What you need to do is make sure that only one space char is used to separate the cmdline options for kernel in below cmdline. I can see there are 3 space chars between "ro" and "quiet".
2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
--cmdline "intel_iommu=on root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220
ro quiet splash vt.handoff=7"
--image /boot/vmlinuz-3.5.0-31-generic
vl.pol
I know you are using the exact same command line as what occurred in the
grub file. But I observed that grub2 will remove redundent space chars
automatically before pass the cmdline to tboot or kernel, so that the
command tboot got was not exactly the same with grub config file.
BTW, FYI, old grub(in rhel or old fedora) will keep the redundent space
chars.
Thanks
Jimmy
> -----Original Message-----
> From: Hong Hu [mailto:huhong...@gmail.com]
> Sent: Friday, May 31, 2013 9:13 PM
> To: Wei, Gang
> Cc: tboot-devel@lists.sourceforge.net
> Subject: Re: [tboot-devel] TBOOT ERRORCODE: 0xc00020a1
>
> Hi Jimmy,
>
> Thanks for your reply.
>
> Here is the command I used to generate tb policy ;
>
> 1. tb_polgen/tb_polgen --create --type nonfatal vl.pol
> 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
> --cmdline "intel_iommu=on
> root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 ro quiet splash
> vt.handoff=7"
> --image /boot/vmlinuz-3.5.0-31-generic
> vl.pol
> 3. tb_polgen/tb_polgen --add --num 1 --pcr 19 --hash image
> --cmdline ""
> --image /boot/initrd.img-3.5.0-31-generic
> vl.pol
>
> The corresponding grub entry is :
>
> menuentry 'tboot: Ubuntu, with Linux 3.5.0-31-generic' --class ubuntu
--class
> gnu-linux --class gnu --class os {
> recordfail
> gfxmode $linux_gfx_mode
> insmod gzio
> insmod part_msdos
> insmod ext2
> set root='(hd0,msdos2)'
> search --no-floppy --fs-uuid --set=root
> dbc9c7e6-d3f0-4b6a-9017-d43f70f09220
> echo 'HHHHHHHHHHHHHHHHHHH: Loading tboot ...'
> multiboot /tboot.gz /tboot.gz logging=memory,vga,serial
> echo 'HHHHHHHHHHHHHHHHHHH: Loading vmlinuz ....'
> module /boot/vmlinuz-3.5.0-31-generic
> /boot/vmlinuz-3.5.0-31-generic intel_iommu=on
> root=UUID=dbc9c7e6-d3f0-4b6a-9017-d43f70f09220 ro quiet splash
> vt.handoff=7
> echo 'HHHHHHHHHHHHHHHHHHH: Loading initrd.img ...'
> module /boot/initrd.img-3.5.0-31-generic
> /boot/initrd.img-3.5.0-31-generic
> echo 'HHHHHHHHHHHHHHHHHHH: Loading ACM ...'
> module /boot/3rd_gen_i5_i7_SINIT_51.BIN
> echo 'HHHHHHHHHHHHHHHHHHH: Loading policy data ...'
> module /list.data
> }
>
> The log file is also attached.
>
> Thanks,
> Hu Hong
>
>
> On Fri, May 31, 2013 at 8:59 PM, Wei, Gang <gang....@intel.com> wrote:
>
>
> Hong Hu wrote on 2013-05-31:
>
> > Hi Jimmy,
> >
> > Thanks for you help.
> >
> > Now I can almost successfully run tboot on X220 tablet. The only
> problem
> > is the verification of module 0 (linux kernel in my case) which is
> > extended to PCR-18 failed.
> >
> > I followed instructions in docs/policy_v2.txt and
lcptools/lcptools2.txt
> to create
> > the LCP and VLP. The only difference is the second step in
creating VLP:
> >
> > The original version:
> >
> > 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
> --cmdline
> "the
> > command line for xen from grub.conf" --image /boot/xen.gz vl.pol
> >
> > and I changed it to :
> >
> > 2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image
> --cmdline
> > "intel_iommu=on root=UUID=XX(my uuid)XXX ro quiet splash
> vt.handoff=7"
> > --image /boot/vmlinuz-3.5.0.-31=generic vl.pol
> >
> > since there is no xen in my case.
> >
> > The result of module verification is that the verification for PCR
18
> failed while
> > the verification for PCR 19 (initrd.img) successed.
> >
> > Is there any specific command to hash linux kernel other than xen?
Any
> help will
> > be much appreciated.
>
>
> Please send me me the exact command line you are using for generate
the
> tb
> policy, as well as the grub config file.
>
> Jimmy
>
>
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
