T.; Cihula, Joseph; tbo...@li... Subject: RE: [tboot-devel] tboot policy problems > When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. Yeah I think we added that message in Xen a few months back. We saw that on certain platforms the BIOS was setting up the MSR feature bits to where if you had TXT enabled you had to enter SMX mode to enable VMX mode. It was definitely something OEM BIOS specific - I saw it on a Dell 755. Thanks Ross ________________________________ From: Do, Tam T. [mailto:td...@sw...] Sent: Mon 12/8/2008 6:53 PM To: Cihula, Joseph; tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |
From: Do, T. T. <td...@sw...> - 2008-12-09 20:32:00
|
I was unable to get Intel TXT working on this system. I have emailed the vendor for support. Thanks, --Tam Do ________________________________ From: Do, Tam T. [mailto:ta...@sw...] Sent: Tuesday, December 09, 2008 8:06 AM To: Cihula, Joseph; Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems The system is advertised as supporting Intel vPRO which can be accessed when you build the computer. The Intel TXT option is available in the bios screen, but only recently support has been added (as of bios version A06). I'll try updating the bios to see if this gets us anywhere. --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 6:28 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems Are you sure that this system supports TXT? I don't see anything on the Web indicating that it does-do you have a TXT BIOS option (I also don't see the TXT-related TPM NV indices)? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 3:53 PM To: Cihula, Joseph; tbo...@li... Subject: RE: tboot policy problems Yes I have already taken ownership auth of the tpm. I get the following output when I run tpmnv_getcap: The response data is: 01 00 00 40 02 00 00 20 2 indices have been defined list of indices for defined NV storage areas: 0x01000040 0x02000020 I have also noticed a few strange things about my machine... When booting xen there is a message which flashes by about disabling TXT. Additionally it seems I am unable to run HVM domains with TXT enabled in the bios. This may be a problem with the vendor's bios as this system is fairly new... I will attempt to update the bios to version A09 from A06 and will update you on the results if any different. Thanks, --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 3:43 PM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems And you've taken ownership and set the owner auth to "TPM-password"? What do you get if you run tpmnv_getcap? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 10:38 AM To: tbo...@li... Subject: Re: [tboot-devel] tboot policy problems Dell Latitude E6500 Linux 2.6.18.18.8-xen (unstable build) --Tam Do ________________________________ From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 08, 2008 11:44 AM To: Do, Tam T.; tbo...@li... Subject: RE: tboot policy problems What model is your computer and what version of Linux are you using? Joe From: Do, Tam T. [mailto:td...@sw...] Sent: Monday, December 08, 2008 9:00 AM To: tbo...@li... Cc: Cihula, Joseph Subject: tboot policy problems > I am running into some problems with the tpm when following the steps > in /docs/policy.txt to set up a default policy. > > When I reach the step Define tboot error TPM NV index: and enter the > command > > tpmnv_defindex -i 0x20000002 -s 8 pv 0 -rl 0x07 -wl 0x07 -p > TPM-password > > I receive the following error: > > Tspi_NV_DefineSpace failed failed: Unknown (0x8fffffff) Command > DefIndex failed: > TSS API failed I have verified that the tpm_tis driver has been properly loaded and the pcrs file contains non-0 values. When running trousers in the foreground with debug options enabled I receive the following output: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.1: TCSD up and running Thanks, --Tam Do |