Hello,
is it forbidden to use a PO policy with two policy lists signed by the
same key? I was experimenting with LCP and consistently encountering
errors (TXT reset) with this configuration.
I am attaching a dump of the policy data and a corresponding tboot log.
The same policy works fine if I don't sign the lists. It also works if I
put both elements into a single list and use that either unsigned,
signed, or both combined. But whenever I use two signed policy lists, AC
SINIT resets.
Any ideas?
Regards
Martin
policy file: lcp_dualsigned1.pol
version: 0x202
hash_alg: LCP_POLHALG_SHA1
policy_type: list
sinit_min_version: 0x30
data_revocation_counters: 0, 0, 0, 0, 0, 0, 0, 0,
policy_control: 0x0
policy_hash: 02 78 65 55 89 73 82 90 79 dd 92 e3 96 f4 5b e5 e4 60 a5 d2
policy data file: lcp-dualsigned1.dat
file_signature: Intel(R) TXT LCP_POLICY_DATA
num_lists: 2
list 0:
version: 0x100
sig_alg: LCP_POLSALG_RSA_PKCS_15
policy_elements_size: 0x4c (76)
policy_element[0]:
size: 0x4c (76)
type: 'mle' (0)
policy_elt_control: 0x00000001
data:
sinit_min_version: 0x0
hash_alg: LCP_POLHALG_SHA1
num_hashes: 3
hashes[0]: 9c 80 26 aa 9c c8 b1 b6 2f b2 3c 18 d5 97 13 9b 36
b0 9c ee
hashes[1]: c1 2d 92 a1 35 5a ad 4d ac a5 bb 95 74 d1 69 b3 24
9d 42 e7
hashes[2]: 3a dd 0d cf b0 0c dd e5 12 97 44 60 bc 01 71 3e ff
b8 8b 09
signature:
revocation_counter: 0x0 (0)
pubkey_size: 0x100 (256)
pubkey_value:
87 dd 57 fe 69 67 4c 7a 8a fa 54 26 fb 48 76 87 71 2f 77 b5
7d 91 b6 fb 79 e1 af 7f 8f 89 c9 96 e7 f4 3e da 04 50 1c 33
2e d5 2e 8e ad fd 33 60 2c ce ee cf a1 84 d0 82 2a d9 0b b5
d7 51 83 1a 3a 09 83 86 c2 57 67 04 42 6e ec 5e ed 84 64 22
08 96 72 f2 54 c5 3f 97 54 9e 6c 34 8a 32 55 da 0b 1e 50 d8
83 d0 a0 1c 96 59 9e ae eb cd be 17 52 c5 ef 83 c3 a6 66 fc
31 d2 04 61 6d aa 8f 56 86 2e 6a 8f 1b 5d 1d b4 a6 df ca 63
1e 7e f6 13 f3 79 b0 a7 d2 4f 75 17 15 5a 7c ae be 36 b9 41
67 65 e6 53 94 80 cb 2e fc 13 3e 2a 17 d4 9f ff 27 bb 87 04
04 e0 70 de e2 3d 13 f5 bd 13 15 e2 7c c9 15 d1 ff 86 37 f7
a0 ec 2b d2 a1 60 12 1d 74 15 0f 93 6b 3a 1b 52 d7 d8 0f 35
71 67 52 d2 91 95 10 b3 48 7d 23 c5 12 46 04 7d b7 a7 d2 8d
fa c6 ff 95 75 52 0b e3 12 46 e4 bc 71 ff 18 a9
sig_block:
8f 0e 3d 19 fc c9 40 3d 39 5c 8d 7c 04 02 46 43 79 18 86 c5
11 9a ce f4 c7 ef 52 11 85 a0 c5 34 2c a2 82 06 54 74 e2 cf
e8 b4 c2 d1 05 4e 4b eb 32 12 69 21 e5 48 6a 0e 7c cf ff 95
8d b3 5d 52 30 7d 7b fd 5f c8 2d 9a 7e c8 9e ee eb 93 d8 ca
71 b6 b0 0b c4 42 16 cb aa 4e 6b d0 2c 29 b9 0d f3 91 ee fd
1b 2a e5 bc 6c 39 17 50 eb 7e bd 00 de ff b7 5a 62 88 cc ca
64 e4 a0 0f 64 61 b4 4d 33 8d 4c 8b 7e fc 85 99 69 7b d5 91
d2 3a 78 f2 00 c7 29 92 14 ff ec 1d 76 93 2e ff a1 f8 cc c0
0d 51 e4 2d c6 df 9e 13 0a e1 7d a3 b0 b6 c3 f0 97 a0 e2 54
33 a0 19 f9 66 c0 af 40 b3 f1 1f e1 c7 30 0a 18 b4 67 52 5d
3b dd de 8d 20 a4 ce fa 77 f0 ac 9f 45 72 bc 52 93 84 2b 14
80 18 28 a7 97 c8 3a bc b5 d1 1a 5e 4b c1 92 f6 26 b2 cb a8
f5 79 dc 70 93 98 69 9a b0 40 a4 b3 f9 f6 08 0c
signature verifies
list 1:
version: 0x100
sig_alg: LCP_POLSALG_RSA_PKCS_15
policy_elements_size: 0x4c (76)
policy_element[0]:
size: 0x4c (76)
type: 'mle' (0)
policy_elt_control: 0x00000001
data:
sinit_min_version: 0x0
hash_alg: LCP_POLHALG_SHA1
num_hashes: 3
hashes[0]: dc d9 ce 22 f2 4b ed 74 3f f8 ca 13 d9 fa 49 5c 21
33 a6 6a
hashes[1]: 68 a0 03 b9 b2 b2 64 69 22 7e 58 c6 19 80 61 a2 5b
4f 72 d4
hashes[2]: 8a bb fc 75 c7 d2 07 0b 33 ef 5d 54 06 b7 cf 21 dd
7d 33 f7
signature:
revocation_counter: 0x0 (0)
pubkey_size: 0x100 (256)
pubkey_value:
87 dd 57 fe 69 67 4c 7a 8a fa 54 26 fb 48 76 87 71 2f 77 b5
7d 91 b6 fb 79 e1 af 7f 8f 89 c9 96 e7 f4 3e da 04 50 1c 33
2e d5 2e 8e ad fd 33 60 2c ce ee cf a1 84 d0 82 2a d9 0b b5
d7 51 83 1a 3a 09 83 86 c2 57 67 04 42 6e ec 5e ed 84 64 22
08 96 72 f2 54 c5 3f 97 54 9e 6c 34 8a 32 55 da 0b 1e 50 d8
83 d0 a0 1c 96 59 9e ae eb cd be 17 52 c5 ef 83 c3 a6 66 fc
31 d2 04 61 6d aa 8f 56 86 2e 6a 8f 1b 5d 1d b4 a6 df ca 63
1e 7e f6 13 f3 79 b0 a7 d2 4f 75 17 15 5a 7c ae be 36 b9 41
67 65 e6 53 94 80 cb 2e fc 13 3e 2a 17 d4 9f ff 27 bb 87 04
04 e0 70 de e2 3d 13 f5 bd 13 15 e2 7c c9 15 d1 ff 86 37 f7
a0 ec 2b d2 a1 60 12 1d 74 15 0f 93 6b 3a 1b 52 d7 d8 0f 35
71 67 52 d2 91 95 10 b3 48 7d 23 c5 12 46 04 7d b7 a7 d2 8d
fa c6 ff 95 75 52 0b e3 12 46 e4 bc 71 ff 18 a9
sig_block:
18 77 ff c2 d1 b6 a2 dd d6 ac 76 00 41 5a 0c 84 03 73 86 5a
46 00 f8 5d 43 c6 9d 8f 85 9d 86 e3 6b ac f8 35 0f d3 aa d5
5c 9b a0 e1 52 2a 52 72 bd 5d 43 5c ea 4a 9a 4d 9e a8 b4 59
74 fa 1f db 90 c8 b8 10 18 a7 b3 c0 7d 83 9c 34 ef 1d f4 b5
28 80 08 6f 08 a3 a6 9a b0 4e 10 6f 85 eb d1 c2 04 69 f2 fc
66 68 40 04 63 d4 c7 1b 15 ec 63 05 58 87 e1 f9 97 fe 03 98
c8 f2 e1 42 b6 2a a9 ca 42 86 af 6e d6 ec 72 06 d5 4f 21 0d
b1 0b fa c8 ab cb cb 94 aa c2 3f e3 e6 37 49 bd 9f fe 7f 19
00 e9 59 82 bd e0 e2 92 4e b1 43 84 e9 d9 30 6d ee 5c c1 8e
1d e3 16 15 81 c0 4c 6e 7a 90 56 c5 e9 e0 b6 ae e1 53 e3 5e
1b 57 d5 fb 41 f1 26 bc e6 77 8b 07 5b 41 04 57 91 19 b4 bf
74 ae eb ff f4 c6 b5 4c 8e 41 0f 20 09 19 09 e6 8d 9b 0b ab
5c 9f b6 b8 ed b1 ee c1 5e 65 09 4d 6b 84 03 36
signature verifies
policy data hash matches policy hash
admin@172.17.115.235's password:
�[H�[2J**************************************************
* Welcome to PRIMERGY Remote Manager *
* Firmware Revision 8.11F (1.00) *
* SDR 3.00 ID 0464 RX2530M2 *
* Firmware built Dec 16 2015 21:41:41 CET *
**************************************************
System Type : PRIMERGY RX2530 M2
System ID : YM6B000078
System Name : RX2530M2-T169
System OS : Windows Server 2016 Technical Preview 4
System Status: OK (Identify LED is OFF)
Power Status : On
Asset Tag : System Asset Tag
Main Menu
(1) System Information...
(2) Power Management...
(3) Enclosure Information...
(4) Service Processor...
(c) Change password
(r) Console Redirection (EMS/SAC)
(s) Start a Command Line shell...
(l) Console Logging
Enter selection or (0) to quit:
Console Redirection or EMS (Emergency Management Services)
To exit the Console Redirection (EMS/SAC) press <ESC> (
Or press ~. (tilde dot)
Do you really want to start the Console Redirection (yes/no)?
=== logging output to /tmp/irmc-172.17.115.235-2016-02-16-14:44.log
=== serial session started, hit enter to activate, escape char is ~~ ===
yesTBOOT: ******************* TBOOT *******************
TBOOT: 2015-05-08 12:00 -0800 1.8.3
TBOOT: *********************************************
TBOOT: command line: logging=serial,memory
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000003f000 (1)
TBOOT: 000000000003f000 - 0000000000040000 (2)
TBOOT: 0000000000040000 - 000000000009e000 (1)
TBOOT: 000000000009e000 - 00000000000a0000 (2)
TBOOT: 00000000000e0000 - 00000000000e1000 (20)
TBOOT: 0000000000100000 - 00000000755a0000 (1)
TBOOT: 00000000755a0000 - 0000000076b24000 (2)
TBOOT: 0000000076b24000 - 0000000076b9a000 (3)
TBOOT: 0000000076b9a000 - 000000007acc5000 (4)
TBOOT: 000000007acc5000 - 000000007b45a000 (2)
TBOOT: 000000007b45a000 - 000000007b4c5000 (20)
TBOOT: 000000007b4c5000 - 000000007b4c6000 (1)
TBOOT: 000000007b4c6000 - 000000007b54c000 (2)
TBOOT: 000000007b54c000 - 000000007b800000 (1)
TBOOT: 000000007c000000 - 0000000090000000 (2)
TBOOT: 00000000fed1c000 - 00000000fed45000 (2)
TBOOT: 00000000ff000000 - 00000000ff400000 (2)
TBOOT: 00000000ff500000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000000880000000 (1)
TBOOT: TPM: TPM Family 0x0
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 2000, D: 750
TBOOT: Wrong timeout B, fallback to 2000
TBOOT: Wrong timeout C, fallback to 75000
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :256 bytes read
TBOOT: policy:
TBOOT: unsupported version (255)
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: :54 bytes read
TBOOT: in unwrap_lcp_policy
TBOOT: v2 LCP policy data found
TBOOT: :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[1]:
TBOOT: mod_num: any
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[2]:
TBOOT: mod_num: nv_raw
nv_index: 40000010
TBOOT: pcr: 22
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.HEAP.BASE: 0x7bf20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0x7bf20008, 0x2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x20000 (131072)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 12
TBOOT: flags: 0x00000000
TBOOT: CR0.NE not set
TBOOT: CR0 and EFLAGS OK
TBOOT: supports preserving machine check errors
TBOOT: CPU support processor-based S-CRTM
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
last boot has error.
TBOOT: checking if module is an SINIT for this platform...
TBOOT: ACM header size in bytes overflows
TBOOT: checking if module /boot/initramfs-3.10.0-327.4.5.el7.x86_64.img is an SINIT for this platform...
TBOOT: ACM size is too small: acmod_size=3d2fa00, acm_hdr->size*4=c0c0c0c0
TBOOT: no SINIT AC module found
TBOOT: TXT.SINIT.BASE: 0x7bf00000
TBOOT: TXT.SINIT.SIZE: 0x20000 (131072)
TBOOT: BIOS has already loaded an SINIT module
TBOOT: ACM info_table version mismatch (6)
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1
TBOOT: processor family/model/stepping: 0x406f1
TBOOT: platform id: 0x0
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1, extended: 0x0
TBOOT: 3 ACM processor id entries:
TBOOT: fms: 0x306f0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: fms: 0x50660, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: fms: 0x406f0, fms_mask: 0xfff3ff0, platform_id: 0x0, platform_mask: 0x0
TBOOT: no SINIT provided by bootloader; using BIOS SINIT
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: subtype: 0x0
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_id: 0x1d00
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20150805
TBOOT: size*4: 0x20000 (131072)
TBOOT: txt_svn: 0x00000001
TBOOT: se_svn: 0x00000000
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:00009a30
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 6
TBOOT: length: 0x30 (48)
TBOOT: chipset_id_list: 0x4f0
TBOOT: os_sinit_data_ver: 0x7
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x000000a5
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 0
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 2
TBOOT: max_phy_addr: 0
TBOOT: acm_ver: 71
TBOOT: chipset list:
TBOOT: count: 1
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xb002
TBOOT: revision_id: 0x1
TBOOT: extended_id: 0x0
TBOOT: processor list:
TBOOT: count: 3
TBOOT: entry 0:
TBOOT: fms: 0x306f0
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 1:
TBOOT: fms: 0x50660
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 2:
TBOOT: fms: 0x406f0
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: TPM info list:
TBOOT: TPM capability:
TBOOT: ext_policy: 0x3
TBOOT: tpm_family : 0x3
TBOOT: alg count: 3
TBOOT: alg_id: 0x4
TBOOT: alg_id: 0xb
TBOOT: alg_id: 0x14
TBOOT: SGX:verify_IA32_se_svn_status is called
TBOOT: SGX is not enabled, cpuid.ebx: 0x21cbfbb
TBOOT: file addresses:
TBOOT: &_start=0x804000
TBOOT: &_end=0xad0a60
TBOOT: &_mle_start=0x804000
TBOOT: &_mle_end=0x836000
TBOOT: &_post_launch_entry=0x804010
TBOOT: &_txt_wakeup=0x8041f0
TBOOT: &g_mle_hdr=0x81cd80
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
{0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000010
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=4000
TBOOT: mle_end_off=36000
TBOOT: capabilities: 0x00000027
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: MLE start=804000, end=836000, size=32000
TBOOT: ptab_size=3000, ptab_base=0x801000
TBOOT: TXT.HEAP.BASE: 0x7bf20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0x7bf20008, 0x2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x20000 (131072)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 12
TBOOT: flags: 0x00000000
TBOOT: discarding RAM above reserved regions: 0x7b4c5000 - 0x7b4c6000
TBOOT: discarding RAM above reserved regions: 0x7b54c000 - 0x7b800000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0x755a0000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x880000000
TBOOT: v2 LCP policy data found
TBOOT: os_sinit_data (@0x7bf35154, 0x7c):
TBOOT: version: 7
TBOOT: flags: 0
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x32000 (204800)
TBOOT: mle_hdr_base: 0x18d80
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0x75400000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x780000000
TBOOT: lcp_po_base: 0x7bf2014c
TBOOT: lcp_po_size: 0x4d4 (1236)
TBOOT: capabilities: 0x00000001
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 0
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: efi_rsdt_ptr: 0x92390
TBOOT: ext_data_elts[]:
TBOOT: EVENT_LOG_POINTER:
TBOOT: size: 16
TBOOT: elog_addr: 0x7bf3014c
TBOOT: Event Log Container:
TBOOT: Signature: TXT Event Container
TBOOT: ContainerVer: 1.0
TBOOT: PCREventVer: 1.0
TBOOT: Size: 20480
TBOOT: EventsOffset: [48,48)
TBOOT: setting MTRRs for acmod: base=0x7bf00000, size=0x20000, num_pages=32
TBOOT: The maximum allowed MTRR range size=256 Pages
TBOOT: executing GETSEC[SENTER]...
=== closing session. Bye ===
=== logged session to /tmp/irmc-172.17.115.235-2016-02-16-14:44.log
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
