trustedgrub-users — Topics interesting for TrustedGRUB users

Re: [Trustedgrub-users] TrustedGrub and Xen

[Olga G. <ol...@gm...>]

I just tried it with Xen 4.0.1 and it looks like it's booting fine. the only
issue I have (and it could because I just don't  how to address the drives
correctly) is with running checkfile on something within a logical
partition.
My current partition layout is as follows:
/dev/sda1  ext3  /boot 2GB -- primary physical partition
/dev/sda2 ext4 317GB virtual volume
     --> /dev/mapper/<hostname>-lvroot 64GB / partition <--- this is the one
I am trying to access and verify files on it. (/dev/dm-0)
    --> /dev/mapper/<hostname>-lvswap 8GB /swap (/dev/dm-1)
    the rest right now is free space, but that is where I am planning to
install various guest OS's - Windows, other versions of Linux, etc.

I don't have any problems running checkfile on anything in /dev/sda1
partition:
<hash> (hd0,0) /some-file ==> that works well
If (hd0,0) is /dev/sda1, then (hd0,1) would be /dev/sda2, but I can't figure
out how to access anything in the logical partitions above. Is that even
possible?

thanks,
Olga

On Mon, Dec 6, 2010 at 9:04 AM, Marcel Selhorst <m.s...@si...>wrote:

> Hi,
>
> last time I tried Xen, I was using Version 3.1, but it should work with Xen
> 4.0 aswell.
>
> Cheers,
> Marcel
>
> Am 29.11.2010 20:49, schrieb Olga Gelbart:
> > Hello everyone,
> > The TrustedGrub web site (http://www.sirrix.com/content/pages/50586.htm)
> > mentions that it was successfully used with Xen. I am trying to get it to
> > work with Xen 4.0.1 with a Fedora 13 pvops domain 0. Does anyone know
> what
> > version of Xen the website above refers to? Does it work with Xen 4.0.1
> or
> > with an older version?
> > thanks so much,
> > Olga
> --
> Sirrix AG security technologies -- http://www.sirrix.com
> Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
> Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
> Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
> Get my public key from keyserver, KeyId: 0x7C9821CC
> Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC
>
> Vorstand: Ammar Alkassar (Vors.), Christian Stueble
> Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
> Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken
>
> This message may contain confidential and/or privileged information.
> If you are not the addressee, you must not use, copy, disclose or
> take any action based on this message or any information herein.
> If you have received this message in error, please advise the sender
> immediately by reply e-mail and delete this message.
>

Re: [Trustedgrub-users] TrustedGrub and Xen

[Marcel S. <m.s...@si...>]

Hi,

last time I tried Xen, I was using Version 3.1, but it should work with Xen
4.0 aswell.

Cheers,
Marcel

Am 29.11.2010 20:49, schrieb Olga Gelbart:
> Hello everyone,
> The TrustedGrub web site (http://www.sirrix.com/content/pages/50586.htm)
> mentions that it was successfully used with Xen. I am trying to get it to
> work with Xen 4.0.1 with a Fedora 13 pvops domain 0. Does anyone know what
> version of Xen the website above refers to? Does it work with Xen 4.0.1 or
> with an older version?
> thanks so much,
> Olga
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

Re: [Trustedgrub-users] compiling TrustedGrub on 64-bit Fedora 13

[Marcel S. <m.s...@si...>]

Hi Olga,

Am 03.12.2010 16:47, schrieb Olga Gelbart:
> If anyone is interested, I figured out what 32-bit libraries need to be
> installed in order to compile TrustedGrub on a 64-bit Fedora 13 platform:
> 
> Install: glibc-devel.i686, libgcc45-32bit-4.5.0-20100604-1.12, and
> compat-gcc-34-3.4.6-18 (x86_64)
> 
> After I installed these libraries, all error messages below went away, and I
> was able to compile TrustedGrub with no problems.

Great, thanks for sharing this information!

Cheers,
Marcel
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

Re: [Trustedgrub-users] compiling TrustedGrub on 64-bit Fedora 13

[Olga G. <ol...@gm...>]

If anyone is interested, I figured out what 32-bit libraries need to be
installed in order to compile TrustedGrub on a 64-bit Fedora 13 platform:

Install: glibc-devel.i686, libgcc45-32bit-4.5.0-20100604-1.12, and
compat-gcc-34-3.4.6-18 (x86_64)

After I installed these libraries, all error messages below went away, and I
was able to compile TrustedGrub with no problems.

Olga


On Wed, Nov 24, 2010 at 9:28 AM, Olga Gelbart <ol...@gm...> wrote:

> Hi Marcel,
> I ran the gcc -print-multi-lib command, and I get pretty much the same
> output as you:
> .;
> 32;@m32
>
> I thought maybe I am missing some i686 libraries, so I installed
> glibc-static.i686, glibc-devel.i686, and libgcc.i686.
> That didn't help!
> Then I edited the the configure script to remove -m32 from CFLAGS. That
> fixed it. I was able to run configure and create the appropriate make files.
> Now it's chocking on the compilation:
>
> Here is a snippet of the output:
>
> - Compiling TrustedGRUB
> make  all-recursive
> make[1]: Entering directory `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5'
> Making all in netboot
> make[2]: Entering directory
> `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5/netboot'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory
> `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5/netboot'
> Making all in stage2
> make[2]: Entering directory
> `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5/stage2'
> gcc -DHAVE_CONFIG_H -I. -I.. -I../stage1  -Wall -Wmissing-prototypes
> -Wunused -Wshadow -Wpointer-arith -falign-jumps=1 -falign-loops=1
> -falign-functions=1 -Wundef -I../stage1 -fno-builtin -nostdinc
> -DSUPPORT_SERIAL=1 -DSUPPORT_HERCULES=1 -DFSYS_EXT2FS=1 -DFSYS_FAT=1
> -DFSYS_NTFS=1 -DFSYS_FFS=1 -DFSYS_UFS2=1 -DFSYS_MINIX=1 -DFSYS_REISERFS=1
> -DFSYS_VSTAFS=1 -DFSYS_JFS=1 -DFSYS_XFS=1 -DFSYS_ISO9660=1
> -DUSE_MD5_PASSWORDS=1 -DSHOW_SHA1 -fno-stack-protector -MT
> pre_stage2_exec-disk_io.o -MD -MP -MF .deps/pre_stage2_exec-disk_io.Tpo -c
> -o pre_stage2_exec-disk_io.o `test -f 'disk_io.c' || echo './'`disk_io.c
> disk_io.c:2056:8: warning: extra tokens at end of #endif directive
> disk_io.c: In function ‘make_saved_active’:
> disk_io.c:484: warning: cast from pointer to integer of different size
> disk_io.c:484: warning: cast to pointer from integer of different size
> disk_io.c:484: warning: cast from pointer to integer of different size
> disk_io.c:484: warning: cast to pointer from integer of different size
> disk_io.c:484: warning: cast from pointer to integer of different size
> disk_io.c:484: warning: cast to pointer from integer of different size
> disk_io.c:491: warning: cast from pointer to integer of different size
> disk_io.c:491: warning: cast to pointer from integer of different size
> disk_io.c:497: warning: cast from pointer to integer of different size
> disk_io.c:497: warning: cast to pointer from integer of different size
> disk_io.c:500: warning: cast from pointer to integer of different size
> disk_io.c:500: warning: cast to pointer from integer of different size
> disk_io.c: In function ‘set_partition_hidden_flag’:
> disk_io.c:551: warning: cast from pointer to integer of different size
> disk_io.c:551: warning: cast to pointer from integer of different size
> disk_io.c:553: warning: cast from pointer to integer of different size
> disk_io.c:553: warning: cast to pointer from integer of different size
> disk_io.c: In function ‘next_bsd_partition’:
> disk_io.c:629: warning: cast from pointer to integer of different size
> disk_io.c:629: warning: cast to pointer from integer of different size
> disk_io.c:639: warning: cast from pointer to integer of different size
> disk_io.c:639: warning: cast to pointer from integer of different size
> disk_io.c:641: warning: cast from pointer to integer of different size
> disk_io.c:641: warning: cast to pointer from integer of different size
> disk_io.c:645: warning: cast from pointer to integer of different size
> disk_io.c:645: warning: cast to pointer from integer of different size
> disk_io.c:646: warning: cast from pointer to integer of different size
> disk_io.c:646: warning: cast to pointer from integer of different size
> disk_io.c:647: warning: cast from pointer to integer of different size
> disk_io.c:647: warning: cast to pointer from integer of different size
> disk_io.c:652: warning: cast from pointer to integer of different size
> disk_io.c:652: warning: cast to pointer from integer of different size
> disk_io.c: In function ‘next_pc_slice’:
> disk_io.c:684: warning: cast from pointer to integer of different size
> disk_io.c:684: warning: cast to pointer from integer of different size
> disk_io.c:701: warning: cast from pointer to integer of different size
> disk_io.c:701: warning: cast to pointer from integer of different size
> disk_io.c:701: warning: cast from pointer to integer of different size
> disk_io.c:701: warning: cast to pointer from integer of different size
> disk_io.c:701: warning: cast from pointer to integer of different size
> disk_io.c:701: warning: cast to pointer from integer of different size
> disk_io.c:705: warning: cast from pointer to integer of different size
> disk_io.c:705: warning: cast to pointer from integer of different size
> disk_io.c:717: warning: cast from pointer to integer of different size
> disk_io.c:717: warning: cast to pointer from integer of different size
> disk_io.c:718: warning: cast from pointer to integer of different size
> disk_io.c:718: warning: cast to pointer from integer of different size
> disk_io.c:719: warning: cast from pointer to integer of different size
> disk_io.c:719: warning: cast to pointer from integer of different size
> disk_io.c: In function ‘set_bootdev’:
> disk_io.c:1186: warning: cast to pointer from integer of different size
> disk_io.c: In function ‘grub_open’:
> disk_io.c:1662: warning: cast to pointer from integer of different size
> disk_io.c:1673: warning: cast to pointer from integer of different size
> disk_io.c: In function ‘grub_read’:
> disk_io.c:1836: warning: passing argument 2 of ‘grub_memmove’ makes pointer
> from integer without a cast
> ./shared.h:924: note: expected ‘const void *’ but argument is of type ‘long
> unsigned int’
> disk_io.c:1867: warning: pointer targets in passing argument 2 of
> ‘sha1_update’ differ in signedness
> ./shared.h:982: note: expected ‘t_U8 *’ but argument is of type ‘char *’
> disk_io.c:1900: warning: cast to pointer from integer of different size
> disk_io.c:1911: warning: cast to pointer from integer of different size
> disk_io.c:1919: warning: cast to pointer from integer of different size
> disk_io.c:1948: warning: pointer targets in passing argument 2 of
> ‘sha1_update’ differ in signedness
> ./shared.h:982: note: expected ‘t_U8 *’ but argument is of type ‘char *’
> disk_io.c: In function ‘grub_close’:
> disk_io.c:2006: warning: statement with no effect
> disk_io.c: Assembler messages:
> disk_io.c:151: Error: Incorrect register `%rax' used with `l' suffix
> make[2]: *** [pre_stage2_exec-disk_io.o] Error 1
> make[2]: Leaving directory
> `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5/stage2'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5'
> make: *** [all] Error 2
>
> I did look through the config.log file and even though it worked and
> created Makefiles, there were some errors in it too. I don't know if they
> are related to these compilation errors or not. Maybe I should not have
> installed those additional libraries!
>
> I am attaching the config.log file just in case it might be helpful.
>
> Thanks so much for looking into it!
>
> Sincerely,
> Olga
>
>
>
> On Wed, Nov 24, 2010 at 4:18 AM, Marcel Selhorst <m.s...@si...>wrote:
>
>> Hi Olga,
>>
>> can you try to remove the "-m32" parameter, and see if that works on your
>> 64-Bit machine? This indeed looks like a multilib-issue, but I am not too
>> familiar with Fedora, so I can't tell, whether there is a special multilib
>> package for GCC. What is the output of:
>>
>> $ gcc -print-multi-lib
>>
>> Mine also shows "32;@m32"
>>
>> Cheers,
>> Marcel
>>
>> Am 23.11.2010 19:07, schrieb Olga Gelbart:
>> > Hello,
>> > I am trying to compile TrustedGrub on a 64-bit Fedora 13 distribution
>> > (2.6.32.25 kernel)
>> >
>> > I am getting the following error (excerpt from config.log):
>> > ----------------------------------
>> > configure:3340: checking whether the C compiler works
>> > configure:3362: gcc -m32 -DSHOW_SHA1 -fno-stack-protector   conftest.c
>>  >&5
>> > /usr/bin/ld: skipping incompatible
>> > /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so when searching for
>> -lgcc_s
>> > /usr/bin/ld: skipping incompatible
>> > /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so when searching for
>> -lgcc_s
>> > /usr/bin/ld: cannot find -lgcc_s
>> > collect2: ld returned 1 exit status
>> > configure:3366: $? = 1
>> > configure:3404: result: no
>> > configure: failed program was:
>> > | /* confdefs.h */
>> > | #define PACKAGE_NAME "GRUB"
>> > | #define PACKAGE_TARNAME "grub"
>> > | #define PACKAGE_VERSION "1.1.5"
>> > | #define PACKAGE_STRING "GRUB 1.1.5"
>> > | #define PACKAGE_BUGREPORT "m.s...@si...
>> > <mailto:m.s...@si...>"
>> > | #define PACKAGE_URL ""
>> > | #define PACKAGE "grub"
>> > | #define VERSION "1.1.5"
>> > | /* end confdefs.h.  */
>> > |
>> > | int
>> > | main ()
>> > | {
>> > |
>> > |   ;
>> > |   return 0;
>> > | }
>> > configure:3409: error: in `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5':
>> > configure:3413: error: C compiler cannot create executables
>> > ----------------------------------
>> > I've looked this up and it looks I need multilib in gcc. It's readily
>> > available as a package (gcc-multilib) for Ubuntu or Debian. Does anyone
>> > know if it's available for Fedora? Or is there another way to fix this
>> problem?
>> > Thanks in advance,
>> > Olga
>> --
>> Sirrix AG security technologies -- http://www.sirrix.com
>> Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
>> Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
>> Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
>> Get my public key from keyserver, KeyId: 0x7C9821CC
>> Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC
>>
>> Vorstand: Ammar Alkassar (Vors.), Christian Stueble
>> Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
>> Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken
>>
>> This message may contain confidential and/or privileged information.
>> If you are not the addressee, you must not use, copy, disclose or
>> take any action based on this message or any information herein.
>> If you have received this message in error, please advise the sender
>> immediately by reply e-mail and delete this message.
>>
>
>

[Trustedgrub-users] TrustedGrub and Xen

[Olga G. <ol...@gm...>]

Hello everyone,
The TrustedGrub web site (http://www.sirrix.com/content/pages/50586.htm)
mentions that it was successfully used with Xen. I am trying to get it to
work with Xen 4.0.1 with a Fedora 13 pvops domain 0. Does anyone know what
version of Xen the website above refers to? Does it work with Xen 4.0.1 or
with an older version?
thanks so much,
Olga

Re: [Trustedgrub-users] compiling TrustedGrub on 64-bit Fedora 13

[Marcel S. <m.s...@si...>]

Hi Olga,

can you try to remove the "-m32" parameter, and see if that works on your
64-Bit machine? This indeed looks like a multilib-issue, but I am not too
familiar with Fedora, so I can't tell, whether there is a special multilib
package for GCC. What is the output of:

$ gcc -print-multi-lib

Mine also shows "32;@m32"

Cheers,
Marcel

Am 23.11.2010 19:07, schrieb Olga Gelbart:
> Hello,
> I am trying to compile TrustedGrub on a 64-bit Fedora 13 distribution
> (2.6.32.25 kernel)
> 
> I am getting the following error (excerpt from config.log):
> ----------------------------------
> configure:3340: checking whether the C compiler works
> configure:3362: gcc -m32 -DSHOW_SHA1 -fno-stack-protector   conftest.c  >&5
> /usr/bin/ld: skipping incompatible
> /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so when searching for -lgcc_s
> /usr/bin/ld: skipping incompatible
> /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so when searching for -lgcc_s
> /usr/bin/ld: cannot find -lgcc_s
> collect2: ld returned 1 exit status
> configure:3366: $? = 1
> configure:3404: result: no
> configure: failed program was:
> | /* confdefs.h */
> | #define PACKAGE_NAME "GRUB"
> | #define PACKAGE_TARNAME "grub"
> | #define PACKAGE_VERSION "1.1.5"
> | #define PACKAGE_STRING "GRUB 1.1.5"
> | #define PACKAGE_BUGREPORT "m.s...@si...
> <mailto:m.s...@si...>"
> | #define PACKAGE_URL ""
> | #define PACKAGE "grub"
> | #define VERSION "1.1.5"
> | /* end confdefs.h.  */
> |
> | int
> | main ()
> | {
> |
> |   ;
> |   return 0;
> | }
> configure:3409: error: in `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5':
> configure:3413: error: C compiler cannot create executables
> ----------------------------------
> I've looked this up and it looks I need multilib in gcc. It's readily
> available as a package (gcc-multilib) for Ubuntu or Debian. Does anyone
> know if it's available for Fedora? Or is there another way to fix this problem?
> Thanks in advance,
> Olga
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

[Trustedgrub-users] compiling TrustedGrub on 64-bit Fedora 13

[Olga G. <ol...@gm...>]

Hello,
I am trying to compile TrustedGrub on a 64-bit Fedora 13 distribution
(2.6.32.25 kernel)

I am getting the following error (excerpt from config.log):
----------------------------------
configure:3340: checking whether the C compiler works
configure:3362: gcc -m32 -DSHOW_SHA1 -fno-stack-protector   conftest.c  >&5
/usr/bin/ld: skipping incompatible
/usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so when searching for
-lgcc_s
/usr/bin/ld: skipping incompatible
/usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so when searching for
-lgcc_s
/usr/bin/ld: cannot find -lgcc_s
collect2: ld returned 1 exit status
configure:3366: $? = 1
configure:3404: result: no
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "GRUB"
| #define PACKAGE_TARNAME "grub"
| #define PACKAGE_VERSION "1.1.5"
| #define PACKAGE_STRING "GRUB 1.1.5"
| #define PACKAGE_BUGREPORT "m.s...@si..."
| #define PACKAGE_URL ""
| #define PACKAGE "grub"
| #define VERSION "1.1.5"
| /* end confdefs.h.  */
|
| int
| main ()
| {
|
|   ;
|   return 0;
| }
configure:3409: error: in `/root/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5':
configure:3413: error: C compiler cannot create executables
----------------------------------
I've looked this up and it looks I need multilib in gcc. It's readily
available as a package (gcc-multilib) for Ubuntu or Debian. Does anyone know
if it's available for Fedora? Or is there another way to fix this problem?
Thanks in advance,
Olga

Re: [Trustedgrub-users] Kernel upgrade question

[Olga G. <ol...@gm...>]

Hi Marcel,
Ok, that makes a lot of more sense now! thank you so much for the
explanation. If I figure out why my "manual" kernel install (as opposed to a
package install) didn't work, I will post the results to this list. It might
be useful for everyone to know.

thanks,
Olga

On Tue, Oct 5, 2010 at 5:15 AM, Marcel Selhorst <m.s...@si...>wrote:

> Hi Olga,
>
> > So I downloaded a .deb package for the 2.6.34.1-blackjack kernel and
> > installed it using dpkg. That booted with no problems with TrustedGrub!
> > Apparently, if you use the package manager, then the new kernel installs
> > and boots fine.
>
> great!
>
> > I guess there was something wrong with my manual
> > install.
>
> Hmm, maybe, hard for me to reproduce that from here ;)
>
> > Actually, that brings up another question. I guess, I am not quite sure
> > what is going on behind the scenes in TrustedGrub. Why is it that if you
> > upgrade the kernel, the new kernel image and initrd hashes are instantly
> > verified?
>
> No, they are not verified, they are simply "measured", which means, that
> the content of your PCR-12 and PCR-14 reflect the booted kernel / initrd.
> If you exchange the kernel, these PCRs will be different.
> If you for example seal something (like a HDD encryption key) to these
> PCRs, than you won't be able to unseal the data due to the excanged kernel.
>
> The only way you can use TrustedGRUB to verify your kernel is if you use
> the checkfile()-functionality. There you have to add the file(s) you want
> to verify along with a reference value into a file and add the checkfile
> command to the menu.lst.
> This feature is nice, if you want to verify arbitrary files, for example
> your shadow / passwd-files / modules / whatever. For example:
>
> # cat /boot/checkfile-2.6.35.1
> a667bb647e6b5491e9a9797333dbc88ba9082aa9 (hd0,0)/etc/passwd
> 05b105697bb997e4db516b92201d541f5710a72f (hd0,0)/etc/shadow
>
> # cat /boot/grub/menu.lst
> title=Gentoo Linux 64-Bit 2.6.35.1
> checkfile=(hd0,0)/boot/checkfile-2.6.35.1
> kernel=(hd0,0)/boot/vmlinuz-2.6.35.1
>
> TrustedGRUB will load these files from disk, measure them, extend them into
> PCR-13 and will verify the calculated hash against the hash stored in the
> checkfile.
>
> Best regards,
> Marcel
> --
> Sirrix AG security technologies -- http://www.sirrix.com
> Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
> Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
> Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
> Get my public key from keyserver, KeyId: 0x7C9821CC
> Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC
>
> Vorstand: Ammar Alkassar (Vors.), Christian Stueble
> Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
> Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken
>
> This message may contain confidential and/or privileged information.
> If you are not the addressee, you must not use, copy, disclose or
> take any action based on this message or any information herein.
> If you have received this message in error, please advise the sender
> immediately by reply e-mail and delete this message.
>

Re: [Trustedgrub-users] Kernel upgrade question

[Marcel S. <m.s...@si...>]

Hi Olga,

> So I downloaded a .deb package for the 2.6.34.1-blackjack kernel and
> installed it using dpkg. That booted with no problems with TrustedGrub!
> Apparently, if you use the package manager, then the new kernel installs
> and boots fine.

great!

> I guess there was something wrong with my manual
> install.

Hmm, maybe, hard for me to reproduce that from here ;)

> Actually, that brings up another question. I guess, I am not quite sure
> what is going on behind the scenes in TrustedGrub. Why is it that if you
> upgrade the kernel, the new kernel image and initrd hashes are instantly
> verified?

No, they are not verified, they are simply "measured", which means, that
the content of your PCR-12 and PCR-14 reflect the booted kernel / initrd.
If you exchange the kernel, these PCRs will be different.
If you for example seal something (like a HDD encryption key) to these
PCRs, than you won't be able to unseal the data due to the excanged kernel.

The only way you can use TrustedGRUB to verify your kernel is if you use
the checkfile()-functionality. There you have to add the file(s) you want
to verify along with a reference value into a file and add the checkfile
command to the menu.lst.
This feature is nice, if you want to verify arbitrary files, for example
your shadow / passwd-files / modules / whatever. For example:

# cat /boot/checkfile-2.6.35.1
a667bb647e6b5491e9a9797333dbc88ba9082aa9 (hd0,0)/etc/passwd
05b105697bb997e4db516b92201d541f5710a72f (hd0,0)/etc/shadow

# cat /boot/grub/menu.lst
title=Gentoo Linux 64-Bit 2.6.35.1
checkfile=(hd0,0)/boot/checkfile-2.6.35.1
kernel=(hd0,0)/boot/vmlinuz-2.6.35.1

TrustedGRUB will load these files from disk, measure them, extend them into
PCR-13 and will verify the calculated hash against the hash stored in the
checkfile.

Best regards,
Marcel
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

Re: [Trustedgrub-users] Kernel upgrade question

[Olga G. <ol...@gm...>]

Hi Marcel,

So I downloaded a .deb package for the 2.6.34.1-blackjack kernel and
installed it using dpkg. That booted with no problems with TrustedGrub!
Apparently, if you use the package manager, then the new kernel installs and
boots fine. I guess there was something wrong with my manual install.

Actually, that brings up another question. I guess, I am not quite sure what
is going on behind the scenes in TrustedGrub. Why is it that if you upgrade
the kernel, the new kernel image and initrd hashes are instantly verified?
Shouldn't that verification fail because we've just overwritten the original
version (the one running when TrustedGrub was installed)? Is there a
document that describes what TrustedGrub is doing exactly?

best regards,
Olga

On Thu, Sep 30, 2010 at 10:28 AM, Olga Gelbart <ol...@gm...> wrote:

> Hi Marcel,
> I don't have Grub2 installed, because I have been using the same system
> since Ubuntu 9.04 (which still have grub 0.97). I just kept upgrading, so
> grub2 never got installed. Then I just installed TrustedGrub over 0.97 grub.
> What's interesting is that I just ran the update manager and updated my
> currently-running 2.6.32-24 kernel to 2.6.32-25, and that booted fine in
> TrustedGrub!
> In order to install 2.6.34.1 kernel, I downloaded the source, configured,
> compiled and installed it manually. Maybe I missed some step in the process?
>
> thanks,
> Olga
>
>
> On Thu, Sep 30, 2010 at 9:28 AM, Marcel Selhorst <m.s...@si...>wrote:
>
>> Hi Olga,
>>
>> I think the problem is, that Ubuntu usually comes with GRUB-2 and thus
>> updates only the "grub.cfg" file instead of the "menu.lst".
>> I think they had an update to 2.6.32-25, so you might need to change the
>> filenames from 2.6.32-24 to 2.6.32-25 in the following lines:
>> kernel= ...
>> initrd= ...
>>
>> Then, if you can boot, re-do the same thing in the /boot/grub/menu.lst and
>> save.
>>
>> Best regards,
>> Marcel
>>
>> Am 30.09.2010 15:08, schrieb Olga Gelbart:
>> > Hello everyone,
>> > I have currently running Ubuntu 10.04 with TrustedGrub 1.1.5 and the
>> kernel
>> > version 2.6.32-24. Yesterday I had to compile and install a newer
>> version of
>> > the kernel, 2.6.34.1. Of course now TrustedGrub fails on kernel
>> > verification:
>> > it is still looking for the 2.6.32-24 version and is giving me "Error
>> 15:
>> > File not found" error. I tried to re-install TrustedGrub by running
>> > grub-install again, but that does not help. I am happy that TrustedGrub
>> is
>> > doing what it is supposed to do, the can someone recommend what I have
>> to do
>> > to upgrade to a new kernel and have TrustedGrub verify it as well.
>> >
>> > thanks,
>> > Olga
>> >
>> >
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > Start uncovering the many advantages of virtual appliances
>> > and start using them to simplify application deployment and
>> > accelerate your shift to cloud computing.
>> > http://p.sf.net/sfu/novell-sfdev2dev
>> >
>> >
>> >
>> > _______________________________________________
>> > Trustedgrub-users mailing list
>> > Tru...@li...
>> > https://lists.sourceforge.net/lists/listinfo/trustedgrub-users
>>
>> --
>> Sirrix AG security technologies -- http://www.sirrix.com
>> Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
>> Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
>> Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
>> Get my public key from keyserver, KeyId: 0x7C9821CC
>> Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC
>>
>> Vorstand: Ammar Alkassar (Vors.), Christian Stueble
>> Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
>> Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken
>>
>> This message may contain confidential and/or privileged information.
>> If you are not the addressee, you must not use, copy, disclose or
>> take any action based on this message or any information herein.
>> If you have received this message in error, please advise the sender
>> immediately by reply e-mail and delete this message.
>>
>
>

Re: [Trustedgrub-users] Kernel upgrade question

[Olga G. <ol...@gm...>]

Hi Marcel,
I don't have Grub2 installed, because I have been using the same system
since Ubuntu 9.04 (which still have grub 0.97). I just kept upgrading, so
grub2 never got installed. Then I just installed TrustedGrub over 0.97 grub.
What's interesting is that I just ran the update manager and updated my
currently-running 2.6.32-24 kernel to 2.6.32-25, and that booted fine in
TrustedGrub!
In order to install 2.6.34.1 kernel, I downloaded the source, configured,
compiled and installed it manually. Maybe I missed some step in the process?

thanks,
Olga

On Thu, Sep 30, 2010 at 9:28 AM, Marcel Selhorst <m.s...@si...>wrote:

> Hi Olga,
>
> I think the problem is, that Ubuntu usually comes with GRUB-2 and thus
> updates only the "grub.cfg" file instead of the "menu.lst".
> I think they had an update to 2.6.32-25, so you might need to change the
> filenames from 2.6.32-24 to 2.6.32-25 in the following lines:
> kernel= ...
> initrd= ...
>
> Then, if you can boot, re-do the same thing in the /boot/grub/menu.lst and
> save.
>
> Best regards,
> Marcel
>
> Am 30.09.2010 15:08, schrieb Olga Gelbart:
> > Hello everyone,
> > I have currently running Ubuntu 10.04 with TrustedGrub 1.1.5 and the
> kernel
> > version 2.6.32-24. Yesterday I had to compile and install a newer version
> of
> > the kernel, 2.6.34.1. Of course now TrustedGrub fails on kernel
> > verification:
> > it is still looking for the 2.6.32-24 version and is giving me "Error 15:
> > File not found" error. I tried to re-install TrustedGrub by running
> > grub-install again, but that does not help. I am happy that TrustedGrub
> is
> > doing what it is supposed to do, the can someone recommend what I have to
> do
> > to upgrade to a new kernel and have TrustedGrub verify it as well.
> >
> > thanks,
> > Olga
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Start uncovering the many advantages of virtual appliances
> > and start using them to simplify application deployment and
> > accelerate your shift to cloud computing.
> > http://p.sf.net/sfu/novell-sfdev2dev
> >
> >
> >
> > _______________________________________________
> > Trustedgrub-users mailing list
> > Tru...@li...
> > https://lists.sourceforge.net/lists/listinfo/trustedgrub-users
>
> --
> Sirrix AG security technologies -- http://www.sirrix.com
> Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
> Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
> Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
> Get my public key from keyserver, KeyId: 0x7C9821CC
> Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC
>
> Vorstand: Ammar Alkassar (Vors.), Christian Stueble
> Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
> Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken
>
> This message may contain confidential and/or privileged information.
> If you are not the addressee, you must not use, copy, disclose or
> take any action based on this message or any information herein.
> If you have received this message in error, please advise the sender
> immediately by reply e-mail and delete this message.
>

Re: [Trustedgrub-users] Kernel upgrade question

[Marcel S. <m.s...@si...>]

Hi Olga,

I think the problem is, that Ubuntu usually comes with GRUB-2 and thus
updates only the "grub.cfg" file instead of the "menu.lst".
I think they had an update to 2.6.32-25, so you might need to change the
filenames from 2.6.32-24 to 2.6.32-25 in the following lines:
kernel= ...
initrd= ...

Then, if you can boot, re-do the same thing in the /boot/grub/menu.lst and
save.

Best regards,
Marcel

Am 30.09.2010 15:08, schrieb Olga Gelbart:
> Hello everyone,
> I have currently running Ubuntu 10.04 with TrustedGrub 1.1.5 and the kernel
> version 2.6.32-24. Yesterday I had to compile and install a newer version of
> the kernel, 2.6.34.1. Of course now TrustedGrub fails on kernel
> verification:
> it is still looking for the 2.6.32-24 version and is giving me "Error 15:
> File not found" error. I tried to re-install TrustedGrub by running
> grub-install again, but that does not help. I am happy that TrustedGrub is
> doing what it is supposed to do, the can someone recommend what I have to do
> to upgrade to a new kernel and have TrustedGrub verify it as well.
> 
> thanks,
> Olga
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> 
> 
> 
> _______________________________________________
> Trustedgrub-users mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedgrub-users

-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

[Trustedgrub-users] Kernel upgrade question

[Olga G. <ol...@gm...>]

Hello everyone,
I have currently running Ubuntu 10.04 with TrustedGrub 1.1.5 and the kernel
version 2.6.32-24. Yesterday I had to compile and install a newer version of
the kernel, 2.6.34.1. Of course now TrustedGrub fails on kernel
verification:
it is still looking for the 2.6.32-24 version and is giving me "Error 15:
File not found" error. I tried to re-install TrustedGrub by running
grub-install again, but that does not help. I am happy that TrustedGrub is
doing what it is supposed to do, the can someone recommend what I have to do
to upgrade to a new kernel and have TrustedGrub verify it as well.

thanks,
Olga

[Trustedgrub-users] What tool used to view PCR contents and Verify PCR 13?

[TEH J. Y. <jy...@ya...>]

Dear Users,
I refer to the posting entitled "PCR 1,2,3,6,7 identical" by  chloé Fouquet <fouquet.chloe@gm...> - 2010-07-07 10:37 in this forum. Link is: http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTil7ew6ireqYnwAWUtS924oNyo1vV40nhTscx6XY%40mail.gmail.com&forum_name=trustedgrub-users
Can someone inform me what tool can be used to display the PCR contents as in her posting and how to display these values?
I had attempted to Generate a Trusted State sealed key using tpm_sealdata from tpm_tools 1.3.5 and wish to see if the key is sealed to PCR 4,8,9,12,14.
I am trying do achive this : http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaai/tpm/liaaitpmstart.htm.
Further I am trying to ascertain if PCR 13 or 14 had been extended as per below :
root@jyteh-laptop-Vbox:/home/jyteh/Desktop/TrustedGRUB-1.1.4/TrustedGRUB-1.1.4/util# ./verify_pcr NULL /boot/vmlinuz-2.6.30-custom
*******************************************************************************
* Result for PCR: 73 69 8d 30 b3 80 eb b2 c0 59 04 22 a8 58 f9 7c e0 d8 90 51 *
*******************************************************************************

My sys details:
1. Ubuntu 9.04 running kernel 2.6.30 IMA enabled running as Guest OS in VirtualBox 3.1.6.2. TPM Emulator 0.6.1 3. TrustedGRUB 1.1.4 
Thanks in advance for kind help.
rgdsjyteh.


      

Re: [Trustedgrub-users] Error 13 on loading kernel after installing Trusted Grub

[Marcel S. <m.s...@si...>]

Hi Ariel,

> In fact, it looks like I made a mistake; that was my old grub.conf, 
> which was in a different subdirectory than /grub/, and a quirk of 
> cat-ing an entire directory deceived me into thinking it was in the 
> correct place. That's fixed now. Thanks.

perfect.

> However, I now get "Error 28: Selected item cannot fit into memory" 
> whichever option I choose from my grub menu, and booting is stopped. 

That's odd... what kernel are you using?
Since I just released a new version, which fixes the commandline-issue (now
you can load your kernel via the TrustedGRUB prompt), could you please test
version 1.1.5? If it still doesn't work, could you send me the kernel you
are booting, such that I can replay the issue in order to fix it?

Thanks,
Marcel
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

Re: [Trustedgrub-users] measurement of stage2 part2

[Marcel S. <m.s...@si...>]

Hi Thomas,

I just released a new version of TrustedGRUB. This fixed the issue of
verifying PCR-9. You can now do the following:

 $ cat /sys/class/misc/tpm0/device/pcrs

[...]
PCR-08: 38 EA A4 BE 80 5B D7 08 B2 E8 1F 7B C2 E5 69 FE 50 FF AA 0A
PCR-09: E0 7E A3 96 1C 48 33 0B 39 18 D0 29 1B ED 8B 6A 89 76 86 D5
[...]

 $ dd if=/boot/grub/stage2 bs=512 count=1 of=/tmp/stage2.part1
 $ dd if=/boot/grub/stage2 bs=512 skip=1  of=/tmp/stage2.part2
 $ verify_pcr NULL /tmp/stage2.part1

Result for PCR: 38 ea a4 be 80 5b d7 08 b2 e8 1f 7b c2 e5 69 fe 50 ff aa 0a

 $ verify_pcr NULL /tmp/stage2.part2

Result for PCR: e0 7e a3 96 1c 48 33 0b 39 18 d0 29 1b ed 8b 6a 89 76 86 d5

Best regards,
Marcel

Am 07.04.2010 20:42, schrieb Thomas Brinker:
> I did wonder how to precalculate the value of PCR9. Finally I am pretty sure 
> that usage of variable "counter" in stage2/start.S is not correct
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

[Trustedgrub-users] New TrustedGRUB release: version 1.1.5

[Marcel S. <m.s...@si...>]

Dear TrustedGRUB-users,

a new version 1.1.5 of TrustedGRUB is available:

http://sourceforge.net/projects/trustedgrub/files/TrustedGRUB-1.1.5/TrustedGRUB-1.1.5.tar.gz/download

It contains the following changes:

 * Added OpenBSD and FreeBSD patches from
   http://sourceforge.net/projects/bsssd
 * Fixed kernel loading from command line
 * Fixed counter variable in stage2

Feel free to mail us in case you encounter any problems or use our
ticketing system at:

https://projects.sirrix.com/trac/trustedgrub

Best regards,
Marcel Selhorst
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

Re: [Trustedgrub-users] Error 13 on loading kernel after installing Trusted Grub

[Ariel S. <as...@mi...>]

In fact, it looks like I made a mistake; that was my old grub.conf, 
which was in a different subdirectory than /grub/, and a quirk of 
cat-ing an entire directory deceived me into thinking it was in the 
correct place. That's fixed now. Thanks.

However, I now get "Error 28: Selected item cannot fit into memory" 
whichever option I choose from my grub menu, and booting is stopped. 
These are, again, kernels that booted with no problems before 
TrustedGRUB was installed.  Any idea what might be causing this, and how 
to fix it? I've looked through the source code, and nothing's jumping 
out at me as obvious places to look for the problem.

       Thanks,

               Ariel

On 8/5/10 4:23 AM, Marcel Selhorst wrote:
> Hi Ariel,
>
>> This is part of why I'm so confused: that's my grub.conf, which I can
>> clearly see from the grub shell in /grub/grub.conf. But I am still stuck
>> in the shell. I don't get any TrustedGRUB menu at all.
>
> So this means, that TrustedGRUB does not load "grub.conf"... hmmm...
> Do you have a symlink pointing from "menu.lst" to "grub.conf"?
> And can you actually "cat" the grub.conf within the TrustedGRUB shell?
> If so, than it is not a filesystem issue.
>
> Could you send me the output of
>
> # fdisk -l /dev/sda
>
> If you - for instance - have a dedicated boot-partition, then maybe a
> symlink is missing pointing from "/" to "boot".
>
> For Example:
>
> My hdd-layout looks similar to this
>
> /dev/sda1   *          63      224909      112423+  83  Linux -->  boot
> /dev/sda2          224910    17012834     8393962+  83  Linux -->  tmp
> /dev/sda3        17012835   100920329    41953747+  83  Linux -->  root
>
> The boot partition is mounted under /boot, such that the grub.conf is in
> /boot/grub/grub.conf during installation.
> However at boot time in TrustedGRUB it is located at (hd0,0)/grub/grub.conf
>
> If you create a symlink from "." to "boot", then it is also possible to
> load (hd0,0)/boot/grub/grub.conf
>
> # mount /dev/sda1 /boot
> # cd /boot
> # ln -s . boot
>
> Maybe it is just that.
>
> Marcel

Re: [Trustedgrub-users] Error 13 on loading kernel after installing Trusted Grub

[Marcel S. <m.s...@si...>]

Hi Ariel,

> This is part of why I'm so confused: that's my grub.conf, which I can 
> clearly see from the grub shell in /grub/grub.conf. But I am still stuck 
> in the shell. I don't get any TrustedGRUB menu at all.

So this means, that TrustedGRUB does not load "grub.conf"... hmmm...
Do you have a symlink pointing from "menu.lst" to "grub.conf"?
And can you actually "cat" the grub.conf within the TrustedGRUB shell?
If so, than it is not a filesystem issue.

Could you send me the output of

# fdisk -l /dev/sda

If you - for instance - have a dedicated boot-partition, then maybe a
symlink is missing pointing from "/" to "boot".

For Example:

My hdd-layout looks similar to this

/dev/sda1   *          63      224909      112423+  83  Linux --> boot
/dev/sda2          224910    17012834     8393962+  83  Linux --> tmp
/dev/sda3        17012835   100920329    41953747+  83  Linux --> root

The boot partition is mounted under /boot, such that the grub.conf is in
/boot/grub/grub.conf during installation.
However at boot time in TrustedGRUB it is located at (hd0,0)/grub/grub.conf

If you create a symlink from "." to "boot", then it is also possible to
load (hd0,0)/boot/grub/grub.conf

# mount /dev/sda1 /boot
# cd /boot
# ln -s . boot

Maybe it is just that.

Marcel
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

Re: [Trustedgrub-users] Error 13 on loading kernel after installing Trusted Grub

[Ariel S. <as...@mi...>]

This is part of why I'm so confused: that's my grub.conf, which I can 
clearly see from the grub shell in /grub/grub.conf. But I am still stuck 
in the shell. I don't get any TrustedGRUB menu at all.

I installed TrustedGrub via grub. I tried using grub-install previously, 
and ended up stuck in the shell without being able to detect the hard 
drive at all, so I reinstalled grub from a live CD and tried the 
alternate method this time. (The reinstalled ordinary grub worked just 
fine.)

                             Ariel


On 8/2/10 11:13 AM, Marcel Selhorst wrote:
> Hi Ariel,
>
> you said, that you were stuck within the TrustedGRUB shell, so I assumed,
> that your grub.conf is not found and that you typed in the root=... and the
> kernel=... lines into the shell.
>
> Does the TrustedGRUB menu show the entries from your grub.conf?
> And how did you install TrustedGRUB? Via grub-install or directly via grub?
>
> Thanks!
> Marcel
>
> Am 02.08.2010 17:07, schrieb Ariel Segall:
>> I'm not quite sure which line you're suggesting I add. Here's what's in
>> my grub.conf at the moment:
>>
>> default=0
>> timeout=5
>> splashimage=(hd0,0)/grub/splash.xpm.gz
>> hiddenmenu
>> title CentOS (2.6.18-194.3.1.el5)
>>        root (hd0,0)
>>        kernel /vmlinuz-2.6.18-194.3.1.el5 ro
>> root=/dev/VolGroup00/LogVol00 rhgb quiet
>>        initrd /initrd-2.6.18.194.3.1.el5.img
>> title CentOS (2.6.18-164.el5)
>>        root (hd0,0)
>>        kernel /vmlinuz-2.6.18-164.el5 ro root=/dev/VolGroup00/LogVol00
>> rhgb quiet
>>        initrd /initrd-2.6.18.164.el5.img
>>
>> It's the same grub.conf as I had had before switching to trusted grub.
>>
>>          Thanks,
>>          Ariel
>>
>> On 7/31/10 2:40 AM, Marcel Selhorst wrote:
>>> Hi Ariel,
>>>
>>> there is currently an issue when loading a kernel via the commandline of
>>> GRUB, which will be fixed in the next release.
>>> In the meantime, could you try to add the according kernel=... lines into
>>> the menu.lst / grub.conf and see, if that works?
>>>
>>> Thanks,
>>> Marcel
>>>
>>> Am 30.07.2010 20:09, schrieb Ariel Segall:
>>>> Unfortunately, upon rebooting the machine, I am now dropped into a grub
>>>> shell. Trusted Grub is clearly running, has detected the TPM, and does
>>>> not print any errors; however, not only is there no normal grub menu,
>>>> any attempt to load a kernel by hand produces "Error 13: Invalid or
>>
>

Re: [Trustedgrub-users] Error 13 on loading kernel after installing Trusted Grub

[Marcel S. <m.s...@si...>]

Hi Ariel,

you said, that you were stuck within the TrustedGRUB shell, so I assumed,
that your grub.conf is not found and that you typed in the root=... and the
kernel=... lines into the shell.

Does the TrustedGRUB menu show the entries from your grub.conf?
And how did you install TrustedGRUB? Via grub-install or directly via grub?

Thanks!
Marcel

Am 02.08.2010 17:07, schrieb Ariel Segall:
> I'm not quite sure which line you're suggesting I add. Here's what's in 
> my grub.conf at the moment:
> 
> default=0
> timeout=5
> splashimage=(hd0,0)/grub/splash.xpm.gz
> hiddenmenu
> title CentOS (2.6.18-194.3.1.el5)
>       root (hd0,0)
>       kernel /vmlinuz-2.6.18-194.3.1.el5 ro 
> root=/dev/VolGroup00/LogVol00 rhgb quiet
>       initrd /initrd-2.6.18.194.3.1.el5.img
> title CentOS (2.6.18-164.el5)
>       root (hd0,0)
>       kernel /vmlinuz-2.6.18-164.el5 ro root=/dev/VolGroup00/LogVol00 
> rhgb quiet
>       initrd /initrd-2.6.18.164.el5.img
> 
> It's the same grub.conf as I had had before switching to trusted grub.
> 
>         Thanks,
>         Ariel
> 
> On 7/31/10 2:40 AM, Marcel Selhorst wrote:
>> Hi Ariel,
>>
>> there is currently an issue when loading a kernel via the commandline of
>> GRUB, which will be fixed in the next release.
>> In the meantime, could you try to add the according kernel=... lines into
>> the menu.lst / grub.conf and see, if that works?
>>
>> Thanks,
>> Marcel
>>
>> Am 30.07.2010 20:09, schrieb Ariel Segall:
>>> Unfortunately, upon rebooting the machine, I am now dropped into a grub
>>> shell. Trusted Grub is clearly running, has detected the TPM, and does
>>> not print any errors; however, not only is there no normal grub menu,
>>> any attempt to load a kernel by hand produces "Error 13: Invalid or
> 

-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

Re: [Trustedgrub-users] Error 13 on loading kernel after installing Trusted Grub

[Ariel S. <as...@mi...>]

I'm not quite sure which line you're suggesting I add. Here's what's in 
my grub.conf at the moment:

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.3.1.el5)
      root (hd0,0)
      kernel /vmlinuz-2.6.18-194.3.1.el5 ro 
root=/dev/VolGroup00/LogVol00 rhgb quiet
      initrd /initrd-2.6.18.194.3.1.el5.img
title CentOS (2.6.18-164.el5)
      root (hd0,0)
      kernel /vmlinuz-2.6.18-164.el5 ro root=/dev/VolGroup00/LogVol00 
rhgb quiet
      initrd /initrd-2.6.18.164.el5.img

It's the same grub.conf as I had had before switching to trusted grub.

        Thanks,
        Ariel

On 7/31/10 2:40 AM, Marcel Selhorst wrote:
> Hi Ariel,
>
> there is currently an issue when loading a kernel via the commandline of
> GRUB, which will be fixed in the next release.
> In the meantime, could you try to add the according kernel=... lines into
> the menu.lst / grub.conf and see, if that works?
>
> Thanks,
> Marcel
>
> Am 30.07.2010 20:09, schrieb Ariel Segall:
>> Unfortunately, upon rebooting the machine, I am now dropped into a grub
>> shell. Trusted Grub is clearly running, has detected the TPM, and does
>> not print any errors; however, not only is there no normal grub menu,
>> any attempt to load a kernel by hand produces "Error 13: Invalid or

Re: [Trustedgrub-users] Error 13 on loading kernel after installing Trusted Grub

[Marcel S. <m.s...@si...>]

Hi Ariel,

there is currently an issue when loading a kernel via the commandline of
GRUB, which will be fixed in the next release.
In the meantime, could you try to add the according kernel=... lines into
the menu.lst / grub.conf and see, if that works?

Thanks,
Marcel

Am 30.07.2010 20:09, schrieb Ariel Segall:
> Unfortunately, upon rebooting the machine, I am now dropped into a grub 
> shell. Trusted Grub is clearly running, has detected the TPM, and does 
> not print any errors; however, not only is there no normal grub menu, 
> any attempt to load a kernel by hand produces "Error 13: Invalid or 
-- 
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

[Trustedgrub-users] Error 13 on loading kernel after installing Trusted Grub

[Ariel S. <as...@mi...>]

I installed Trusted Grub on a CentOS 5.4, 64-bit machine yesterday.
It's a fairly fresh CentOS install, with basically nothing except 
trousers and tpm-tools on it, running on a Dell Latitude d830. There 
were no errors during the Trusted Grub installation process, and the 
machine booted with no problems ~20 minutes before I installed tGrub. 
This is not a dual-boot machine; the entire hard drive was wiped during 
the CentOS installation.

Unfortunately, upon rebooting the machine, I am now dropped into a grub 
shell. Trusted Grub is clearly running, has detected the TPM, and does 
not print any errors; however, not only is there no normal grub menu, 
any attempt to load a kernel by hand produces "Error 13: Invalid or 
unsupported executable format". I'm clearly detecting the drive and can 
find the kernel images, along with the other /boot files. These aren't 
anything weird like Windows, just ordinary CentOS kernels that were 
booting just fine in grub yesterday using the exact same commands. 
Providing the kernel command with an explicit type argument does not 
make any difference.

I can't come up with any reason that Error 13, in particular, would be 
produced. I'll reinstall grub and try again if need be, but I'd prefer 
to have some idea of exactly what might have caused the error so I can 
fix it on the next time through. Has anyone seen this sort of problem 
before? Can you recommend any solutions, or even more informative tests?

                 Thanks,
                    Ariel

Re: [Trustedgrub-users] PCR 1,2,3,6,7 identical

[chloé F. <fou...@gm...>]

Here is my measurement log :

0 6d11f5888c7ac6dd738bf4e047d8fb5e66ad87c6 07 [S-CRTM Contents]
 0 6077b8e2d73432051afc70cb73ea287bd8ed8f3b 07 [S-CRTM Contents]
 0 be9185b5cbeffd4b4a3dfb2354fe6e6a05b3ee13 07 [S-CRTM Contents]
 0 3673d0b9e189d3ee5130a42124e9b36f903afa54 07 [S-CRTM Contents]
 4 c1e25c3f6b0dc78d57296aa2870ca6f782ccf80f 05 [Calling INT 19h]
 0 85e53271e14006f0265921d02d4d736cdc580b0b 04 [�]
 1 85e53271e14006f0265921d02d4d736cdc580b0b 04 [�]
 2 85e53271e14006f0265921d02d4d736cdc580b0b 04 [�]
 3 85e53271e14006f0265921d02d4d736cdc580b0b 04 [�]
 4 85e53271e14006f0265921d02d4d736cdc580b0b 04 [�]
 5 85e53271e14006f0265921d02d4d736cdc580b0b 04 [�]
 6 85e53271e14006f0265921d02d4d736cdc580b0b 04 [�]
 7 85e53271e14006f0265921d02d4d736cdc580b0b 04 [�]
 4 38f30a0a967fcf2bfee1e3b2971de540115048c8 05 [Returned INT 19h]
 4 f4ee5d643bc0f1fd9f427602020c6a4b5a2948a1 0c [Compact Hash]
 4 b72a2b23277c4c7a1a61a22815ba892e27d23709 05 [Return via INT 18h]
 4 b72a2b23277c4c7a1a61a22815ba892e27d23709 05 [Return via INT 18h]
 4 35ab609c6dd1a7172c58496db90adad4db528ffb 0c [Compact Hash]
 5 f15c1f5312da86c07e1d0ad01e00d96e428d0ebc 0c [Compact Hash]