0x50000002 was already deprecated by 0x50000003 as "aux", in TXT. Tboot was not updated the default aux in the tools yet.
The 0x50000001 & 0x50000003 indices can only be defined before the TPM NV is locked, which was already done for normal products before shipping. Thanks Jimmy -----Original Message----- From: dknueppel [mailto:dknuep...@online.de] Sent: Monday, May 12, 2014 1:31 AM To: Ross Philipson; dknueppel; tboot-devel@lists.sourceforge.net Subject: Re: [tboot-devel] getting txt errorcode 0xc0001c41 Hi, just wondering about index 0x50000002. It's "aux" and seems to be mandatory. I've got 0x50000003 and can't create 0x50000002 (always get an error with tpmnv_defindex). Intel seems to use 0x50000003 also as "aux". Inside tboot I haven't found any 0x50000003 ... Best regards, Dieter -----Ursprüngliche Nachricht----- Von: Ross Philipson [mailto:ross.philip...@citrix.com] Gesendet: Dienstag, 6. Mai 2014 16:33 An: dknueppel; tboot-devel@lists.sourceforge.net Betreff: RE: [tboot-devel] getting txt errorcode 0xc0001c41 > -----Original Message----- > From: dknueppel [mailto:dknuep...@online.de] > Sent: Monday, May 05, 2014 12:41 PM > To: Ross Philipson; dknueppel; tboot-devel@lists.sourceforge.net > Subject: AW: [tboot-devel] getting txt errorcode 0xc0001c41 > > Hi Ross, > > Sorry for the delay, got an issue with my email server ... > > thanks for your hint. > Agree, basically I have the same indexes. Even one more ... > > # tpmnv_getcap > The response data is: > 10 00 00 01 10 00 f0 00 50 00 00 03 50 00 00 01 > > 4 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x1000f000 0x50000003 0x50000001 > > Guess those are created already by the BIOS when enabling the TPM. Those indexes look right. They were put there by the OEM per instructions given to them for TXT configuration. > > Do you know further details on how to debug tboot in order to find the > missing (?) index? The error is being set during the execution of the ACM. The best you could do there for debugging in my experience is static analysis of the code in the SINIT module. Someone else suggested you we using an SINIT that would not work on a server platform. It was suggested you remove the module and use the one in firmware - did that lead anywhere? If not, is there a newer SINIT module for you server platform you could download and try? > > Thanks a lot, > Dieter > > > -----Ursprüngliche Nachricht----- > Von: Ross Philipson [mailto:ross.philip...@citrix.com] > Gesendet: Montag, 28. April 2014 20:38 > An: dknueppel; tboot-devel@lists.sourceforge.net > Betreff: Re: [tboot-devel] getting txt errorcode 0xc0001c41 > > On 04/26/2014 02:09 AM, dknueppel wrote: > > Hi, > > > > I'm getting txt error code 0xc0001c41 with rebooting the system > afterwards. > > > > Mainboard Intel S1200RPL > > CPU XEON E3-1265L > > TPM AXXTPME5 > > Boot BIOS (i.e. no EFI, EFI boot shows identical behavior) > > Distribution Ubuntu 14.04 w/ tboot 1.8 > > SINIT 4th_gen_i5_i7_SINIT_75.BIN > > > > Attached below how the TPM is set up and the tboot dump. > > > > I don't have any clue why I'm still getting the error. > > According to SINIT_Errors.pdf error indicates "Invalid TPM NV index" > > You may be missing some NV indexes that the OEM is supposed to put > there. For example on my Dell 6430 where I am using the TXT/TPM I have: > > # tpmnv_getcap > The response data is: > 10 00 00 01 50 00 00 01 50 00 00 03 > > 3 indices have been defined > list of indices for defined NV storage areas: > 0x10000001 0x50000001 0x50000003 > > The second two need to be there - the are LCP related indexes > (0x50000001 is LCP supplier and 0x50000003 is AUX2 IIRC). These are > supposed to be create by the OEM then locked in NV RAM to prevent > removal. > > > > > Help pretty much appreciated. > > > > Thanks, > > Dieter > > > > > > + tpm_takeownership -z > > Enter owner password: > > Confirm password: > > + tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p > > + password > > Tspi_NV_DefineSpace failed failed: NVRAM area already exists > > (0x08313b) > > > > Command DefIndex failed: > > TSS API failed > > + tpmnv_defindex -i owner -s 0x36 -p password > > Haven't input permission value, use default value 0x2 > > > > Successfully defined index 0x40000001 as permission 0x2, data size > > is > > 54 > > + tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p password > > > > Successfully defined index 0x20000001 as permission 0x2, data size > > is > > 512 > > + rm -r tmp > > + mkdir tmp > > + cd tmp > > + lcp_mlehash -c logging=serial,vga,memory /boot/tboot.gz > > + lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 0 --out > > + tboot_mle.elt tboot_hash lcp_crtpollist --create --out > > + list_unsig.lst tboot_mle.elt > > + lcp_crtpol2 --create --type list --ctrl 0x02 --pol owner_list.pol > > + --data owner_list.data list_unsig.lst lcp_writepol -i owner -f > > + owner_list.pol -p password > > > > Successfully write policy into index 0x40000001 > > + cp owner_list.data /boot > > + tb_polgen --create --type nonfatal tcb.pol tb_polgen --add --num 0 > > + --pcr 18 --hash image --cmdline > 'root=/dev/mapper/test--node--vg-root ro intel_iommu=on' --image > /boot/vmlinuz-3.13.0-24-generic tcb.pol > > + tb_polgen --add --num 1 --pcr 19 --hash image --cmdline '' --image > > + /boot/initrd.img-3.13.0-24-generic tcb.pol lcp_writepol -i > > + 0x20000001 -f tcb.pol -p password > > > > Successfully write policy into index 0x20000001 > > > > > > > > > > TBOOT: ******************* TBOOT ******************* > > TBOOT: 2014-01-30 12:00 +0800 1.8.0 > > TBOOT: ********************************************* > > TBOOT: command line: logging=serial,vga,memory > > TBOOT: BSP is cpu 0 > > TBOOT: original e820 map: > > TBOOT: 0000000000000000 - 000000000009bc00 (1) > > TBOOT: 000000000009bc00 - 00000000000a0000 (2) > > TBOOT: 00000000000e0000 - 0000000000100000 (2) > > TBOOT: 0000000000100000 - 00000000bbdc7000 (1) > > TBOOT: 00000000bbdc7000 - 00000000be782000 (2) > > TBOOT: 00000000be782000 - 00000000be788000 (4) > > TBOOT: 00000000be788000 - 00000000be8be000 (2) > > TBOOT: 00000000be8be000 - 00000000be8c2000 (4) > > TBOOT: 00000000be8c2000 - 00000000be8e3000 (2) > > TBOOT: 00000000be8e3000 - 00000000be8e4000 (4) > > TBOOT: 00000000be8e4000 - 00000000be905000 (2) > > TBOOT: 00000000be905000 - 00000000be915000 (4) > > TBOOT: 00000000be915000 - 00000000be925000 (2) > > TBOOT: 00000000be925000 - 00000000beb2f000 (4) > > TBOOT: 00000000beb2f000 - 00000000bebf0000 (3) > > TBOOT: 00000000bebf0000 - 00000000bec00000 (1) > > TBOOT: 00000000bec00000 - 00000000c0000000 (2) > > TBOOT: 00000000f8000000 - 00000000fc000000 (2) > > TBOOT: 00000000fec00000 - 00000000fec01000 (2) > > TBOOT: 00000000fed19000 - 00000000fed1a000 (2) > > TBOOT: 00000000fed1c000 - 00000000fed20000 (2) > > TBOOT: 00000000fee00000 - 00000000fee01000 (2) > > TBOOT: 00000000ff400000 - 0000000100000000 (2) > > TBOOT: 0000000100000000 - 0000000440000000 (1) > > TBOOT: TPM: TPM Family 0x3 > > TBOOT: TPM is ready > > TBOOT: TPM nv_locked: TRUE > > TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 > > TBOOT: Wrong timeout B, fallback to 2000 > > TBOOT: Wrong timeout C, fallback to 75000 > > TBOOT: reading Verified Launch Policy from TPM NV... > > TBOOT: :512 bytes read > > TBOOT: policy: > > TBOOT: version: 2 > > TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL > > TBOOT: hash_alg: TB_HALG_SHA1 > > TBOOT: policy_control: 00000001 (EXTEND_PCR17) > > TBOOT: num_entries: 2 > > TBOOT: policy entry[0]: > > TBOOT: mod_num: 0 > > TBOOT: pcr: 18 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: d4 63 4c 11 a3 0f a3 ee a1 dc 4d 34 98 f8 > 99 f6 46 51 ca da > > TBOOT: policy entry[1]: > > TBOOT: mod_num: 1 > > TBOOT: pcr: 19 > > TBOOT: hash_type: TB_HTYPE_IMAGE > > TBOOT: num_hashes: 1 > > TBOOT: hashes[0]: 00 ee 09 19 c8 57 c2 12 ce 23 0a 20 02 b8 > 10 8f 74 18 0f 60 > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.ERRORCODE: 0xc0001c41 > > TBOOT: AC module error : acm_type=0x1, progress=0x04, error=0x7 > > TBOOT: TXT.ESTS: 0x0 > > TBOOT: TXT.E2STS: 0xc > > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07 > > TBOOT: CPU is SMX-capable > > TBOOT: CPU is VMX-capable > > TBOOT: SMX is enabled > > TBOOT: TXT chipset and all needed capabilities present > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: CR0 and EFLAGS OK > > TBOOT: supports preserving machine check errors > > TBOOT: CPU is ready for SENTER > > TBOOT: checking previous errors on the last boot. > > last boot has error. > > TBOOT: checking if module /4th_gen_i5_i7_SINIT_75.BIN is an SINIT > > for > this platform... > > TBOOT: chipset production fused: 1 > > TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1 > > TBOOT: processor family/model/stepping: 0x306c3 > > TBOOT: platform id: 0x4000000000000 > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: SINIT matches platform > > TBOOT: TXT.SINIT.BASE: 0xbef00000 > > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > > TBOOT: BIOS has already loaded an SINIT module > > TBOOT: 1 ACM chipset id entries: > > TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: > 0x1, extended: 0x0 > > TBOOT: 3 ACM processor id entries: > > TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0, > platform_mask: 0x0 > > TBOOT: BIOS-provided SINIT is older: date=20130612 > > TBOOT: copied SINIT (size=ce40) to 0xbef00000 > > TBOOT: AC mod base alignment OK > > TBOOT: AC mod size OK > > TBOOT: AC module header dump for SINIT: > > TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) > > TBOOT: subtype: 0x0 > > TBOOT: length: 0xa1 (161) > > TBOOT: version: 0 > > TBOOT: chipset_id: 0xb002 > > TBOOT: flags: 0x0 > > TBOOT: pre_production: 0 > > TBOOT: debug_signed: 0 > > TBOOT: vendor: 0x8086 > > TBOOT: date: 0x20130712 > > TBOOT: size*4: 0xce40 (52800) > > TBOOT: code_control: 0x0 > > TBOOT: entry point: 0x00000008:000062dc > > TBOOT: scratch_size: 0x8f (143) > > TBOOT: info_table: > > TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, > > {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} > > TBOOT: ACM_UUID_V3 > > TBOOT: chipset_acm_type: 0x1 (SINIT) > > TBOOT: version: 4 > > TBOOT: length: 0x2c (44) > > TBOOT: chipset_id_list: 0x4ec > > TBOOT: os_sinit_data_ver: 0x6 > > TBOOT: min_mle_hdr_ver: 0x00020000 > > TBOOT: capabilities: 0x0000002e > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 1 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: acm_ver: 75 > > TBOOT: chipset list: > > TBOOT: count: 1 > > TBOOT: entry 0: > > TBOOT: flags: 0x1 > > TBOOT: vendor_id: 0x8086 > > TBOOT: device_id: 0xb002 > > TBOOT: revision_id: 0x1 > > TBOOT: extended_id: 0x0 > > TBOOT: processor list: > > TBOOT: count: 3 > > TBOOT: entry 0: > > TBOOT: fms: 0x306c0 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 1: > > TBOOT: fms: 0x40660 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: entry 2: > > TBOOT: fms: 0x40650 > > TBOOT: fms_mask: 0xfff3ff0 > > TBOOT: platform_id: 0x0 > > TBOOT: platform_mask: 0x0 > > TBOOT: file addresses: > > TBOOT: &_start=0x804000 > > TBOOT: &_end=0xac6460 > > TBOOT: &_mle_start=0x804000 > > TBOOT: &_mle_end=0x834000 > > TBOOT: &_post_launch_entry=0x804010 > > TBOOT: &_txt_wakeup=0x8041f0 > > TBOOT: &g_mle_hdr=0x81b5a0 > > TBOOT: MLE header: > > TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f, > > {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}} > > TBOOT: length=34 > > TBOOT: version=00020001 > > TBOOT: entry_point=00000010 > > TBOOT: first_valid_page=00000000 > > TBOOT: mle_start_off=4000 > > TBOOT: mle_end_off=34000 > > TBOOT: capabilities: 0x00000027 > > TBOOT: rlp_wake_getsec: 1 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 1 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 1 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: MLE start=804000, end=834000, size=30000 > > TBOOT: ptab_size=3000, ptab_base=0x801000 > > TBOOT: TXT.HEAP.BASE: 0xbef20000 > > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504) > > TBOOT: bios_data (@0xbef20008, 0x56): > > TBOOT: version: 4 > > TBOOT: bios_sinit_size: 0xce40 (52800) > > TBOOT: lcp_pd_base: 0x0 > > TBOOT: lcp_pd_size: 0x0 (0) > > TBOOT: num_logical_procs: 8 > > TBOOT: flags: 0x00000000 > > TBOOT: ext_data_elts[]: > > TBOOT: BIOS_SPEC_VER: > > TBOOT: major: 0x2 > > TBOOT: minor: 0x1 > > TBOOT: rev: 0x0 > > TBOOT: ACM: > > TBOOT: num_acms: 1 > > TBOOT: acm_addrs[0]: 0xfff7d000 > > TBOOT: discarding RAM above reserved regions: 0xbebf0000 - > > 0xbec00000 > > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xbbdc7000 > > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x440000000 > > TBOOT: no LCP module found > > TBOOT: os_sinit_data (@0xbef3517e, 0x7c): > > TBOOT: version: 6 > > TBOOT: flags: 0 > > TBOOT: mle_ptab: 0x801000 > > TBOOT: mle_size: 0x30000 (196608) > > TBOOT: mle_hdr_base: 0x175a0 > > TBOOT: vtd_pmr_lo_base: 0x0 > > TBOOT: vtd_pmr_lo_size: 0xbbc00000 > > TBOOT: vtd_pmr_hi_base: 0x100000000 > > TBOOT: vtd_pmr_hi_size: 0x340000000 > > TBOOT: lcp_po_base: 0x0 > > TBOOT: lcp_po_size: 0x0 (0) > > TBOOT: capabilities: 0x00000002 > > TBOOT: rlp_wake_getsec: 0 > > TBOOT: rlp_wake_monitor: 1 > > TBOOT: ecx_pgtbl: 0 > > TBOOT: stm: 0 > > TBOOT: pcr_map_no_legacy: 0 > > TBOOT: pcr_map_da: 0 > > TBOOT: platform_type: 0 > > TBOOT: max_phy_addr: 0 > > TBOOT: efi_rsdt_ptr: 0x0 > > TBOOT: ext_data_elts[]: > > TBOOT: EVENT_LOG_POINTER: > > TBOOT: size: 16 > > TBOOT: elog_addr: 0xbef30176 > > TBOOT: Event Log Container: > > TBOOT: Signature: TXT Event Container > > TBOOT: ContainerVer: 1.0 > > TBOOT: PCREventVer: 1.0 > > TBOOT: Size: 20480 > > TBOOT: EventsOffset: [48,48) > > TBOOT: setting MTRRs for acmod: base=0xbef00000, size=0xce40, > > num_pages=13 > > TBOOT: executing GETSEC[SENTER]... > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Start Your Social Network Today - Download eXo Platform > > Build your Enterprise Intranet with eXo Platform Software Java Based > > Open Source Intranet - Social, Extensible, Cloud Ready Get Started > > Now And Turn Your Intranet Into A Collaboration Platform > > http://p.sf.net/sfu/ExoPlatform > > _______________________________________________ > > tboot-devel mailing list > > tboot-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > > > > -- > Ross Philipson ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
