This minor release is to provide hotfixes for some potential issues found in
1.9.8.
Source package tboot-1.9.9.tar.gz & tboot-1.9.9.tar.gz.gpg can be downloaded
from sourceforge.net.
Major changes since 1.9.8 (20181018)
tools: fix some dereference-NULL issues reported by klocwork
Tpmnv_defindex does not support well-known password.
Thanks
Jimmy
From: Jeanne Greulich [mailto:jeanne.greul...@onyxpoint.com]
Sent: Tuesday, September 11, 2018 1:10 AM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] tpmnv_defindex
Hello,
I am using tboot 1.9.7. I am tryng to cre
This minor release is to provide hotfixes for S3 issues found in 1.9.7.
Source package tboot-1.9.8.tar.gz & tboot-1.9.8.tar.gz.gpg can be downloaded
from sourceforge.net.
Major changes since 1.9.7 (20180830):
Skip tboot launch error index read/write when ignore prev err option is
t
This minor release is to provide mitigations for a series of reported
vulnerabilities and issues.
Source package tboot-1.9.7.tar.gz & tboot-1.9.7.tar.gz.gpg can be downloaded
from sourceforge.net.
Major changes since 1.9.6 (20170711):
Fix a lot of issues reported by klocwork scan.
Update maintainer list for Intel TXT
Signed-off-by: Gang Wei
diff --git a/MAINTAINERS b/MAINTAINERS
index cba790b..84c8fe7 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -5621,9 +5621,7 @@ F:Documentation/trace/intel_th.txt
F: drivers/hwtracing/intel_th/
INTEL(R) TRUSTED EXECUTION
On Mar 10, 2015 05:30, Brent Collins wrote:
> All,
>
> I have been having trouble with a couple of different pieces of hardware
> freezing during the tboot initialization and spent some time figuring
> out what was wrong.
>
> For reference, I was using tboot-1.8.1 as provided by the CentOS
> dist
It is fine to use kernel keyword to launch tboot in Grub v1 for non-uefi boot.
To me, the real issue is that the tpm module might not be properly provisioned.
Please check what nv indices were defined via tpm_nvinfo or tpmnv_getcap to see
what indices are defined.
Jimmy
From: Ahmed, Safayet (G
On Oct 14, 2014 02:14, Benjamin Block wrote:
> I finally got it to work, well at least to get into the MLE, still
> have to get back to Linux, but this will be the smaller part of the work.
>
> Over the last days I had some really weired problems with the
> starting- process though. The CPU work
On Sep 8, 2014 23:45, Benjamin Block wrote:
> Hello,
>
> just a short question about some of the more bloody details of Intel
> TXT. There are 2 specs atm - Intel TXT SDG (May 2014, rev 11) and the
> Intel 64/IA-32 Arch SDM (June 2014, rev. 51). Both define the state of
> the platform after SIN
: Tuesday, August 26, 2014 1:57 PM
To: Wei, Gang
Cc: tboot-devel@lists.sourceforge.net
Subject: Re: [Tboot-changelog] changeset in code: Security Fix: TBOOT Argument
Measurement Vuln...
There are several problems with this patch.
* The description of the vulnerability is inaccurate. There are boot
On Aug 21, 2014 05:31, Thomas Strobel wrote:
> Hi Benjamin,
>
> thank you very much for your detailed reply!
> Its much clearer now to me what the purposes of tboot and TrustedGRUB
> are. :)
>
> I would have one follow up question, though.
> Can tboot only work with PCR 17 and above, or can the l
On Aug 15, 2014 00:43, Benjamin Block wrote:
> Hej,
>
> just a short question because I'm a little confused about this: which
> lcptools are you supposed to use? In docs/ the policy-readme for
> modern systems is policy_v2.txt and then, in this file, lcptools and
> not
> lcptools_v2 is referenc
On Aug 15, 2014 00:25, Benjamin Block wrote:
> On 08/14/2014 03:27 AM, Wei, Gang wrote:> On Aug 8, 2014 03:09, John
> Marland wrote:
>>> I found a problem when compiling tboot 1.8.1 on SUSE 13.1 with gcc
>>> 4.8.1 - when I switched on debug i.e. export debug=y I got
On Aug 8, 2014 03:09, John Marland wrote:
> I found a problem when compiling tboot 1.8.1 on SUSE 13.1 with gcc
> 4.8.1 - when I switched on debug i.e.
> export debug=y
> I got some bizarre messages about trousers not being installed - it
> was indeed installed and it took me a while to figure out t
Please add “intel_iommu=on” for vmlinuz in your grub file to enable iommu which
will disable the PMR DMA protection enabled by SINIT and use VTd DMA memory map
to protect.
kernel /boot/tboot.gz logging=serial,vga,memory
serial=115200,8n1,0x60b0
module/boot/vmlinuz-3.2.0-27-gene
Thanks for requesting CVE id for this tboot vulnerability.
Jimmy
On Jul 31, 2014 16:32, Marcus Meissner wrote:
> Hi,
>
> CVE-2014-5118 was assigned by Mitre to this issue.
>
> Ciao, Marcus
> On Tue, Jul 29, 2014 at 09:02:40AM +, Wei, Gang wrote:
>> On Jul 29, 201
On Jul 29, 2014 16:36, Marcus Meissner wrote:
> Hi,
>
> Was there a CVE assigned for this issue?
No.
> Which tboot versions were affected?
All tboot versions before v1.8.2.
Jimmy
> Ciao, Marcus
> On Mon, Jul 28, 2014 at 04:02:10PM +, Wei, Gang wrote:
>> I woul
I would like to thank security researcher James Blake for reporting this
security issue and working with us to correct it.
Jimmy
From: Ren, Qiaowei [mailto:qiaowei@intel.com]
Sent: Monday, July 28, 2014 4:44 PM
To: tboot-devel@lists.sourceforge.net
Cc: Ren, Qiaowei
Subject: [tboot-devel] tb
You are right, the verified launch policy is tboot specific, that is why it is
not documented in TXT MLE DG. Sorry for the poor documentation for VL policy, I
would like to list it as a near future enhancement for tboot.
PS policy is always there for any TPM able to be used on shipped TXT capabl
, 2014 11:27 PM
To: Wei, Gang; dknueppel; Ross Philipson; tboot-devel@lists.sourceforge.net
Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41
Hi Jimmy,
x-checked BIOS version again. I have to revert, there's a brand new one.
updated the BIOS (board S1200RPL) to brand new ve
Hi, Dieter,
Can you send out the lcp policy files (.pol & .data)? tboot 1.8.0 lcptools has
a bug and not able to create working lcp policy.
You can try two ways to check whether this is related to the lcptools bug:
Way1: remove the owner index and reboot. Or
Way2: regenerate the policy with lcpt
0x5002 was already deprecated by 0x5003 as "aux", in TXT. Tboot was not
updated the default aux in the tools yet.
The 0x5001 & 0x5003 indices can only be defined before the TPM NV is
locked, which was already done for normal products before shipping.
Thanks
Jimmy
-Original
You need also to install openssl-devel in order to build all tboot components.
In recent Fedora, to get /dev/tpm0 device, you have to install
kernel-modules-extra rpm (notes, remember to boot with the updated kernel
version coming together as dependency of kernel-modules-extra).
Thanks
Jimmy
F
The SINIT you are using is for Client platforms instead of servers. The server
you are using already has a SINIT built in BIOS, tboot can find it and use it
if you remove the SINIT line from grub config file.
Give it a try.
Thanks
Jimmy
-Original Message-
From: dknueppel [mailto:dknuep
cprise wrote on 2014-04-03:
>
> On 04/01/14 22:38, Wei, Gang wrote:
>>
>> I saw two additional reserved memory region in BIOS e820 table between
>> 1G~4G:
>>
>> TBOOT: 2000 - 2020 (2)
>> ...
>> TBOOT: 4
cprise wrote on 2014-04-01:
> When booting via the Qubes OS anti-evil maid process, which relies on
> tboot, I have nearly 3GB less total RAM available to the system
> according to xen 'xl info' command. (See discussion in this thread after
> March 30:
> https://groups.google.com/forum/#!topic/qube
Ed Swierk wrote on 2014-02-21:
> The latest tboot crashes during boot if there's no TPM at all, because
> write_tb_error_code() tries to dereference the null g_tpm pointer.
>
> IMHO all the functions that dereference g_tpm should first check if
> it's null, and return an error code. This patch fixe
Ed Swierk wrote on 2014-02-21:
> This patch fixes a bug in determine_multiboot_type() that causes an
> infinite loop while searching for a multiboot header.
Thank you for the fix. It will be upstreamed soon with your signed-off.
Jimmy
smime.p7s
Description: S/MIME cryptographic signature
--
David Binderman wrote on 2014-01-30:
> Hello there,
>
> It seems that a few bugs I reported two months ago
> didn't get into this new release.
>
> Here is a reminder
>
> $ fgrep "(style)" cppcheck.out | fgrep Same
> [tboot-1.8.0/lcptools/hash.c:141] -> [tboot-1.8.0/lcptools/hash.c:141]:
(style)
This major release is to provide EFI boot support, TPM NV measuring, and
TPM2.0 support. The EFI & TPM2 support are not fully completed yet, more
enhancements will coming in next minor release.
Source package tboot-1.8.0.tar.gz can be downloaded from sourceforge.net.
Major changes since 1.7.4 (20
Nehal,
Thank you for the patch. Based on your patch I have a more general patch to
do this via extend tboot policy mechanism. The patch is attached FYI. It
will get into upstream soon. I will add your signed-off-by lines in the
patch too.
Thanks
Jimmy
From: Nehal Bandi [mailto:nehal.ba...@citrix
Ren, Qiaowei wrote on 2013-12-10:
> Documentation/x86 is a more fitting place for intel_txt.txt.
>
> Signed-off-by: Qiaowei Ren
> ---
> Documentation/intel_txt.txt | 210
> --- Documentation/x86/intel_txt.txt
> | 210
David Binderman wrote on 2013-11-20:
> hello there,
>
> I recently ran the static analyser "cppcheck" over the source code of
> tboot-1.7.3
>
> It said
>
> [common/hash.c:137] -> [common/hash.c:137]: (style) Same expression on
> both sides of '||'.
>
> Source code is
>
> void copy_hash(tb_hash
To facilitate easier ecosystem/community communication, a new home page was
created for OAT project @ https://01.org/openattestation, and a mailing list
was created as oat-de...@lists.01.org. And the code tree is still hosted on
github.
You can subscribe in oat-devel list on
https://lists.01.org/m
Have you ever enabled TXT in BIOS correctly? Can you run tboot to make sure
your HW configuration is ready for TXT launch?
Jimmy
Charles York wrote on 2013-10-10:
> Also since Charles Bushong was pointing out that he had seen this
> before, I suppose I should post the laptop model/hardware just i
Yes, your tpm nvram was already locked. No way to unlock it. But it is just
fine.
To define the LCP policy “owner” index, you should install tpm-tools and
execute “tpm_takeownership -z” first, then followed by “tpmnv_defindex -i owner
-p ”.
BTW, your booting with tboot failed because you
Muhammad Imran KHAN wrote on 2013-07-09:
>
> Hi All,
>
>
> I am beginer in this area. I am trying to install Tboot. My OS is "Linux
> 3.2.0-29-generic x86_64".
>
> Is there any step by step guide or document for installing tboot.
>
> Your help will be highly appriciated.
I suppose you are using Ub
Source package tboot-1.7.4.tar.gz can be downloaded from sourceforge.net.
Major changes since 1.7.3 (20121228):
Fix possible empty submenu block in generated grub.cfg
Add a call_racm=check option for easy RACM launch result check
Fix type check for revocation ACM.
This minor relea
Alexander Kjeldaas wrote on 2013-07-06:
>
> Hi, I wonder if there are any plans for UEFI or Secure Boot support in
> tboot. If it won't happen in tboot, are there other prospects for
> getting an UEFI Trusted Boot?
UEFI support development is still ongoing for tboot. Secure Boot support might
be
Pleasure to help, keep enjoying it.
Jimmy
> -Original Message-
> From: Hong Hu [mailto:huhong...@gmail.com]
> Sent: Friday, May 31, 2013 10:10 PM
> To: Wei, Gang
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] TBOOT ERRORCODE: 0xc00020a1
>
&g
m]
> Sent: Friday, May 31, 2013 9:13 PM
> To: Wei, Gang
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] TBOOT ERRORCODE: 0xc00020a1
>
> Hi Jimmy,
>
> Thanks for your reply.
>
> Here is the command I used to generate tb policy ;
>
>
Hong Hu wrote on 2013-05-31:
> Hi Jimmy,
>
> Thanks for you help.
>
> Now I can almost successfully run tboot on X220 tablet. The only problem
> is the verification of module 0 (linux kernel in my case) which is
> extended to PCR-18 failed.
>
> I followed instructions in docs/policy_v2.txt and l
Please have a try with 3nd_gen_i5_i7_SINIT_51.BIN
Jimmy
-Original Message-
From: Hong Hu [mailto:huhong...@gmail.com]
Sent: Thursday, May 30, 2013 3:38 PM
To: Wei, Gang
Cc: tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] TBOOT ERRORCODE: 0xc00020a1
Hi Jimmy,
By setting
Hong Hu wrote on 2013-05-27:
> Hi,
>
> Currently I'm trying to work on TBOOT. However I get an error which is
> "TXT.ERRORCODE: 0xc00020a1". I checked the sinit_errors.txt and found this
> error was due to "device scope of VT-d DMAR ACPI table is invalid". I
searched
> on line and someone said thi
henry del wrote on 2013-05-22:
>> We just expect tboot to be used together with VMM/Kernel with tboot
>> support. The tboot support should be confirmed before adding tboot to
>> the control flow. So we don't add any interface in Xen/Linux to
>> indicate the tboot support to tboot in the runtime.
>
Guiheux Goulven wrote on 2013-05-21:
> Hi,
> I am actually playing with Intel TXT (not TBOOT).
> But my code that launchs DRTM fails with the following TXT error code :
> 0xC00024E1 (using txt-stat).
> I use the lastest SINIT AC for my chipset (2nd_gen_i5_i7_SINIT_51.BIN) but
I
> can't find my erro
henry del wrote on 2013-05-21:
>
> On Tue, May 21, 2013 at 2:31 PM, Wei, Gang wrote:
>
>
> >The control flow is right. And it is supposed that even Xen is not
tboot
> >aware, it should still be able to boot up and able to bring up
guest, but
> >
> henry
>
>
>
> On Sun, May 19, 2013 at 3:36 PM, henry del wrote:
>
>
>
>
>
> On Sun, May 19, 2013 at 10:15 AM, Wei, Gang
wrote:
>
>
> henry del wrote on 2013-05-18:
>
> >> Thank you for
henry del wrote on 2013-05-18:
> Thank you for your prompt reply. Yet I have another question.
> According to the TXT spec, if GETSEC[SENTER] leaf function has not been
> used to launch a measured environment, it's impossible to make use of
> locality 1-4. Because registers in the private s
henry del wrote on 2013-05-16:
> Hi,
>
> According to Joseph, Tboot is a specific implementation of an MLE
> (Measured Launched Environment). Tboot encapsulates most of the
> TXT-specific knowledge so that it can launch an OS or VMM that is only
> minimally aware of TXT.
>
>As for bitvisor, i
Oh, the question should be in what states all the AP CPU registers are. Do you
think we need to define the case like what Intel SDM defined for
getsec[SENTER]?
Jimmy
H. Peter Anvin wrote on 2013-05-15:
> No, this does not really answer the question of what the CPU state looks
> like.
>
> "Ren,
Ross Philipson wrote on 2013-04-30:
> We have been looking at the code in tboot.c that sets the tboot memory
> area to E820_UNUSABLE when it detects that the next module is not Linux.
> Specifically this code:
>
> uint32_t mem_type = is_kernel_linux() ? E820_RESERVED : E820_UNUSABLE;
>
> And this
Hal Finney wrote on 2013-04-21:
>
http://software.intel.com/en-us/articles/intel-trusted-execution-technology/
>
> When I click on any of the SINIT modules, I get Page not found. Hopefully
this is
> temporary; just thought I'd let you know.
It is temporary case, accessible now.
> Oh, while I'm w
The platform using Q45_Q43_SINIT_51.BIN only supports LCP v1. You should not
try lcp v2 on it.
You should try to follow docs/policy_v1.txt to create the LCP v1 policy and
have a further try.
Thanks
Jimmy
Charles Bushong wrote on 2013-04-11:
> So while I wait for a miracle on my other system, I h
Jay Schwichtenberg wrote on 2013-04-10:
> Jay Schwichtenberg yahoo.com> writes:
>
>>
>> Hello,
>>
>> With the help from this group I was able to get my server setup with
>> tboot and running (THANKS!). I've got my code written and I'm in the
>> testing phase. One of the test criteria that I was
Charles Bushong wrote on 2013-03-25:
> Hi all,
>
>
> I'm trying to get tboot up and running for my first time, and this list
> has been a great help. However it seems I'm running into some problems
> when actually validating the modules. I was hoping someone might have
> some insight as to what
Jan Beulich wrote on 2013-03-11:
> In version 3.4 acpi_os_prepare_sleep() got introduced in parallel with
> reduced hardware sleep support, and the two changes didn't get
> synchronized: The new code doesn't call the hook function (if so
> requested). Fix this, requiring a boolean parameter to be a
>
> ###
> ### Define owner in NV space.
> ###
> tpmnv_defindex -i owner -p $mypw
>
> ###
> ### Write LCP and launch policy to TPM
> ###
> lcp_writepol -i owner -f list.pol -p $mypw
> pause
>
> ###
> ### Copy list.data to /boot.
> ### Modify /boot/grub/grub.c
Jay Schwichtenberg wrote on 2013-03-06:
> Here's the error code from the second boot attempt.
>
> Thanks
> Jay S.
>
>
> TBOOT: TXT chipset and all needed capabilities present
> TBOOT: TXT.ERRORCODE: 0xc8c1
> TBOOT: AC module error : acm_type=0x1, progress=0x0c, error=0x2
> TBOOT: TXT.ESTS: 0
Jay Schwichtenberg wrote on 2013-03-05:
> Hello,
>
> Don't know if this is a Ubuntu thing or tboot but need to start tracking
> it down somewhere.
>
> I'm trying to get tboot working with Ubuntu Server 12.10 on a dual Xeon
Intel
> server and have not been having any success. I've read the documen
with dual-socket Intel
Xeon
> E5-2650 (f/m/s: 06-2D-7) and BIOS version 1.2.6.
>
> Attached is the output from tboot.
>
> Out of curiosity, did you try with the values I posted earlier?
>
> Thanks,
> Sahil
>
>
> On Mon, Feb 18, 2013 at 12:09 AM, Wei, Gang wrote
0 - (GOOD) TBOOT:
> cf80 - d000 (SMRAM NON-OVERLAY) TBOOT:
> e000 - e400 (PCIE EXTENDED CONFIG) TBOOT:
> proc_scrtm_status: 0x0001
>
>
> I expect that it should match the value of PCR 17 after SENT
LE DISEZ Erwan wrote on 2013-02-15:
> Hello,
>
> I'am trying to boot a Linux kernel (v 2.3.32) compiled as not
> relocatable. The kernel works fine and can be loaded directly from GRUB2
> for example.
>
> When booting using GRUB2+TBOOT I use the following 'simple'
> configuration :
>menuentry
Sahil Rihan wrote on 2013-01-31:
> Hi list,
>
> Like a few before me, I'm trying to calculate in software the value of
PCR17
> after SENTER. I'm taking the value of the first extend as a given (from
> SinitMleData.SinitHash) and am trying to reconstruct the value at the end
of
> the second extend.
Source package tboot-1.7.3.tar.gz can be downloaded from sourceforge.net.
And since 1.7.3 the upstream repository was moved to:
http://hg.code.sf.net/p/tboot/code .
Major changes since 1.7.2 (20120929):
Update README with updated code repository url.
Fix grub2 scripts to be compat
The major target of this release is to improve code quality based on v1.5,
some important fixes will be back ported into v1.5 branch.
https://github.com/OpenAttestation/OpenAttestation.git
Key Changes in v1.6:
Enhanced Reference CLI Curl scripts for API access
Auto testing scripts
As requested by SourceForge Community Manager, tboot just finished upgrade
from classic sourceforge platform to the new platform.
As the result of this upgrade, one major change is that the source code
repository URL got changed to:
http://hg.code.sf.net/p/tboot/code
Please do a fresh che
Thanks for raise the issue along with a fix!
I have understood the fix to the buffer overrun problem in lcptools/lock.c.
I still need some time to understand the other two issues & fixes. After
that, I will check in your patch.
Thanks
Jimmy
charles.fis...@gdc4s.com wrote on 2012-12-12:
> All,
>
Patrick Winchester wrote on 2012-12-02:
> Hi list,
>
> I am trying to get tboot to run my Ubuntu 12.10 environment on a Dell
Latitude
> 6520 laptop (no Xen / Hypervisor involved).
> Sadly, I am a little stuck.
>
> I took the following steps to install tboot:
>
> apt-get install tboot
>
> tpm_ta
Any comments on this patch?
Jimmy
Ren, Qiaowei wrote on 2012-10-11:
> tboot provides a better AP wakeup mechanism based on cpu MWAIT feature
> for OS/VMM. With this mechanism, system will boot faster and will NOT
> require VT to be enabled. But it requires that OS/VMM must have support
> it, othe
charles.fis...@gdc4s.com wrote on 2012-10-11:
> Signed-off-by: Charles Fisher
>
>
> There are a couple of problems that occur with tboot. The first is on some
Dell
>
> laptops, it is necessary to disable the legacy usb interrupts. This patch
>
> provides a mechanism to enable a developer to d
Below issue got fixed w/ the latest c/s in souceforge upstream tree.
Jimmy
Frédéric Guihéry wrote on 2012-05-25:
> Hi,
>
> Indeed, I have the same problem :
>
> TBOOT: TXT.ERRORCODE: 0xc0041d01
> TBOOT: AC module error : acm_type=0x1, progress=0x10, error=0x7
> TBOOT: LCP2 error: minor error =
Ning Qu wrote on 2012-10-17:
> Already setup TPM trusted boot with Linux Kernel, seems whenever I
> change the tboot binary/parameters or kernel binary/parameters, the boot
> will fail as expected.
>
> However, I do see some logging information that indicates tboot might use
> seal
> operations, o
https://github.com/OpenAttestation/OpenAttestation.git
Key Changes since launched:
Add supports for Ubuntu & SuSE OSes
Simplified RESTful based Query API
New WhiteList Manager Service API
Reference CLI Curl scripts for API access
Enjoy it!
Jimmy
smime.p7s
Descri
Source package tboot-1.7.2.tar.gz can be downloaded from sourceforge.net. And
since 1.7.1 the upstream repository was moved from bughost.org to sf.net at
http://tboot.hg.sourceforge.net:8000/hgroot/tboot/tboot.
(Note, the check-in notification was fixed, and tboot-changelog mailing list
can be ti
I am current trying to make a TXT driver and it will expose the TXT event
log(located in TXT heap) via sysfs interface to userspace.
Jimmy
Kent Yoder wrote on 2012-09-28:
>> We had discussion about the event log before.
>> I think standard structure is desirable for this TXT event log.
>
> Tha
It would be helpful to get a system with serial port to try tboot and
capture the serial log for two continuous booting while the later booting
will contain some error code from SINIT for why it reset the platform.
Otherwise, it also will help to add option "vga_delay=5" to tboot cmdline,
to get a
Thanks for pointing it out.
Jimmy
On Thu, 2012-08-30 at 16:34 +0800, j...@perches.com wrote:
> On Thu, 2012-08-30 at 13:19 +0800, gang@intel.com wrote:
> > diff --git a/MAINTAINERS b/MAINTAINERS
> []
> > INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT)
> []
> > -T: Mercurial http://www.bughost.or
Two options:
Option 1: simply include kvm module into initrd/initramfs, and make it
loaded before remount to final disk filesystem.
Option 2: recompile the kernel and include the kvm module in kernel instead
of making it a standalone module.
Jimmy
From: Jason Chow [mailto:jasonchow
Intel TXT just require a standard TPM module compliant to TCG TPM 1.2 spec in
the system. If it is a recent Intel vPro system, then usually it supports TXT.
Jimmy
From: Matthew Podhorniak [mailto:m7r...@gmail.com]
Sent: Thursday, June 14, 2012 8:35 PM
To: tboot-devel@lists.sourceforge.net
Subjec
Source package tboot-1.7.1.tar.gz can be downloaded from sourceforge.net.
And the upstream repository was moved from bughost.org to sf.net at
http://tboot.hg.sourceforge.net:8000/hgroot/tboot/tboot.
(Note, the check-in notification CAN'T be sent to tboot-changelog mailing list
by far.)
Major ch
Good comments. Thanks.
Jimmy
From: charles.fis...@gdc4s.com [mailto:charles.fis...@gdc4s.com]
Sent: Wednesday, April 25, 2012 3:26 AM
To: tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] Wrong ELD size error
All,
I have found the problem - If you forget to include the list.data file
Thanks for the finding and patch.
Jimmy
From: charles.fis...@gdc4s.com [mailto:charles.fis...@gdc4s.com]
Sent: Wednesday, April 25, 2012 3:24 AM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] Problem with tb_polgen
All,
There is a problem with tb_polgen. When it is parsing the ker
Yes, rhel6.2 kernel support TXT, so can directly boot with tboot installed via
yum install.
Jimmy
> -Original Message-
> From: J Chapman Flack [mailto:jfl...@math.purdue.edu]
> Sent: Friday, April 20, 2012 3:15 AM
> To: tboot-devel@lists.sourceforge.net
> Subject: [tboot-devel] tboot RH
Andrew Goodbody wrote on 2012-04-19:
> Hi,
>
> I can successfully perform a measured boot with TBOOT on my platform
> which is based on GM45 chipset as long as the internal Intel graphics
> device is used. If I disable the IGD and use an MXM card connected to
> the PEG port, then I get a reset at
Can you provide the detailed steps you have done for generate the LCP policy,
and also the grub.cfg?
It is quite possible that you gave a wrong cmdline for tboot hash generating or
you specified incorrect cmdline for tboot.gz in grub.cfg.
You should generate mlehash as below according to your t
Jonathan McCune wrote on 2012-04-11:
> Hello list,
>
> In both tboot-1.7.0 and the latest revision in the mercurial repo
> (299:950fec11ef90, dated 1/15/2012):
>
> tboot-1.7.0 $ patch --dry-run -p1 < test-patches/tpm-test.patch
> patching file tboot/common/tpm.c Hunk #1 succeeded at 2121 with fuz
We are very happy to inform you the open source, OpenAttestation, project has
been launched at https://github.com/OpenAttestation/OpenAttestation.git
OpenAttestation project is to provide SDK, a Software Development Kit, to add
cloud management tools with capability of establishing hosts integr
Before I can help, I need to know:
1. Which tboot version are you using? Upstream changeset 299/v1.7.0, rpms
released with distro, or some else?
2. Are you using grub or grub2?
3. Have you configure the kernel with TXT options enabled before build it?
4. Can you attach
HIRANO Manabu wrote on 2012-01-16:
> Dear tboot developers,
>
> I plan to develop a security application based on your tboot software
> and Intel-TXT hardware.
> Could you tell me your recommended or favorite laptops/desktops to
> run/develop tboot software?
> (I have to choose and test some lapto
Source package tboot-1.7.0.tar.gz can be downloaded from sourceforge.net. It is
the latest snapshot of http://www.bughost.org/repos.hg/tboot.hg.
Major changes since 1.5.0 (20110429):
tboot:
Enlarge NR_CPUS from 64 to 256
Add support for TPM event log & details / authorities PCR m
tboot may be trying to put APs waiting in MWAIT loops before launching Xen. Xen
could check the new flag field in v6 tboot shared page for the hint. If
TB_FLAG_AP_WAKE_SUPPORT bit in flag field is set, Xen BSP have to write the
monitored memory(g_tboot_shared->ap_wake_trigger) to bring APs out o
Jan Beulich wrote on 2012-01-10:
>>>> On 09.01.12 at 17:01, "Wei, Gang" wrote:
>> tboot may be trying to put APs waiting in MWAIT loops before launching Xen.
>> Xen could check the new flag field in v6 tboot shared page for the
>> hint. If TB_FLAG_AP_WAKE_S
tboot may be trying to put APs waiting in MWAIT loops before launching Xen. Xen
could check the new flag field in v6 tboot shared page for the hint. If
TB_FLAG_AP_WAKE_SUPPORT bit in flag field is set, Xen BSP have to write the
monitored memory(g_tboot_shared->ap_wake_trigger) to bring APs out o
Jan Beulich wrote on 2012-01-05:
>>>> On 05.01.12 at 15:53, "Wei, Gang" wrote:
>> tboot may be trying to put APs waiting in MWAIT loops before launching Xen.
>> Xen could check the new flag field in v6 tboot shared page for the
>> hint. If TB_FLAG_AP_WAKE_S
tboot may be trying to put APs waiting in MWAIT loops before launching Xen. Xen
could check the new flag field in v6 tboot shared page for the hint. If
TB_FLAG_AP_WAKE_SUPPORT bit in flag field is set, Xen BSP have to write the
monitored memory(g_tboot_shared->ap_wake_trigger) to bring APs out o
Tim Deegan wrote on 2011-12-29:
> At 01:22 + on 28 Dec (1325035368), Wei, Gang wrote:
>> If no further question on this patch from anyone else, could you
>> help to check it in?
>
> Done.
Thanks. And I have already be ready to send the MWAIT AP bring-up patch for
tboot
Please clone a new local tree to avoid accumulating two more obsolete csets in
your old local tree.
Sorry for inconvenience brought by this.
Jimmy
--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a com
Tim Deegan wrote on 2011-12-27:
> At 10:05 + on 27 Dec (1324980346), Wei, Gang wrote:
>>> So you jumped from 100ms to 10us - how was that value established?
>>> Or in other words, how certain is it that this (or any other)
>>> timeout is sufficient for
Jan Beulich wrote on 2011-12-23:
>>>> On 23.12.11 at 04:14, "Wei, Gang" wrote:
>> Without this delay, Xen could not bring APs up while working with
>> TXT/tboot, because tboot need some time in APs to handle INIT before
>> becoming ready for receiving SIPIs
1 - 100 of 109 matches
Mail list logo
