From: dknueppel <dkn...@on...> - 2014-04-26 06:19:29
|
Hi, I'm getting txt error code 0xc0001c41 with rebooting the system afterwards. Mainboard Intel S1200RPL CPU XEON E3-1265L TPM AXXTPME5 Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) Distribution Ubuntu 14.04 w/ tboot 1.8 SINIT 4th_gen_i5_i7_SINIT_75.BIN Attached below how the TPM is set up and the tboot dump. I don't have any clue why I'm still getting the error. According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" Help pretty much appreciated. Thanks, Dieter + tpm_takeownership -z Enter owner password: Confirm password: + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b) Command DefIndex failed: TSS API failed + tpmnv_defindex -i owner -s 0x36 -p password Haven't input permission value, use default value 0x2 Successfully defined index 0x40000001 as permission 0x2, data size is 54 + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password Successfully defined index 0x20000001 as permission 0x2, data size is 512 + rm -r tmp + mkdir tmp + cd tmp + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out tboot_mle.elt tboot_hash + lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol --data owner_list.data list_unsig.lst + lcp_writepol -i owner -f owner_list.pol -p password Successfully write policy into index 0x40000001 + cp owner_list.data /boot + tb_polgen --create --type nonfatal tcb.pol + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image /boot/vmlinuz-3.13.0-24-generic tcb.pol + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image /boot/initrd.img-3.13.0-24-generic tcb.pol + lcp_writepol -i 0x20000001 -f tcb.pol -p password Successfully write policy into index 0x20000001 TBOOT: ******************* TBOOT ******************* TBOOT: 2014-01-30 12:00 +0800 1.8.0 TBOOT: ********************************************* TBOOT: command line: logging=serial,vga,memory TBOOT: BSP is cpu 0 TBOOT: original e820 map: TBOOT: 0000000000000000 - 000000000009bc00 (1) TBOOT: 000000000009bc00 - 00000000000a0000 (2) TBOOT: 00000000000e0000 - 0000000000100000 (2) TBOOT: 0000000000100000 - 00000000bbdc7000 (1) TBOOT: 00000000bbdc7000 - 00000000be782000 (2) TBOOT: 00000000be782000 - 00000000be788000 (4) TBOOT: 00000000be788000 - 00000000be8be000 (2) TBOOT: 00000000be8be000 - 00000000be8c2000 (4) TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) TBOOT: 00000000be8e4000 - 00000000be905000 (2) TBOOT: 00000000be905000 - 00000000be915000 (4) TBOOT: 00000000be915000 - 00000000be925000 (2) TBOOT: 00000000be925000 - 00000000beb2f000 (4) TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) TBOOT: 00000000bebf0000 - 00000000bec00000 (1) TBOOT: 00000000bec00000 - 00000000c0000000 (2) TBOOT: 00000000f8000000 - 00000000fc000000 (2) TBOOT: 00000000fec00000 - 00000000fec01000 (2) TBOOT: 00000000fed19000 - 00000000fed1a000 (2) TBOOT: 00000000fed1c000 - 00000000fed20000 (2) TBOOT: 00000000fee00000 - 00000000fee01000 (2) TBOOT: 00000000ff400000 - 0000000100000000 (2) TBOOT: 0000000100000000 - 0000000440000000 (1) TBOOT: TPM: TPM Family 0x3 TBOOT: TPM is ready TBOOT: TPM nv_locked: TRUE TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 TBOOT: Wrong timeout B, fallback to 2000 TBOOT: Wrong timeout C, fallback to 75000 TBOOT: reading Verified Launch Policy from TPM NV... TBOOT: :512 bytes read TBOOT: policy: TBOOT: version: 2 TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL TBOOT: hash_alg: TB_HALG_SHA1 TBOOT: policy_control: 00000001 (EXTEND_PCR17) TBOOT: num_entries: 2 TBOOT: policy entry[0]: TBOOT: mod_num: 0 TBOOT: pcr: 18 TBOOT: hash_type: TB_HTYPE_IMAGE TBOOT: num_hashes: 1 TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 f6 46 51 ca da TBOOT: policy entry[1]: TBOOT: mod_num: 1 TBOOT: pcr: 19 TBOOT: hash_type: TB_HTYPE_IMAGE TBOOT: num_hashes: 1 TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 8f 74 18 0f 60 TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 TBOOT: CPU is SMX-capable TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: TXT.ERRORCODE: 0xc0001c41 TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 TBOOT: TXT.ESTS: 0x0 TBOOT: TXT.E2STS: 0xc TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 TBOOT: CPU is SMX-capable TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: TXT.HEAP.BASE: 0xbef20000 TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) TBOOT: bios_data (@0xbef20008, 0x56): TBOOT: version: 4 TBOOT: bios_sinit_size: 0xce40 (52800) TBOOT: lcp_pd_base: 0x0 TBOOT: lcp_pd_size: 0x0 (0) TBOOT: num_logical_procs: 8 TBOOT: flags: 0x00000000 TBOOT: ext_data_elts[]: TBOOT: BIOS_SPEC_VER: TBOOT: major: 0x2 TBOOT: minor: 0x1 TBOOT: rev: 0x0 TBOOT: ACM: TBOOT: num_acms: 1 TBOOT: acm_addrs[0]: 0xfff7d000 TBOOT: CR0 and EFLAGS OK TBOOT: supports preserving machine check errors TBOOT: CPU is ready for SENTER TBOOT: checking previous errors on the last boot. last boot has error. TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this platform... TBOOT: chipset production fused: 1 TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 TBOOT: processor family/model/stepping: 0x306c3 TBOOT: platform id: 0x4000000000000 TBOOT: 1 ACM chipset id entries: TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 TBOOT: 3 ACM processor id entries: TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 TBOOT: SINIT matches platform TBOOT: TXT.SINIT.BASE: 0xbef00000 TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) TBOOT: BIOS has already loaded an SINIT module TBOOT: 1 ACM chipset id entries: TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 TBOOT: 3 ACM processor id entries: TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 TBOOT: BIOS-provided SINIT is older: date=20130612 TBOOT: copied SINIT (size=ce40) to 0xbef00000 TBOOT: AC mod base alignment OK TBOOT: AC mod size OK TBOOT: AC module header dump for SINIT: TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) TBOOT: subtype: 0x0 TBOOT: length: 0xa1 (161) TBOOT: version: 0 TBOOT: chipset_id: 0xb002 TBOOT: flags: 0x0 TBOOT: pre_production: 0 TBOOT: debug_signed: 0 TBOOT: vendor: 0x8086 TBOOT: date: 0x20130712 TBOOT: size*4: 0xce40 (52800) TBOOT: code_control: 0x0 TBOOT: entry point: 0x00000008:000062dc TBOOT: scratch_size: 0x8f (143) TBOOT: info_table: TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} TBOOT: ACM_UUID_V3 TBOOT: chipset_acm_type: 0x1 (SINIT) TBOOT: version: 4 TBOOT: length: 0x2c (44) TBOOT: chipset_id_list: 0x4ec TBOOT: os_sinit_data_ver: 0x6 TBOOT: min_mle_hdr_ver: 0x00020000 TBOOT: capabilities: 0x0000002e TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 1 TBOOT: stm: 1 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 1 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: acm_ver: 75 TBOOT: chipset list: TBOOT: count: 1 TBOOT: entry 0: TBOOT: flags: 0x1 TBOOT: vendor_id: 0x8086 TBOOT: device_id: 0xb002 TBOOT: revision_id: 0x1 TBOOT: extended_id: 0x0 TBOOT: processor list: TBOOT: count: 3 TBOOT: entry 0: TBOOT: fms: 0x306c0 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: entry 1: TBOOT: fms: 0x40660 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: entry 2: TBOOT: fms: 0x40650 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: file addresses: TBOOT: &_start=0x804000 TBOOT: &_end=0xac6460 TBOOT: &_mle_start=0x804000 TBOOT: &_mle_end=0x834000 TBOOT: &_post_launch_entry=0x804010 TBOOT: &_txt_wakeup=0x8041f0 TBOOT: &g_mle_hdr=0x81b5a0 TBOOT: MLE header: TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} TBOOT: length=34 TBOOT: version=00020001 TBOOT: entry_point=00000010 TBOOT: first_valid_page=00000000 TBOOT: mle_start_off=4000 TBOOT: mle_end_off=34000 TBOOT: capabilities: 0x00000027 TBOOT: rlp_wake_getsec: 1 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 1 TBOOT: stm: 0 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 1 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: MLE start=804000, end=834000, size=30000 TBOOT: ptab_size=3000, ptab_base=0x801000 TBOOT: TXT.HEAP.BASE: 0xbef20000 TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) TBOOT: bios_data (@0xbef20008, 0x56): TBOOT: version: 4 TBOOT: bios_sinit_size: 0xce40 (52800) TBOOT: lcp_pd_base: 0x0 TBOOT: lcp_pd_size: 0x0 (0) TBOOT: num_logical_procs: 8 TBOOT: flags: 0x00000000 TBOOT: ext_data_elts[]: TBOOT: BIOS_SPEC_VER: TBOOT: major: 0x2 TBOOT: minor: 0x1 TBOOT: rev: 0x0 TBOOT: ACM: TBOOT: num_acms: 1 TBOOT: acm_addrs[0]: 0xfff7d000 TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000 TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 TBOOT: no LCP module found TBOOT: os_sinit_data (@0xbef3517e, 0x7c): TBOOT: version: 6 TBOOT: flags: 0 TBOOT: mle_ptab: 0x801000 TBOOT: mle_size: 0x30000 (196608) TBOOT: mle_hdr_base: 0x175a0 TBOOT: vtd_pmr_lo_base: 0x0 TBOOT: vtd_pmr_lo_size: 0xbbc00000 TBOOT: vtd_pmr_hi_base: 0x100000000 TBOOT: vtd_pmr_hi_size: 0x340000000 TBOOT: lcp_po_base: 0x0 TBOOT: lcp_po_size: 0x0 (0) TBOOT: capabilities: 0x00000002 TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 0 TBOOT: stm: 0 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 0 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: efi_rsdt_ptr: 0x0 TBOOT: ext_data_elts[]: TBOOT: EVENT_LOG_POINTER: TBOOT: size: 16 TBOOT: elog_addr: 0xbef30176 TBOOT: Event Log Container: TBOOT: Signature: TXT Event Container TBOOT: ContainerVer: 1.0 TBOOT: PCREventVer: 1.0 TBOOT: Size: 20480 TBOOT: EventsOffset: [48,48) TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, num_pages=13 TBOOT: executing GETSEC[SENTER]... |
From: Ross P. <ros...@ci...> - 2014-04-28 19:13:26
|
On 04/26/2014 02:09 AM, dknueppel wrote: > Hi, > > I'm getting txt error code 0xc0001c41 with rebooting the system afterwards. > > Mainboard Intel S1200RPL > CPU XEON E3-1265L > TPM AXXTPME5 > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > Distribution Ubuntu 14.04 w/ tboot 1.8 > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > Attached below how the TPM is set up and the tboot dump. > > I don't have any clue why I'm still getting the error. > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" You may be missing some NV indexes that the OEM is supposed to put there. For example on my Dell 6430 where I am using the TXT/TPM I have: # tpmnv_getcap The response data is: 10 00 00 01 50 00 00 01 50 00 00 03 3 indices have been defined list of indices for defined NV storage areas: 0x10000001 0x50000001 0x50000003 The second two need to be there - the are LCP related indexes (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are supposed to be create by the OEM then locked in NV RAM to prevent removal. > > Help pretty much appreciated. > > Thanks, > Dieter > > > + tpm_takeownership -z > Enter owner password: > Confirm password: > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password > Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b) > > Command DefIndex failed: > TSS API failed > + tpmnv_defindex -i owner -s 0x36 -p password > Haven't input permission value, use default value 0x2 > > Successfully defined index 0x40000001 as permission 0x2, data size is 54 > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > Successfully defined index 0x20000001 as permission 0x2, data size is 512 > + rm -r tmp > + mkdir tmp > + cd tmp > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out tboot_mle.elt tboot_hash > + lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol --data owner_list.data list_unsig.lst > + lcp_writepol -i owner -f owner_list.pol -p password > > Successfully write policy into index 0x40000001 > + cp owner_list.data /boot > + tb_polgen --create --type nonfatal tcb.pol > + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image /boot/vmlinuz-3.13.0-24-generic tcb.pol > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image /boot/initrd.img-3.13.0-24-generic tcb.pol > + lcp_writepol -i 0x20000001 -f tcb.pol -p password > > Successfully write policy into index 0x20000001 > > > > > TBOOT: ******************* TBOOT ******************* > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > TBOOT: ********************************************* > TBOOT: command line: logging=serial,vga,memory > TBOOT: BSP is cpu 0 > TBOOT: original e820 map: > TBOOT: 0000000000000000 - 000000000009bc00 (1) > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > TBOOT: 00000000000e0000 - 0000000000100000 (2) > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > TBOOT: 00000000be782000 - 00000000be788000 (4) > TBOOT: 00000000be788000 - 00000000be8be000 (2) > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > TBOOT: 00000000be905000 - 00000000be915000 (4) > TBOOT: 00000000be915000 - 00000000be925000 (2) > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > TBOOT: 00000000ff400000 - 0000000100000000 (2) > TBOOT: 0000000100000000 - 0000000440000000 (1) > TBOOT: TPM: TPM Family 0x3 > TBOOT: TPM is ready > TBOOT: TPM nv_locked: TRUE > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > TBOOT: Wrong timeout B, fallback to 2000 > TBOOT: Wrong timeout C, fallback to 75000 > TBOOT: reading Verified Launch Policy from TPM NV... > TBOOT: :512 bytes read > TBOOT: policy: > TBOOT: version: 2 > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > TBOOT: hash_alg: TB_HALG_SHA1 > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > TBOOT: num_entries: 2 > TBOOT: policy entry[0]: > TBOOT: mod_num: 0 > TBOOT: pcr: 18 > TBOOT: hash_type: TB_HTYPE_IMAGE > TBOOT: num_hashes: 1 > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 f6 46 51 ca da > TBOOT: policy entry[1]: > TBOOT: mod_num: 1 > TBOOT: pcr: 19 > TBOOT: hash_type: TB_HTYPE_IMAGE > TBOOT: num_hashes: 1 > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 8f 74 18 0f 60 > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > TBOOT: CPU is SMX-capable > TBOOT: CPU is VMX-capable > TBOOT: SMX is enabled > TBOOT: TXT chipset and all needed capabilities present > TBOOT: TXT.ERRORCODE: 0xc0001c41 > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > TBOOT: TXT.ESTS: 0x0 > TBOOT: TXT.E2STS: 0xc > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > TBOOT: CPU is SMX-capable > TBOOT: CPU is VMX-capable > TBOOT: SMX is enabled > TBOOT: TXT chipset and all needed capabilities present > TBOOT: TXT.HEAP.BASE: 0xbef20000 > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > TBOOT: bios_data (@0xbef20008, 0x56): > TBOOT: version: 4 > TBOOT: bios_sinit_size: 0xce40 (52800) > TBOOT: lcp_pd_base: 0x0 > TBOOT: lcp_pd_size: 0x0 (0) > TBOOT: num_logical_procs: 8 > TBOOT: flags: 0x00000000 > TBOOT: ext_data_elts[]: > TBOOT: BIOS_SPEC_VER: > TBOOT: major: 0x2 > TBOOT: minor: 0x1 > TBOOT: rev: 0x0 > TBOOT: ACM: > TBOOT: num_acms: 1 > TBOOT: acm_addrs[0]: 0xfff7d000 > TBOOT: CR0 and EFLAGS OK > TBOOT: supports preserving machine check errors > TBOOT: CPU is ready for SENTER > TBOOT: checking previous errors on the last boot. > last boot has error. > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this platform... > TBOOT: chipset production fused: 1 > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > TBOOT: processor family/model/stepping: 0x306c3 > TBOOT: platform id: 0x4000000000000 > TBOOT: 1 ACM chipset id entries: > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 > TBOOT: 3 ACM processor id entries: > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 > TBOOT: SINIT matches platform > TBOOT: TXT.SINIT.BASE: 0xbef00000 > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > TBOOT: BIOS has already loaded an SINIT module > TBOOT: 1 ACM chipset id entries: > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 > TBOOT: 3 ACM processor id entries: > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 > TBOOT: BIOS-provided SINIT is older: date=20130612 > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > TBOOT: AC mod base alignment OK > TBOOT: AC mod size OK > TBOOT: AC module header dump for SINIT: > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > TBOOT: subtype: 0x0 > TBOOT: length: 0xa1 (161) > TBOOT: version: 0 > TBOOT: chipset_id: 0xb002 > TBOOT: flags: 0x0 > TBOOT: pre_production: 0 > TBOOT: debug_signed: 0 > TBOOT: vendor: 0x8086 > TBOOT: date: 0x20130712 > TBOOT: size*4: 0xce40 (52800) > TBOOT: code_control: 0x0 > TBOOT: entry point: 0x00000008:000062dc > TBOOT: scratch_size: 0x8f (143) > TBOOT: info_table: > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > TBOOT: ACM_UUID_V3 > TBOOT: chipset_acm_type: 0x1 (SINIT) > TBOOT: version: 4 > TBOOT: length: 0x2c (44) > TBOOT: chipset_id_list: 0x4ec > TBOOT: os_sinit_data_ver: 0x6 > TBOOT: min_mle_hdr_ver: 0x00020000 > TBOOT: capabilities: 0x0000002e > TBOOT: rlp_wake_getsec: 0 > TBOOT: rlp_wake_monitor: 1 > TBOOT: ecx_pgtbl: 1 > TBOOT: stm: 1 > TBOOT: pcr_map_no_legacy: 0 > TBOOT: pcr_map_da: 1 > TBOOT: platform_type: 0 > TBOOT: max_phy_addr: 0 > TBOOT: acm_ver: 75 > TBOOT: chipset list: > TBOOT: count: 1 > TBOOT: entry 0: > TBOOT: flags: 0x1 > TBOOT: vendor_id: 0x8086 > TBOOT: device_id: 0xb002 > TBOOT: revision_id: 0x1 > TBOOT: extended_id: 0x0 > TBOOT: processor list: > TBOOT: count: 3 > TBOOT: entry 0: > TBOOT: fms: 0x306c0 > TBOOT: fms_mask: 0xfff3ff0 > TBOOT: platform_id: 0x0 > TBOOT: platform_mask: 0x0 > TBOOT: entry 1: > TBOOT: fms: 0x40660 > TBOOT: fms_mask: 0xfff3ff0 > TBOOT: platform_id: 0x0 > TBOOT: platform_mask: 0x0 > TBOOT: entry 2: > TBOOT: fms: 0x40650 > TBOOT: fms_mask: 0xfff3ff0 > TBOOT: platform_id: 0x0 > TBOOT: platform_mask: 0x0 > TBOOT: file addresses: > TBOOT: &_start=0x804000 > TBOOT: &_end=0xac6460 > TBOOT: &_mle_start=0x804000 > TBOOT: &_mle_end=0x834000 > TBOOT: &_post_launch_entry=0x804010 > TBOOT: &_txt_wakeup=0x8041f0 > TBOOT: &g_mle_hdr=0x81b5a0 > TBOOT: MLE header: > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > TBOOT: length=34 > TBOOT: version=00020001 > TBOOT: entry_point=00000010 > TBOOT: first_valid_page=00000000 > TBOOT: mle_start_off=4000 > TBOOT: mle_end_off=34000 > TBOOT: capabilities: 0x00000027 > TBOOT: rlp_wake_getsec: 1 > TBOOT: rlp_wake_monitor: 1 > TBOOT: ecx_pgtbl: 1 > TBOOT: stm: 0 > TBOOT: pcr_map_no_legacy: 0 > TBOOT: pcr_map_da: 1 > TBOOT: platform_type: 0 > TBOOT: max_phy_addr: 0 > TBOOT: MLE start=804000, end=834000, size=30000 > TBOOT: ptab_size=3000, ptab_base=0x801000 > TBOOT: TXT.HEAP.BASE: 0xbef20000 > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > TBOOT: bios_data (@0xbef20008, 0x56): > TBOOT: version: 4 > TBOOT: bios_sinit_size: 0xce40 (52800) > TBOOT: lcp_pd_base: 0x0 > TBOOT: lcp_pd_size: 0x0 (0) > TBOOT: num_logical_procs: 8 > TBOOT: flags: 0x00000000 > TBOOT: ext_data_elts[]: > TBOOT: BIOS_SPEC_VER: > TBOOT: major: 0x2 > TBOOT: minor: 0x1 > TBOOT: rev: 0x0 > TBOOT: ACM: > TBOOT: num_acms: 1 > TBOOT: acm_addrs[0]: 0xfff7d000 > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000 > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > TBOOT: no LCP module found > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > TBOOT: version: 6 > TBOOT: flags: 0 > TBOOT: mle_ptab: 0x801000 > TBOOT: mle_size: 0x30000 (196608) > TBOOT: mle_hdr_base: 0x175a0 > TBOOT: vtd_pmr_lo_base: 0x0 > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > TBOOT: vtd_pmr_hi_base: 0x100000000 > TBOOT: vtd_pmr_hi_size: 0x340000000 > TBOOT: lcp_po_base: 0x0 > TBOOT: lcp_po_size: 0x0 (0) > TBOOT: capabilities: 0x00000002 > TBOOT: rlp_wake_getsec: 0 > TBOOT: rlp_wake_monitor: 1 > TBOOT: ecx_pgtbl: 0 > TBOOT: stm: 0 > TBOOT: pcr_map_no_legacy: 0 > TBOOT: pcr_map_da: 0 > TBOOT: platform_type: 0 > TBOOT: max_phy_addr: 0 > TBOOT: efi_rsdt_ptr: 0x0 > TBOOT: ext_data_elts[]: > TBOOT: EVENT_LOG_POINTER: > TBOOT: size: 16 > TBOOT: elog_addr: 0xbef30176 > TBOOT: Event Log Container: > TBOOT: Signature: TXT Event Container > TBOOT: ContainerVer: 1.0 > TBOOT: PCREventVer: 1.0 > TBOOT: Size: 20480 > TBOOT: EventsOffset: [48,48) > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, num_pages=13 > TBOOT: executing GETSEC[SENTER]... > > > > > ------------------------------------------------------------------------------ > Start Your Social Network Today - Download eXo Platform > Build your Enterprise Intranet with eXo Platform Software > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > Get Started Now And Turn Your Intranet Into A Collaboration Platform > http://p.sf.net/sfu/ExoPlatform > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel > -- Ross Philipson |
From: Justin King-L. <jus...@cs...> - 2014-04-29 13:31:29
|
Stupid question -- are you sure you're not reading them with the wrong endianness? (As in, should they be 0x10000001, 0x10000050, and 0x30000050?) Regards, Justin On 28 April 2014 19:38, Ross Philipson <ros...@ci...> wrote: > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size is 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size is 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > tboot_mle.elt tboot_hash > > + lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > --data owner_list.data list_unsig.lst > > + lcp_writepol -i owner -f owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol > > + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > /boot/initrd.img-3.13.0-24-generic tcb.pol > > + lcp_writepol -i 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 > f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 > 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, > extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, > extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > > ------------------------------------------------------------------------------ > > Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software > > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > > Get Started Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson > > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel > |
From: Ross P. <ros...@ci...> - 2014-04-29 14:00:05
|
On 04/29/2014 09:31 AM, Justin King-Lacroix wrote: > Stupid question -- are you sure you're not reading them with the wrong > endianness? (As in, should they be 0x10000001, 0x10000050, and 0x30000050?) The tool I am using comes from the tboot project - it is a utility that gets built. IIRC the TCG spec says TPM byte ordering should be big endian which is consistent with what the tool reported. Beyond that, those indexes are defined as 0x50000001 and 0x50000003. > > Regards, > Justin > > > On 28 April 2014 19:38, Ross Philipson <ros...@ci... > <mailto:ros...@ci...>> wrote: > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data > size is 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data > size is 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > tboot_mle.elt tboot_hash > > + lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol > owner_list.pol --data owner_list.data list_unsig.lst > > + lcp_writepol -i owner -f owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol > > + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' > --image /boot/initrd.img-3.13.0-24-generic tcb.pol > > + lcp_writepol -i 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 > 98 f8 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 > 02 b8 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > for this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, > revision: 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, > revision: 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > > ------------------------------------------------------------------------------ > > Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software > > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > > Get Started Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > <mailto:tbo...@li...> > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform > available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > _______________________________________________ > tboot-devel mailing list > tbo...@li... > <mailto:tbo...@li...> > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > -- Ross Philipson |
From: Wei, G. <gan...@in...> - 2014-05-05 02:45:24
|
The SINIT you are using is for Client platforms instead of servers. The server you are using already has a SINIT built in BIOS, tboot can find it and use it if you remove the SINIT line from grub config file. Give it a try. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Saturday, April 26, 2014 2:09 PM To: tbo...@li... Subject: [tboot-devel] getting txt errorcode 0xc0001c41 Hi, I'm getting txt error code 0xc0001c41 with rebooting the system afterwards. Mainboard Intel S1200RPL CPU XEON E3-1265L TPM AXXTPME5 Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) Distribution Ubuntu 14.04 w/ tboot 1.8 SINIT 4th_gen_i5_i7_SINIT_75.BIN Attached below how the TPM is set up and the tboot dump. I don't have any clue why I'm still getting the error. According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" Help pretty much appreciated. Thanks, Dieter + tpm_takeownership -z Enter owner password: Confirm password: + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b) Command DefIndex failed: TSS API failed + tpmnv_defindex -i owner -s 0x36 -p password Haven't input permission value, use default value 0x2 Successfully defined index 0x40000001 as permission 0x2, data size is 54 + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password Successfully defined index 0x20000001 as permission 0x2, data size is 512 + rm -r tmp + mkdir tmp + cd tmp + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out tboot_mle.elt tboot_hash + lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol --data owner_list.data list_unsig.lst + lcp_writepol -i owner -f owner_list.pol -p password Successfully write policy into index 0x40000001 + cp owner_list.data /boot + tb_polgen --create --type nonfatal tcb.pol + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image /boot/vmlinuz-3.13.0-24-generic tcb.pol + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image /boot/initrd.img-3.13.0-24-generic tcb.pol + lcp_writepol -i 0x20000001 -f tcb.pol -p password Successfully write policy into index 0x20000001 TBOOT: ******************* TBOOT ******************* TBOOT: 2014-01-30 12:00 +0800 1.8.0 TBOOT: ********************************************* TBOOT: command line: logging=serial,vga,memory TBOOT: BSP is cpu 0 TBOOT: original e820 map: TBOOT: 0000000000000000 - 000000000009bc00 (1) TBOOT: 000000000009bc00 - 00000000000a0000 (2) TBOOT: 00000000000e0000 - 0000000000100000 (2) TBOOT: 0000000000100000 - 00000000bbdc7000 (1) TBOOT: 00000000bbdc7000 - 00000000be782000 (2) TBOOT: 00000000be782000 - 00000000be788000 (4) TBOOT: 00000000be788000 - 00000000be8be000 (2) TBOOT: 00000000be8be000 - 00000000be8c2000 (4) TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) TBOOT: 00000000be8e4000 - 00000000be905000 (2) TBOOT: 00000000be905000 - 00000000be915000 (4) TBOOT: 00000000be915000 - 00000000be925000 (2) TBOOT: 00000000be925000 - 00000000beb2f000 (4) TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) TBOOT: 00000000bebf0000 - 00000000bec00000 (1) TBOOT: 00000000bec00000 - 00000000c0000000 (2) TBOOT: 00000000f8000000 - 00000000fc000000 (2) TBOOT: 00000000fec00000 - 00000000fec01000 (2) TBOOT: 00000000fed19000 - 00000000fed1a000 (2) TBOOT: 00000000fed1c000 - 00000000fed20000 (2) TBOOT: 00000000fee00000 - 00000000fee01000 (2) TBOOT: 00000000ff400000 - 0000000100000000 (2) TBOOT: 0000000100000000 - 0000000440000000 (1) TBOOT: TPM: TPM Family 0x3 TBOOT: TPM is ready TBOOT: TPM nv_locked: TRUE TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 TBOOT: Wrong timeout B, fallback to 2000 TBOOT: Wrong timeout C, fallback to 75000 TBOOT: reading Verified Launch Policy from TPM NV... TBOOT: :512 bytes read TBOOT: policy: TBOOT: version: 2 TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL TBOOT: hash_alg: TB_HALG_SHA1 TBOOT: policy_control: 00000001 (EXTEND_PCR17) TBOOT: num_entries: 2 TBOOT: policy entry[0]: TBOOT: mod_num: 0 TBOOT: pcr: 18 TBOOT: hash_type: TB_HTYPE_IMAGE TBOOT: num_hashes: 1 TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 f6 46 51 ca da TBOOT: policy entry[1]: TBOOT: mod_num: 1 TBOOT: pcr: 19 TBOOT: hash_type: TB_HTYPE_IMAGE TBOOT: num_hashes: 1 TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 8f 74 18 0f 60 TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 TBOOT: CPU is SMX-capable TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: TXT.ERRORCODE: 0xc0001c41 TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 TBOOT: TXT.ESTS: 0x0 TBOOT: TXT.E2STS: 0xc TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 TBOOT: CPU is SMX-capable TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: TXT.HEAP.BASE: 0xbef20000 TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) TBOOT: bios_data (@0xbef20008, 0x56): TBOOT: version: 4 TBOOT: bios_sinit_size: 0xce40 (52800) TBOOT: lcp_pd_base: 0x0 TBOOT: lcp_pd_size: 0x0 (0) TBOOT: num_logical_procs: 8 TBOOT: flags: 0x00000000 TBOOT: ext_data_elts[]: TBOOT: BIOS_SPEC_VER: TBOOT: major: 0x2 TBOOT: minor: 0x1 TBOOT: rev: 0x0 TBOOT: ACM: TBOOT: num_acms: 1 TBOOT: acm_addrs[0]: 0xfff7d000 TBOOT: CR0 and EFLAGS OK TBOOT: supports preserving machine check errors TBOOT: CPU is ready for SENTER TBOOT: checking previous errors on the last boot. last boot has error. TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this platform... TBOOT: chipset production fused: 1 TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 TBOOT: processor family/model/stepping: 0x306c3 TBOOT: platform id: 0x4000000000000 TBOOT: 1 ACM chipset id entries: TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 TBOOT: 3 ACM processor id entries: TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 TBOOT: SINIT matches platform TBOOT: TXT.SINIT.BASE: 0xbef00000 TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) TBOOT: BIOS has already loaded an SINIT module TBOOT: 1 ACM chipset id entries: TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 TBOOT: 3 ACM processor id entries: TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 TBOOT: BIOS-provided SINIT is older: date=20130612 TBOOT: copied SINIT (size=ce40) to 0xbef00000 TBOOT: AC mod base alignment OK TBOOT: AC mod size OK TBOOT: AC module header dump for SINIT: TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) TBOOT: subtype: 0x0 TBOOT: length: 0xa1 (161) TBOOT: version: 0 TBOOT: chipset_id: 0xb002 TBOOT: flags: 0x0 TBOOT: pre_production: 0 TBOOT: debug_signed: 0 TBOOT: vendor: 0x8086 TBOOT: date: 0x20130712 TBOOT: size*4: 0xce40 (52800) TBOOT: code_control: 0x0 TBOOT: entry point: 0x00000008:000062dc TBOOT: scratch_size: 0x8f (143) TBOOT: info_table: TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} TBOOT: ACM_UUID_V3 TBOOT: chipset_acm_type: 0x1 (SINIT) TBOOT: version: 4 TBOOT: length: 0x2c (44) TBOOT: chipset_id_list: 0x4ec TBOOT: os_sinit_data_ver: 0x6 TBOOT: min_mle_hdr_ver: 0x00020000 TBOOT: capabilities: 0x0000002e TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 1 TBOOT: stm: 1 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 1 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: acm_ver: 75 TBOOT: chipset list: TBOOT: count: 1 TBOOT: entry 0: TBOOT: flags: 0x1 TBOOT: vendor_id: 0x8086 TBOOT: device_id: 0xb002 TBOOT: revision_id: 0x1 TBOOT: extended_id: 0x0 TBOOT: processor list: TBOOT: count: 3 TBOOT: entry 0: TBOOT: fms: 0x306c0 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: entry 1: TBOOT: fms: 0x40660 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: entry 2: TBOOT: fms: 0x40650 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: file addresses: TBOOT: &_start=0x804000 TBOOT: &_end=0xac6460 TBOOT: &_mle_start=0x804000 TBOOT: &_mle_end=0x834000 TBOOT: &_post_launch_entry=0x804010 TBOOT: &_txt_wakeup=0x8041f0 TBOOT: &g_mle_hdr=0x81b5a0 TBOOT: MLE header: TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} TBOOT: length=34 TBOOT: version=00020001 TBOOT: entry_point=00000010 TBOOT: first_valid_page=00000000 TBOOT: mle_start_off=4000 TBOOT: mle_end_off=34000 TBOOT: capabilities: 0x00000027 TBOOT: rlp_wake_getsec: 1 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 1 TBOOT: stm: 0 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 1 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: MLE start=804000, end=834000, size=30000 TBOOT: ptab_size=3000, ptab_base=0x801000 TBOOT: TXT.HEAP.BASE: 0xbef20000 TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) TBOOT: bios_data (@0xbef20008, 0x56): TBOOT: version: 4 TBOOT: bios_sinit_size: 0xce40 (52800) TBOOT: lcp_pd_base: 0x0 TBOOT: lcp_pd_size: 0x0 (0) TBOOT: num_logical_procs: 8 TBOOT: flags: 0x00000000 TBOOT: ext_data_elts[]: TBOOT: BIOS_SPEC_VER: TBOOT: major: 0x2 TBOOT: minor: 0x1 TBOOT: rev: 0x0 TBOOT: ACM: TBOOT: num_acms: 1 TBOOT: acm_addrs[0]: 0xfff7d000 TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000 TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 TBOOT: no LCP module found TBOOT: os_sinit_data (@0xbef3517e, 0x7c): TBOOT: version: 6 TBOOT: flags: 0 TBOOT: mle_ptab: 0x801000 TBOOT: mle_size: 0x30000 (196608) TBOOT: mle_hdr_base: 0x175a0 TBOOT: vtd_pmr_lo_base: 0x0 TBOOT: vtd_pmr_lo_size: 0xbbc00000 TBOOT: vtd_pmr_hi_base: 0x100000000 TBOOT: vtd_pmr_hi_size: 0x340000000 TBOOT: lcp_po_base: 0x0 TBOOT: lcp_po_size: 0x0 (0) TBOOT: capabilities: 0x00000002 TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 0 TBOOT: stm: 0 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 0 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: efi_rsdt_ptr: 0x0 TBOOT: ext_data_elts[]: TBOOT: EVENT_LOG_POINTER: TBOOT: size: 16 TBOOT: elog_addr: 0xbef30176 TBOOT: Event Log Container: TBOOT: Signature: TXT Event Container TBOOT: ContainerVer: 1.0 TBOOT: PCREventVer: 1.0 TBOOT: Size: 20480 TBOOT: EventsOffset: [48,48) TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, num_pages=13 TBOOT: executing GETSEC[SENTER]... ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
From: dknueppel <dkn...@on...> - 2014-05-05 16:45:57
|
Hi Jimmy, thanks for your comment. Just tried out removing the 4th_gen_i5_i7_SINIT_75.BIN from /boot and from grub.cfg. You are right SINIT from BIOS is taken then. Unfortunately I still end up with the same results, i.e. still code 0xc0001c41 :-( Who is actually throwing this error? Isn't it tboot itself asking for an index not being available or are there other options too? I wonder whether additional tboot debug outputs might help? Thanks, Dieter -----Ursprüngliche Nachricht----- Von: Wei, Gang [mailto:gan...@in...] Gesendet: Montag, 5. Mai 2014 04:45 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 The SINIT you are using is for Client platforms instead of servers. The server you are using already has a SINIT built in BIOS, tboot can find it and use it if you remove the SINIT line from grub config file. Give it a try. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Saturday, April 26, 2014 2:09 PM To: tbo...@li... Subject: [tboot-devel] getting txt errorcode 0xc0001c41 Hi, I'm getting txt error code 0xc0001c41 with rebooting the system afterwards. Mainboard Intel S1200RPL CPU XEON E3-1265L TPM AXXTPME5 Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) Distribution Ubuntu 14.04 w/ tboot 1.8 SINIT 4th_gen_i5_i7_SINIT_75.BIN Attached below how the TPM is set up and the tboot dump. I don't have any clue why I'm still getting the error. According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" Help pretty much appreciated. Thanks, Dieter + tpm_takeownership -z Enter owner password: Confirm password: + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b) Command DefIndex failed: TSS API failed + tpmnv_defindex -i owner -s 0x36 -p password Haven't input permission value, use default value 0x2 Successfully defined index 0x40000001 as permission 0x2, data size is 54 + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password Successfully defined index 0x20000001 as permission 0x2, data size is 512 + rm -r tmp + mkdir tmp + cd tmp + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz lcp_crtpolelt + --create --type mle --ctrl 0x00 --minver 0 --out tboot_mle.elt + tboot_hash lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f + owner_list.pol -p password Successfully write policy into index 0x40000001 + cp owner_list.data /boot + tb_polgen --create --type nonfatal tcb.pol + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image /boot/vmlinuz-3.13.0-24-generic tcb.pol + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i 0x20000001 + -f tcb.pol -p password Successfully write policy into index 0x20000001 TBOOT: ******************* TBOOT ******************* TBOOT: 2014-01-30 12:00 +0800 1.8.0 TBOOT: ********************************************* TBOOT: command line: logging=serial,vga,memory TBOOT: BSP is cpu 0 TBOOT: original e820 map: TBOOT: 0000000000000000 - 000000000009bc00 (1) TBOOT: 000000000009bc00 - 00000000000a0000 (2) TBOOT: 00000000000e0000 - 0000000000100000 (2) TBOOT: 0000000000100000 - 00000000bbdc7000 (1) TBOOT: 00000000bbdc7000 - 00000000be782000 (2) TBOOT: 00000000be782000 - 00000000be788000 (4) TBOOT: 00000000be788000 - 00000000be8be000 (2) TBOOT: 00000000be8be000 - 00000000be8c2000 (4) TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) TBOOT: 00000000be8e4000 - 00000000be905000 (2) TBOOT: 00000000be905000 - 00000000be915000 (4) TBOOT: 00000000be915000 - 00000000be925000 (2) TBOOT: 00000000be925000 - 00000000beb2f000 (4) TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) TBOOT: 00000000bebf0000 - 00000000bec00000 (1) TBOOT: 00000000bec00000 - 00000000c0000000 (2) TBOOT: 00000000f8000000 - 00000000fc000000 (2) TBOOT: 00000000fec00000 - 00000000fec01000 (2) TBOOT: 00000000fed19000 - 00000000fed1a000 (2) TBOOT: 00000000fed1c000 - 00000000fed20000 (2) TBOOT: 00000000fee00000 - 00000000fee01000 (2) TBOOT: 00000000ff400000 - 0000000100000000 (2) TBOOT: 0000000100000000 - 0000000440000000 (1) TBOOT: TPM: TPM Family 0x3 TBOOT: TPM is ready TBOOT: TPM nv_locked: TRUE TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 TBOOT: Wrong timeout B, fallback to 2000 TBOOT: Wrong timeout C, fallback to 75000 TBOOT: reading Verified Launch Policy from TPM NV... TBOOT: :512 bytes read TBOOT: policy: TBOOT: version: 2 TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL TBOOT: hash_alg: TB_HALG_SHA1 TBOOT: policy_control: 00000001 (EXTEND_PCR17) TBOOT: num_entries: 2 TBOOT: policy entry[0]: TBOOT: mod_num: 0 TBOOT: pcr: 18 TBOOT: hash_type: TB_HTYPE_IMAGE TBOOT: num_hashes: 1 TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 f6 46 51 ca da TBOOT: policy entry[1]: TBOOT: mod_num: 1 TBOOT: pcr: 19 TBOOT: hash_type: TB_HTYPE_IMAGE TBOOT: num_hashes: 1 TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 8f 74 18 0f 60 TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 TBOOT: CPU is SMX-capable TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: TXT.ERRORCODE: 0xc0001c41 TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 TBOOT: TXT.ESTS: 0x0 TBOOT: TXT.E2STS: 0xc TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 TBOOT: CPU is SMX-capable TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: TXT.HEAP.BASE: 0xbef20000 TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) TBOOT: bios_data (@0xbef20008, 0x56): TBOOT: version: 4 TBOOT: bios_sinit_size: 0xce40 (52800) TBOOT: lcp_pd_base: 0x0 TBOOT: lcp_pd_size: 0x0 (0) TBOOT: num_logical_procs: 8 TBOOT: flags: 0x00000000 TBOOT: ext_data_elts[]: TBOOT: BIOS_SPEC_VER: TBOOT: major: 0x2 TBOOT: minor: 0x1 TBOOT: rev: 0x0 TBOOT: ACM: TBOOT: num_acms: 1 TBOOT: acm_addrs[0]: 0xfff7d000 TBOOT: CR0 and EFLAGS OK TBOOT: supports preserving machine check errors TBOOT: CPU is ready for SENTER TBOOT: checking previous errors on the last boot. last boot has error. TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this platform... TBOOT: chipset production fused: 1 TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 TBOOT: processor family/model/stepping: 0x306c3 TBOOT: platform id: 0x4000000000000 TBOOT: 1 ACM chipset id entries: TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 TBOOT: 3 ACM processor id entries: TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 TBOOT: SINIT matches platform TBOOT: TXT.SINIT.BASE: 0xbef00000 TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) TBOOT: BIOS has already loaded an SINIT module TBOOT: 1 ACM chipset id entries: TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 TBOOT: 3 ACM processor id entries: TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 TBOOT: BIOS-provided SINIT is older: date=20130612 TBOOT: copied SINIT (size=ce40) to 0xbef00000 TBOOT: AC mod base alignment OK TBOOT: AC mod size OK TBOOT: AC module header dump for SINIT: TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) TBOOT: subtype: 0x0 TBOOT: length: 0xa1 (161) TBOOT: version: 0 TBOOT: chipset_id: 0xb002 TBOOT: flags: 0x0 TBOOT: pre_production: 0 TBOOT: debug_signed: 0 TBOOT: vendor: 0x8086 TBOOT: date: 0x20130712 TBOOT: size*4: 0xce40 (52800) TBOOT: code_control: 0x0 TBOOT: entry point: 0x00000008:000062dc TBOOT: scratch_size: 0x8f (143) TBOOT: info_table: TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} TBOOT: ACM_UUID_V3 TBOOT: chipset_acm_type: 0x1 (SINIT) TBOOT: version: 4 TBOOT: length: 0x2c (44) TBOOT: chipset_id_list: 0x4ec TBOOT: os_sinit_data_ver: 0x6 TBOOT: min_mle_hdr_ver: 0x00020000 TBOOT: capabilities: 0x0000002e TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 1 TBOOT: stm: 1 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 1 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: acm_ver: 75 TBOOT: chipset list: TBOOT: count: 1 TBOOT: entry 0: TBOOT: flags: 0x1 TBOOT: vendor_id: 0x8086 TBOOT: device_id: 0xb002 TBOOT: revision_id: 0x1 TBOOT: extended_id: 0x0 TBOOT: processor list: TBOOT: count: 3 TBOOT: entry 0: TBOOT: fms: 0x306c0 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: entry 1: TBOOT: fms: 0x40660 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: entry 2: TBOOT: fms: 0x40650 TBOOT: fms_mask: 0xfff3ff0 TBOOT: platform_id: 0x0 TBOOT: platform_mask: 0x0 TBOOT: file addresses: TBOOT: &_start=0x804000 TBOOT: &_end=0xac6460 TBOOT: &_mle_start=0x804000 TBOOT: &_mle_end=0x834000 TBOOT: &_post_launch_entry=0x804010 TBOOT: &_txt_wakeup=0x8041f0 TBOOT: &g_mle_hdr=0x81b5a0 TBOOT: MLE header: TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} TBOOT: length=34 TBOOT: version=00020001 TBOOT: entry_point=00000010 TBOOT: first_valid_page=00000000 TBOOT: mle_start_off=4000 TBOOT: mle_end_off=34000 TBOOT: capabilities: 0x00000027 TBOOT: rlp_wake_getsec: 1 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 1 TBOOT: stm: 0 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 1 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: MLE start=804000, end=834000, size=30000 TBOOT: ptab_size=3000, ptab_base=0x801000 TBOOT: TXT.HEAP.BASE: 0xbef20000 TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) TBOOT: bios_data (@0xbef20008, 0x56): TBOOT: version: 4 TBOOT: bios_sinit_size: 0xce40 (52800) TBOOT: lcp_pd_base: 0x0 TBOOT: lcp_pd_size: 0x0 (0) TBOOT: num_logical_procs: 8 TBOOT: flags: 0x00000000 TBOOT: ext_data_elts[]: TBOOT: BIOS_SPEC_VER: TBOOT: major: 0x2 TBOOT: minor: 0x1 TBOOT: rev: 0x0 TBOOT: ACM: TBOOT: num_acms: 1 TBOOT: acm_addrs[0]: 0xfff7d000 TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000 TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 TBOOT: no LCP module found TBOOT: os_sinit_data (@0xbef3517e, 0x7c): TBOOT: version: 6 TBOOT: flags: 0 TBOOT: mle_ptab: 0x801000 TBOOT: mle_size: 0x30000 (196608) TBOOT: mle_hdr_base: 0x175a0 TBOOT: vtd_pmr_lo_base: 0x0 TBOOT: vtd_pmr_lo_size: 0xbbc00000 TBOOT: vtd_pmr_hi_base: 0x100000000 TBOOT: vtd_pmr_hi_size: 0x340000000 TBOOT: lcp_po_base: 0x0 TBOOT: lcp_po_size: 0x0 (0) TBOOT: capabilities: 0x00000002 TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 0 TBOOT: stm: 0 TBOOT: pcr_map_no_legacy: 0 TBOOT: pcr_map_da: 0 TBOOT: platform_type: 0 TBOOT: max_phy_addr: 0 TBOOT: efi_rsdt_ptr: 0x0 TBOOT: ext_data_elts[]: TBOOT: EVENT_LOG_POINTER: TBOOT: size: 16 TBOOT: elog_addr: 0xbef30176 TBOOT: Event Log Container: TBOOT: Signature: TXT Event Container TBOOT: ContainerVer: 1.0 TBOOT: PCREventVer: 1.0 TBOOT: Size: 20480 TBOOT: EventsOffset: [48,48) TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, num_pages=13 TBOOT: executing GETSEC[SENTER]... ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
From: dknueppel <dkn...@on...> - 2014-05-05 16:50:56
|
Hi Ross, Sorry for the delay, got an issue with my email server ... thanks for your hint. Agree, basically I have the same indexes. Even one more ... # tpmnv_getcap The response data is: 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 4 indices have been defined list of indices for defined NV storage areas: 0x10000001 0x1000f000 0x50000003 0x50000001 Guess those are created already by the BIOS when enabling the TPM. Do you know further details on how to debug tboot in order to find the missing (?) index? Thanks a lot, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:ros...@ci...] Gesendet: Montag, 28. April 2014 20:38 An: dknueppel; tbo...@li... Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 On 04/26/2014 02:09 AM, dknueppel wrote: > Hi, > > I'm getting txt error code 0xc0001c41 with rebooting the system afterwards. > > Mainboard Intel S1200RPL > CPU XEON E3-1265L > TPM AXXTPME5 > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > Distribution Ubuntu 14.04 w/ tboot 1.8 > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > Attached below how the TPM is set up and the tboot dump. > > I don't have any clue why I'm still getting the error. > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" You may be missing some NV indexes that the OEM is supposed to put there. For example on my Dell 6430 where I am using the TXT/TPM I have: # tpmnv_getcap The response data is: 10 00 00 01 50 00 00 01 50 00 00 03 3 indices have been defined list of indices for defined NV storage areas: 0x10000001 0x50000001 0x50000003 The second two need to be there - the are LCP related indexes (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are supposed to be create by the OEM then locked in NV RAM to prevent removal. > > Help pretty much appreciated. > > Thanks, > Dieter > > > + tpm_takeownership -z > Enter owner password: > Confirm password: > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p password > Tspi_NV_DefineSpace failed failed: NVRAM area already exists (0x08313b) > > Command DefIndex failed: > TSS API failed > + tpmnv_defindex -i owner -s 0x36 -p password > Haven't input permission value, use default value 0x2 > > Successfully defined index 0x40000001 as permission 0x2, data size is 54 > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > Successfully defined index 0x20000001 as permission 0x2, data size is 512 > + rm -r tmp > + mkdir tmp > + cd tmp > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out tboot_mle.elt tboot_hash > + lcp_crtpollist --create --out list_unsig.lst tboot_mle.elt > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol --data owner_list.data list_unsig.lst > + lcp_writepol -i owner -f owner_list.pol -p password > > Successfully write policy into index 0x40000001 > + cp owner_list.data /boot > + tb_polgen --create --type nonfatal tcb.pol > + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image /boot/vmlinuz-3.13.0-24-generic tcb.pol > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image /boot/initrd.img-3.13.0-24-generic tcb.pol > + lcp_writepol -i 0x20000001 -f tcb.pol -p password > > Successfully write policy into index 0x20000001 > > > > > TBOOT: ******************* TBOOT ******************* > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > TBOOT: ********************************************* > TBOOT: command line: logging=serial,vga,memory > TBOOT: BSP is cpu 0 > TBOOT: original e820 map: > TBOOT: 0000000000000000 - 000000000009bc00 (1) > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > TBOOT: 00000000000e0000 - 0000000000100000 (2) > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > TBOOT: 00000000be782000 - 00000000be788000 (4) > TBOOT: 00000000be788000 - 00000000be8be000 (2) > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > TBOOT: 00000000be905000 - 00000000be915000 (4) > TBOOT: 00000000be915000 - 00000000be925000 (2) > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > TBOOT: 00000000ff400000 - 0000000100000000 (2) > TBOOT: 0000000100000000 - 0000000440000000 (1) > TBOOT: TPM: TPM Family 0x3 > TBOOT: TPM is ready > TBOOT: TPM nv_locked: TRUE > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > TBOOT: Wrong timeout B, fallback to 2000 > TBOOT: Wrong timeout C, fallback to 75000 > TBOOT: reading Verified Launch Policy from TPM NV... > TBOOT: :512 bytes read > TBOOT: policy: > TBOOT: version: 2 > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > TBOOT: hash_alg: TB_HALG_SHA1 > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > TBOOT: num_entries: 2 > TBOOT: policy entry[0]: > TBOOT: mod_num: 0 > TBOOT: pcr: 18 > TBOOT: hash_type: TB_HTYPE_IMAGE > TBOOT: num_hashes: 1 > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 99 f6 46 51 ca da > TBOOT: policy entry[1]: > TBOOT: mod_num: 1 > TBOOT: pcr: 19 > TBOOT: hash_type: TB_HTYPE_IMAGE > TBOOT: num_hashes: 1 > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 10 8f 74 18 0f 60 > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > TBOOT: CPU is SMX-capable > TBOOT: CPU is VMX-capable > TBOOT: SMX is enabled > TBOOT: TXT chipset and all needed capabilities present > TBOOT: TXT.ERRORCODE: 0xc0001c41 > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > TBOOT: TXT.ESTS: 0x0 > TBOOT: TXT.E2STS: 0xc > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > TBOOT: CPU is SMX-capable > TBOOT: CPU is VMX-capable > TBOOT: SMX is enabled > TBOOT: TXT chipset and all needed capabilities present > TBOOT: TXT.HEAP.BASE: 0xbef20000 > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > TBOOT: bios_data (@0xbef20008, 0x56): > TBOOT: version: 4 > TBOOT: bios_sinit_size: 0xce40 (52800) > TBOOT: lcp_pd_base: 0x0 > TBOOT: lcp_pd_size: 0x0 (0) > TBOOT: num_logical_procs: 8 > TBOOT: flags: 0x00000000 > TBOOT: ext_data_elts[]: > TBOOT: BIOS_SPEC_VER: > TBOOT: major: 0x2 > TBOOT: minor: 0x1 > TBOOT: rev: 0x0 > TBOOT: ACM: > TBOOT: num_acms: 1 > TBOOT: acm_addrs[0]: 0xfff7d000 > TBOOT: CR0 and EFLAGS OK > TBOOT: supports preserving machine check errors > TBOOT: CPU is ready for SENTER > TBOOT: checking previous errors on the last boot. > last boot has error. > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this platform... > TBOOT: chipset production fused: 1 > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > TBOOT: processor family/model/stepping: 0x306c3 > TBOOT: platform id: 0x4000000000000 > TBOOT: 1 ACM chipset id entries: > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 > TBOOT: 3 ACM processor id entries: > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 > TBOOT: SINIT matches platform > TBOOT: TXT.SINIT.BASE: 0xbef00000 > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > TBOOT: BIOS has already loaded an SINIT module > TBOOT: 1 ACM chipset id entries: > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0 > TBOOT: 3 ACM processor id entries: > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0 > TBOOT: BIOS-provided SINIT is older: date=20130612 > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > TBOOT: AC mod base alignment OK > TBOOT: AC mod size OK > TBOOT: AC module header dump for SINIT: > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > TBOOT: subtype: 0x0 > TBOOT: length: 0xa1 (161) > TBOOT: version: 0 > TBOOT: chipset_id: 0xb002 > TBOOT: flags: 0x0 > TBOOT: pre_production: 0 > TBOOT: debug_signed: 0 > TBOOT: vendor: 0x8086 > TBOOT: date: 0x20130712 > TBOOT: size*4: 0xce40 (52800) > TBOOT: code_control: 0x0 > TBOOT: entry point: 0x00000008:000062dc > TBOOT: scratch_size: 0x8f (143) > TBOOT: info_table: > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > TBOOT: ACM_UUID_V3 > TBOOT: chipset_acm_type: 0x1 (SINIT) > TBOOT: version: 4 > TBOOT: length: 0x2c (44) > TBOOT: chipset_id_list: 0x4ec > TBOOT: os_sinit_data_ver: 0x6 > TBOOT: min_mle_hdr_ver: 0x00020000 > TBOOT: capabilities: 0x0000002e > TBOOT: rlp_wake_getsec: 0 > TBOOT: rlp_wake_monitor: 1 > TBOOT: ecx_pgtbl: 1 > TBOOT: stm: 1 > TBOOT: pcr_map_no_legacy: 0 > TBOOT: pcr_map_da: 1 > TBOOT: platform_type: 0 > TBOOT: max_phy_addr: 0 > TBOOT: acm_ver: 75 > TBOOT: chipset list: > TBOOT: count: 1 > TBOOT: entry 0: > TBOOT: flags: 0x1 > TBOOT: vendor_id: 0x8086 > TBOOT: device_id: 0xb002 > TBOOT: revision_id: 0x1 > TBOOT: extended_id: 0x0 > TBOOT: processor list: > TBOOT: count: 3 > TBOOT: entry 0: > TBOOT: fms: 0x306c0 > TBOOT: fms_mask: 0xfff3ff0 > TBOOT: platform_id: 0x0 > TBOOT: platform_mask: 0x0 > TBOOT: entry 1: > TBOOT: fms: 0x40660 > TBOOT: fms_mask: 0xfff3ff0 > TBOOT: platform_id: 0x0 > TBOOT: platform_mask: 0x0 > TBOOT: entry 2: > TBOOT: fms: 0x40650 > TBOOT: fms_mask: 0xfff3ff0 > TBOOT: platform_id: 0x0 > TBOOT: platform_mask: 0x0 > TBOOT: file addresses: > TBOOT: &_start=0x804000 > TBOOT: &_end=0xac6460 > TBOOT: &_mle_start=0x804000 > TBOOT: &_mle_end=0x834000 > TBOOT: &_post_launch_entry=0x804010 > TBOOT: &_txt_wakeup=0x8041f0 > TBOOT: &g_mle_hdr=0x81b5a0 > TBOOT: MLE header: > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > TBOOT: length=34 > TBOOT: version=00020001 > TBOOT: entry_point=00000010 > TBOOT: first_valid_page=00000000 > TBOOT: mle_start_off=4000 > TBOOT: mle_end_off=34000 > TBOOT: capabilities: 0x00000027 > TBOOT: rlp_wake_getsec: 1 > TBOOT: rlp_wake_monitor: 1 > TBOOT: ecx_pgtbl: 1 > TBOOT: stm: 0 > TBOOT: pcr_map_no_legacy: 0 > TBOOT: pcr_map_da: 1 > TBOOT: platform_type: 0 > TBOOT: max_phy_addr: 0 > TBOOT: MLE start=804000, end=834000, size=30000 > TBOOT: ptab_size=3000, ptab_base=0x801000 > TBOOT: TXT.HEAP.BASE: 0xbef20000 > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > TBOOT: bios_data (@0xbef20008, 0x56): > TBOOT: version: 4 > TBOOT: bios_sinit_size: 0xce40 (52800) > TBOOT: lcp_pd_base: 0x0 > TBOOT: lcp_pd_size: 0x0 (0) > TBOOT: num_logical_procs: 8 > TBOOT: flags: 0x00000000 > TBOOT: ext_data_elts[]: > TBOOT: BIOS_SPEC_VER: > TBOOT: major: 0x2 > TBOOT: minor: 0x1 > TBOOT: rev: 0x0 > TBOOT: ACM: > TBOOT: num_acms: 1 > TBOOT: acm_addrs[0]: 0xfff7d000 > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000 > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > TBOOT: no LCP module found > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > TBOOT: version: 6 > TBOOT: flags: 0 > TBOOT: mle_ptab: 0x801000 > TBOOT: mle_size: 0x30000 (196608) > TBOOT: mle_hdr_base: 0x175a0 > TBOOT: vtd_pmr_lo_base: 0x0 > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > TBOOT: vtd_pmr_hi_base: 0x100000000 > TBOOT: vtd_pmr_hi_size: 0x340000000 > TBOOT: lcp_po_base: 0x0 > TBOOT: lcp_po_size: 0x0 (0) > TBOOT: capabilities: 0x00000002 > TBOOT: rlp_wake_getsec: 0 > TBOOT: rlp_wake_monitor: 1 > TBOOT: ecx_pgtbl: 0 > TBOOT: stm: 0 > TBOOT: pcr_map_no_legacy: 0 > TBOOT: pcr_map_da: 0 > TBOOT: platform_type: 0 > TBOOT: max_phy_addr: 0 > TBOOT: efi_rsdt_ptr: 0x0 > TBOOT: ext_data_elts[]: > TBOOT: EVENT_LOG_POINTER: > TBOOT: size: 16 > TBOOT: elog_addr: 0xbef30176 > TBOOT: Event Log Container: > TBOOT: Signature: TXT Event Container > TBOOT: ContainerVer: 1.0 > TBOOT: PCREventVer: 1.0 > TBOOT: Size: 20480 > TBOOT: EventsOffset: [48,48) > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, num_pages=13 > TBOOT: executing GETSEC[SENTER]... > > > > > ------------------------------------------------------------------------------ > Start Your Social Network Today - Download eXo Platform > Build your Enterprise Intranet with eXo Platform Software > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > Get Started Now And Turn Your Intranet Into A Collaboration Platform > http://p.sf.net/sfu/ExoPlatform > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel > -- Ross Philipson |
From: Ross P. <Ros...@ci...> - 2014-05-06 14:33:36
|
> -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol > > + tb_polgen --add --num 0 --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > ---------------------------------------------------------------------- > > -------- Start Your Social Network Today - Download eXo Platform Build > > your Enterprise Intranet with eXo Platform Software Java Based Open > > Source Intranet - Social, Extensible, Cloud Ready Get Started Now And > > Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson |
From: dknueppel <dkn...@on...> - 2014-05-07 16:50:48
|
Hi Ross, I tried (removing the 4th_gen_i5_i7_SINIT_75.BIN ) using the SINIT within the BIOS. Ending up with the same error condition. I also checked for an updated version of SINIT, current one seems to be the latest one. But good point! Actually I haven't found any SINIT for the Xeon E3 v3 (Haswell) on Intel web pages, just the given one. I'm bit puzzled, don't think I'm the only one using an S1200RPx board with tboot?! Don't know, maybe I'm doing something wrong in between ... Anyway, next thing I'll do is to follow your suggestion and analyze the SINIT binary. Thanks, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:Ros...@ci...] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson |
From: dknueppel <dkn...@on...> - 2014-05-11 17:40:33
|
Hi, just wondering about index 0x50000002. It's "aux" and seems to be mandatory. I've got 0x50000003 and can't create 0x50000002 (always get an error with tpmnv_defindex). Intel seems to use 0x50000003 also as "aux". Inside tboot I haven't found any 0x50000003 ... Best regards, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:Ros...@ci...] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson |
From: Wei, G. <gan...@in...> - 2014-05-13 04:17:26
|
0x50000002 was already deprecated by 0x50000003 as "aux", in TXT. Tboot was not updated the default aux in the tools yet. The 0x50000001 & 0x50000003 indices can only be defined before the TPM NV is locked, which was already done for normal products before shipping. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Monday, May 12, 2014 1:31 AM To: Ross Philipson; dknueppel; tbo...@li... Subject: Re: [tboot-devel] getting txt errorcode 0xc0001c41 Hi, just wondering about index 0x50000002. It's "aux" and seems to be mandatory. I've got 0x50000003 and can't create 0x50000002 (always get an error with tpmnv_defindex). Intel seems to use 0x50000003 also as "aux". Inside tboot I haven't found any 0x50000003 ... Best regards, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:Ros...@ci...] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
From: Wei, G. <gan...@in...> - 2014-05-26 02:07:05
|
Hi, Dieter, Can you send out the lcp policy files (.pol & .data)? tboot 1.8.0 lcptools has a bug and not able to create working lcp policy. You can try two ways to check whether this is related to the lcptools bug: Way1: remove the owner index and reboot. Or Way2: regenerate the policy with lcptools in 1.8.1, and try again. One more alternative, you might try to ask for a bios update from the board vendor. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Thursday, May 08, 2014 12:41 AM To: Ross Philipson; dknueppel; tbo...@li... Subject: Re: [tboot-devel] getting txt errorcode 0xc0001c41 Hi Ross, I tried (removing the 4th_gen_i5_i7_SINIT_75.BIN ) using the SINIT within the BIOS. Ending up with the same error condition. I also checked for an updated version of SINIT, current one seems to be the latest one. But good point! Actually I haven't found any SINIT for the Xeon E3 v3 (Haswell) on Intel web pages, just the given one. I'm bit puzzled, don't think I'm the only one using an S1200RPx board with tboot?! Don't know, maybe I'm doing something wrong in between ... Anyway, next thing I'll do is to follow your suggestion and analyze the SINIT binary. Thanks, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:Ros...@ci...] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
From: dknueppel <dkn...@on...> - 2014-05-26 16:37:18
Attachments:
lcp.tgz
|
Hi Jimmy, thanks a lot for your suggestions! Immediately new tboot 1.8.1 showed up I've tried it out (incl. creating new policies), no change in behavior :-( Just removed owner index (0x40000001) as you suggested, basically with same results. Regarding the BIOS, I fear it's the latest version I have (I also tried the BIOS build-in SINIT). I'm currently discussing same issue within Intel developer. e.g. whether 4th_gen_i5_i7_SINIT_75.BIN is the correct SINIT - i.e. it seems not to be meant for server boards - basically tboot doesn't complain - the other way around, tboot states - "checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT for this platform..." - "SINIT matches platform" - "BIOS-provided SINIT is older: date=20130612" I guess the error is raised by the SINIT? If so, I think the key question is, what circumstance can force SINIT to raise this kind of error? Could you imagine any other than a missing index? I mean error is about the index as such not the content, but maybe I'm wrong with that assumption ... Attached you find the policy data files (generated with tboot version 1.8.1) and the script how I set them up. Thanks, Dieter -----Ursprüngliche Nachricht----- Von: Wei, Gang [mailto:gan...@in...] Gesendet: Montag, 26. Mai 2014 04:06 An: dknueppel; Ross Philipson; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 Hi, Dieter, Can you send out the lcp policy files (.pol & .data)? tboot 1.8.0 lcptools has a bug and not able to create working lcp policy. You can try two ways to check whether this is related to the lcptools bug: Way1: remove the owner index and reboot. Or Way2: regenerate the policy with lcptools in 1.8.1, and try again. One more alternative, you might try to ask for a bios update from the board vendor. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Thursday, May 08, 2014 12:41 AM To: Ross Philipson; dknueppel; tbo...@li... Subject: Re: [tboot-devel] getting txt errorcode 0xc0001c41 Hi Ross, I tried (removing the 4th_gen_i5_i7_SINIT_75.BIN ) using the SINIT within the BIOS. Ending up with the same error condition. I also checked for an updated version of SINIT, current one seems to be the latest one. But good point! Actually I haven't found any SINIT for the Xeon E3 v3 (Haswell) on Intel web pages, just the given one. I'm bit puzzled, don't think I'm the only one using an S1200RPx board with tboot?! Don't know, maybe I'm doing something wrong in between ... Anyway, next thing I'll do is to follow your suggestion and analyze the SINIT binary. Thanks, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:Ros...@ci...] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
From: dknueppel <dkn...@on...> - 2014-05-29 15:36:13
Attachments:
tpm.TGZ
|
Hi Jimmy, x-checked BIOS version again. I have to revert, there's a brand new one. updated the BIOS (board S1200RPL) to brand new version 02.01.0004 Now BIOS build-in SINIT is newer compared to the "4th_gen_i5_i7_SINIT_75.BIN" SINIT. Therefore removed "4th_gen_i5_i7_SINIT_75.BIN" SINIT completly. But still I'm getting 0xc0001c41 ! Attached you find: the tpm setup script, setup script screen printouts, the resulting policy files, the tboot log during boot Best regards, Dieter -----Ursprüngliche Nachricht----- Von: Wei, Gang [mailto:gan...@in...] Gesendet: Montag, 26. Mai 2014 04:06 An: dknueppel; Ross Philipson; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 Hi, Dieter, Can you send out the lcp policy files (.pol & .data)? tboot 1.8.0 lcptools has a bug and not able to create working lcp policy. You can try two ways to check whether this is related to the lcptools bug: Way1: remove the owner index and reboot. Or Way2: regenerate the policy with lcptools in 1.8.1, and try again. One more alternative, you might try to ask for a bios update from the board vendor. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Thursday, May 08, 2014 12:41 AM To: Ross Philipson; dknueppel; tbo...@li... Subject: Re: [tboot-devel] getting txt errorcode 0xc0001c41 Hi Ross, I tried (removing the 4th_gen_i5_i7_SINIT_75.BIN ) using the SINIT within the BIOS. Ending up with the same error condition. I also checked for an updated version of SINIT, current one seems to be the latest one. But good point! Actually I haven't found any SINIT for the Xeon E3 v3 (Haswell) on Intel web pages, just the given one. I'm bit puzzled, don't think I'm the only one using an S1200RPx board with tboot?! Don't know, maybe I'm doing something wrong in between ... Anyway, next thing I'll do is to follow your suggestion and analyze the SINIT binary. Thanks, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:Ros...@ci...] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
From: Wei, G. <gan...@in...> - 2014-05-30 02:50:24
|
This is quite possible a provisioning issue for PS(0x50000001) index. Please try to read PS content out with: # lcp_readpol -i default -f ps.pol -p password Please send out the ps.pol. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Thursday, May 29, 2014 11:27 PM To: Wei, Gang; dknueppel; Ross Philipson; tbo...@li... Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 Hi Jimmy, x-checked BIOS version again. I have to revert, there's a brand new one. updated the BIOS (board S1200RPL) to brand new version 02.01.0004 Now BIOS build-in SINIT is newer compared to the "4th_gen_i5_i7_SINIT_75.BIN" SINIT. Therefore removed "4th_gen_i5_i7_SINIT_75.BIN" SINIT completly. But still I'm getting 0xc0001c41 ! Attached you find: the tpm setup script, setup script screen printouts, the resulting policy files, the tboot log during boot Best regards, Dieter -----Ursprüngliche Nachricht----- Von: Wei, Gang [mailto:gan...@in...] Gesendet: Montag, 26. Mai 2014 04:06 An: dknueppel; Ross Philipson; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 Hi, Dieter, Can you send out the lcp policy files (.pol & .data)? tboot 1.8.0 lcptools has a bug and not able to create working lcp policy. You can try two ways to check whether this is related to the lcptools bug: Way1: remove the owner index and reboot. Or Way2: regenerate the policy with lcptools in 1.8.1, and try again. One more alternative, you might try to ask for a bios update from the board vendor. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Thursday, May 08, 2014 12:41 AM To: Ross Philipson; dknueppel; tbo...@li... Subject: Re: [tboot-devel] getting txt errorcode 0xc0001c41 Hi Ross, I tried (removing the 4th_gen_i5_i7_SINIT_75.BIN ) using the SINIT within the BIOS. Ending up with the same error condition. I also checked for an updated version of SINIT, current one seems to be the latest one. But good point! Actually I haven't found any SINIT for the Xeon E3 v3 (Haswell) on Intel web pages, just the given one. I'm bit puzzled, don't think I'm the only one using an S1200RPx board with tboot?! Don't know, maybe I'm doing something wrong in between ... Anyway, next thing I'll do is to follow your suggestion and analyze the SINIT binary. Thanks, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:Ros...@ci...] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
From: dknueppel <dkn...@on...> - 2014-05-30 05:44:58
Attachments:
ps.pol
|
Hi Jimmy, please find attached below the "ps.pol" and a screen dump on what happened. # lcp_readpol -i default -f ps.pol -p password No size has been specified. Will read all index data. begin to call the tss Tspi_NV_ReadValue Successfully read value from index: 0x50000001. Thanks a lot, Dieter -----Ursprüngliche Nachricht----- Von: Wei, Gang [mailto:gan...@in...] Gesendet: Freitag, 30. Mai 2014 04:50 An: dknueppel; Ross Philipson; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 This is quite possible a provisioning issue for PS(0x50000001) index. Please try to read PS content out with: # lcp_readpol -i default -f ps.pol -p password Please send out the ps.pol. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Thursday, May 29, 2014 11:27 PM To: Wei, Gang; dknueppel; Ross Philipson; tbo...@li... Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 Hi Jimmy, x-checked BIOS version again. I have to revert, there's a brand new one. updated the BIOS (board S1200RPL) to brand new version 02.01.0004 Now BIOS build-in SINIT is newer compared to the "4th_gen_i5_i7_SINIT_75.BIN" SINIT. Therefore removed "4th_gen_i5_i7_SINIT_75.BIN" SINIT completly. But still I'm getting 0xc0001c41 ! Attached you find: the tpm setup script, setup script screen printouts, the resulting policy files, the tboot log during boot Best regards, Dieter -----Ursprüngliche Nachricht----- Von: Wei, Gang [mailto:gan...@in...] Gesendet: Montag, 26. Mai 2014 04:06 An: dknueppel; Ross Philipson; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 Hi, Dieter, Can you send out the lcp policy files (.pol & .data)? tboot 1.8.0 lcptools has a bug and not able to create working lcp policy. You can try two ways to check whether this is related to the lcptools bug: Way1: remove the owner index and reboot. Or Way2: regenerate the policy with lcptools in 1.8.1, and try again. One more alternative, you might try to ask for a bios update from the board vendor. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dkn...@on...] Sent: Thursday, May 08, 2014 12:41 AM To: Ross Philipson; dknueppel; tbo...@li... Subject: Re: [tboot-devel] getting txt errorcode 0xc0001c41 Hi Ross, I tried (removing the 4th_gen_i5_i7_SINIT_75.BIN ) using the SINIT within the BIOS. Ending up with the same error condition. I also checked for an updated version of SINIT, current one seems to be the latest one. But good point! Actually I haven't found any SINIT for the Xeon E3 v3 (Haswell) on Intel web pages, just the given one. I'm bit puzzled, don't think I'm the only one using an S1200RPx board with tboot?! Don't know, maybe I'm doing something wrong in between ... Anyway, next thing I'll do is to follow your suggestion and analyze the SINIT binary. Thanks, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:Ros...@ci...] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tbo...@li... Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dkn...@on...] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tbo...@li... > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ros...@ci...] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tbo...@li... > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tbo...@li... > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |