[tboot-devel] tboot issue on an AMD machine

Nehal Bandi Fri, 31 Jan 2014 05:44:07 -0800

Hi,

Its written in the tboot docs that on the machine with no TXT support tboot 
launches the kernel without secure boot.


We were testing the behavior of tboot on variety of hardware and I found one 
issue on one of the AMD machine.

We are using tboot-1.7.3 for our environment.


Dell poweredge 415.
AMD 4130 processorDell poweredge 415.
AMD 4130 processor , BIOs version: 1.8.5

The machine never come out of tboot and keeps restarting.

Has anybody else seen this issue and any probable cause ?

Following is trace from the machine.

Thanks in advance.


===================================================================

[2013-10-25 05:33:11 UTC] TBOOT: ******************* TBOOT *******************
[2013-10-25 05:33:11 UTC] TBOOT: 2013-09-05 17:05 -0400 160:1c1174e91a4d
[2013-10-25 05:33:11 UTC] TBOOT: *********************************************
[2013-10-25 05:33:11 UTC] TBOOT: command line:
[2013-10-25 05:33:11 UTC] TBOOT: BSP is cpu 0
[2013-10-25 05:33:11 UTC] TBOOT: original e820 map:
[2013-10-25 05:33:11 UTC] TBOOT: 0000000000000000 - 00000000000a0000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: 0000000000100000 - 00000000df699000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df699000 - 00000000df6af000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df6af000 - 00000000df6ce000 (3)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df6ce000 - 00000000e0000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000f0000000 - 00000000f4000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fe000000 - 00000000fec90000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fec94000 - 00000000fecd0000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fecd4000 - 0000000100000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 0000000100000000 - 0000000220000000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: TPM is ready
[2013-10-25 05:33:11 UTC] TBOOT: TPM nv_locked: FALSE
[2013-10-25 05:33:11 UTC] TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 
750
[2013-10-25 05:33:11 UTC] TBOOT: Wrong timeout B, fallback to 2000
[2013-10-25 05:33:11 UTC] TBOOT: reading Verified Launch Policy from TPM NV...
[2013-10-25 05:33:11 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: TPM: fail to get public data of 0x20000001 in 
TPM NV
[2013-10-25 05:33:11 UTC] TBOOT: :reading failed
[2013-10-25 05:33:11 UTC] TBOOT: reading Launch Control Policy from TPM NV...
[2013-10-25 05:33:11 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: TPM: fail to get public data of 0x40000001 in 
TPM NV
[2013-10-25 05:33:11 UTC] TBOOT: :reading failed
[2013-10-25 05:33:11 UTC] TBOOT: failed to read policy from TPM NV, using 
default
[2013-10-25 05:33:11 UTC] TBOOT: policy:
[2013-10-25 05:33:11 UTC] TBOOT: version: 2
[2013-10-25 05:33:11 UTC] TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
[2013-10-25 05:33:11 UTC] TBOOT: hash_alg: TB_HALG_SHA1
[2013-10-25 05:33:11 UTC] TBOOT: policy_control: 00000001 (EXTEND_PCR17)
[2013-10-25 05:33:11 UTC] TBOOT: num_entries: 2
[2013-10-25 05:33:11 UTC] TBOOT: policy entry[0]:
[2013-10-25 05:33:11 UTC] TBOOT: mod_num: 0
[2013-10-25 05:33:11 UTC] TBOOT: pcr: none
[2013-10-25 05:33:11 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:11 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:11 UTC] TBOOT: policy entry[1]:
[2013-10-25 05:33:11 UTC] TBOOT: mod_num: any
[2013-10-25 05:33:11 UTC] TBOOT: pcr: 19
[2013-10-25 05:33:11 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:11 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:11 UTC] TBOOT: TPM: write nv 20000002, offset 00000000, 
00000004 bytes, return = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: Error: write TPM error: 0x2.
[2013-10-25 05:33:11 UTC] TBOOT: no policy in TPM NV.
[2013-10-25 05:33:11 UTC] TBOOT: ******************* TBOOT *******************
[2013-10-25 05:33:11 UTC] TBOOT: 2013-09-05 17:05 -0400 160:1c1174e91a4d
[2013-10-25 05:33:11 UTC] TBOOT: *********************************************
[2013-10-25 05:33:11 UTC] TBOOT: command line:
[2013-10-25 05:33:11 UTC] TBOOT: BSP is cpu 0
[2013-10-25 05:33:11 UTC] TBOOT: original e820 map:
[2013-10-25 05:33:11 UTC] TBOOT: 0000000000000000 - 00000000000a0000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: 0000000000100000 - 00000000df699000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df699000 - 00000000df6af000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df6af000 - 00000000df6ce000 (3)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000df6ce000 - 00000000e0000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000f0000000 - 00000000f4000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fe000000 - 00000000fec90000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fec94000 - 00000000fecd0000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 00000000fecd4000 - 0000000100000000 (2)
[2013-10-25 05:33:11 UTC] TBOOT: 0000000100000000 - 0000000220000000 (1)
[2013-10-25 05:33:11 UTC] TBOOT: TPM is ready
[2013-10-25 05:33:11 UTC] TBOOT: TPM nv_locked: FALSE
[2013-10-25 05:33:11 UTC] TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 
750
[2013-10-25 05:33:11 UTC] TBOOT: Wrong timeout B, fallback to 2000
[2013-10-25 05:33:11 UTC] TBOOT: reading Verified Launch Policy from TPM NV...
[2013-10-25 05:33:11 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: TPM: fail to get public data of 0x20000001 in 
TPM NV
[2013-10-25 05:33:11 UTC] TBOOT: :reading failed
[2013-10-25 05:33:11 UTC] TBOOT: reading Launch Control Policy from TPM NV...
[2013-10-25 05:33:11 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:11 UTC] TBOOT: TPM: fail to get public data of 0x40000001 in 
TPM NV
[2013-10-25 05:33:11 UTC] TBOOT: :reading failed
[2013-10-25 05:33:11 UTC] TBOOT: failed to read policy from TPM NV, using 
default
[2013-10-25 05:33:11 UTC] TBOOT: policy:
[2013-10-25 05:33:11 UTC] TBOOT: version: 2
[2013-10-25 05:33:11 UTC] TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
[2013-10-25 05:33:12 UTC] TBOOT: hash_alg: TB_HALG_SHA1
[2013-10-25 05:33:12 UTC] TBOOT: policy_control: 00000001 (EXTEND_PCR17)
[2013-10-25 05:33:12 UTC] TBOOT: num_entries: 2
[2013-10-25 05:33:12 UTC] TBOOT: policy entry[0]:
[2013-10-25 05:33:12 UTC] TBOOT: mod_num: 0
[2013-10-25 05:33:12 UTC] TBOOT: pcr: none
[2013-10-25 05:33:12 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:12 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:12 UTC] TBOOT: policy entry[1]:
[2013-10-25 05:33:12 UTC] TBOOT: mod_num: any
[2013-10-25 05:33:12 UTC] TBOOT: pcr: 19
[2013-10-25 05:33:12 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:12 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:12 UTC] TBOOT: TPM: write nv 20000002, offset 00000000, 
00000004 bytes, return = 00000002
[2013-10-25 05:33:12 UTC] TBOOT: Error: write TPM error: 0x2.
[2013-10-25 05:33:12 UTC] TBOOT: no policy in TPM NV.
[2013-10-25 05:33:12 UTC] TBOOT: ******************* TBOOT *******************
[2013-10-25 05:33:12 UTC] TBOOT: 2013-09-05 17:05 -0400 160:1c1174e91a4d
[2013-10-25 05:33:12 UTC] TBOOT: *********************************************
[2013-10-25 05:33:12 UTC] TBOOT: command line:
[2013-10-25 05:33:12 UTC] TBOOT: BSP is cpu 0
[2013-10-25 05:33:12 UTC] TBOOT: original e820 map:
[2013-10-25 05:33:12 UTC] TBOOT: 0000000000000000 - 00000000000a0000 (1)
[2013-10-25 05:33:12 UTC] TBOOT: 0000000000100000 - 00000000df699000 (1)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000df699000 - 00000000df6af000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000df6af000 - 00000000df6ce000 (3)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000df6ce000 - 00000000e0000000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000f0000000 - 00000000f4000000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000fe000000 - 00000000fec90000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000fec94000 - 00000000fecd0000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 00000000fecd4000 - 0000000100000000 (2)
[2013-10-25 05:33:12 UTC] TBOOT: 0000000100000000 - 0000000220000000 (1)
[2013-10-25 05:33:12 UTC] TBOOT: TPM is ready
[2013-10-25 05:33:12 UTC] TBOOT: TPM nv_locked: FALSE
[2013-10-25 05:33:12 UTC] TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 
750
[2013-10-25 05:33:12 UTC] TBOOT: Wrong timeout B, fallback to 2000
[2013-10-25 05:33:12 UTC] TBOOT: reading Verified Launch Policy from TPM NV...
[2013-10-25 05:33:12 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:12 UTC] TBOOT: TPM: fail to get public data of 0x20000001 in 
TPM NV
[2013-10-25 05:33:12 UTC] TBOOT: :reading failed
[2013-10-25 05:33:12 UTC] TBOOT: reading Launch Control Policy from TPM NV...
[2013-10-25 05:33:12 UTC] TBOOT: TPM: get capability, return value = 00000002
[2013-10-25 05:33:12 UTC] TBOOT: TPM: fail to get public data of 0x40000001 in 
TPM NV
[2013-10-25 05:33:12 UTC] TBOOT: :reading failed
[2013-10-25 05:33:12 UTC] TBOOT: failed to read policy from TPM NV, using 
default
[2013-10-25 05:33:12 UTC] TBOOT: policy:
[2013-10-25 05:33:12 UTC] TBOOT: version: 2
[2013-10-25 05:33:12 UTC] TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
[2013-10-25 05:33:12 UTC] TBOOT: hash_alg: TB_HALG_SHA1
[2013-10-25 05:33:12 UTC] TBOOT: policy_control: 00000001 (EXTEND_PCR17)
[2013-10-25 05:33:12 UTC] TBOOT: num_entries: 2
[2013-10-25 05:33:12 UTC] TBOOT: policy entry[0]:
[2013-10-25 05:33:12 UTC] TBOOT: mod_num: 0
[2013-10-25 05:33:12 UTC] TBOOT: pcr: none
[2013-10-25 05:33:12 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:12 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:12 UTC] TBOOT: policy entry[1]:
[2013-10-25 05:33:12 UTC] TBOOT: mod_num: any
[2013-10-25 05:33:12 UTC] TBOOT: pcr: 19
[2013-10-25 05:33:12 UTC] TBOOT: hash_type: TB_HTYPE_ANY
[2013-10-25 05:33:12 UTC] TBOOT: num_hashes: 0
[2013-10-25 05:33:12 UTC] TBOOT: TPM: write nv 20000002, offset 00000000, 
00000004 bytes, return = 00000002
[2013-10-25 05:33:12 UTC] TBOOT: Error: write TPM error: 0x2.
[2013-10-25 05:33:12 UTC] TBOOT: no policy in TPM NV.

-Regards,
Nehal

------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk

_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

[tboot-devel] tboot issue on an AMD machine

Reply via email to