We got similar tboot log as yours, this was a failure in creating a trusted environment. Please try my patch for your reported issue, which was tested pass on our machines.
> On May 10, 2016, at 6:14 AM, Tony Camuso <tcam...@redhat.com> wrote: > >> On 05/09/2016 07:51 PM, Sun, Ning wrote: >> BanDan, Tony, >> >> We tried out your patch, unfortunately it did not work on our >> machines, did you test your patch before submitting it?> >> -ning > > Yes, I did test it, and I just tested it again, on bare metal and > on the virtual guest. > Below is what I got from the bare metal boot. What are your lpc > settings? > > Loading tboot 1.8.3 ... > Loading Linux 3.10.0-352.el7.x86_64 ... > Loading initial ramdisk ... > TBOOT: CPU is SMX-capable > TBOOT: ERR: IA32_FEATURE_CONTROL_MSR_LOCK is not locked > TBOOT: ******************* TBOOT ******************* > TBOOT: 2015-05-08 12:00 -0800 1.8.3 > TBOOT: ********************************************* > TBOOT: command line: logging=serial,memory,vga > TBOOT: CPU is SMX-capable > TBOOT: ERR: IA32_FEATURE_CONTROL_MSR_LOCK is not locked > TBOOT: CPU is SMX-capable > TBOOT: ERR: IA32_FEATURE_CONTROL_MSR_LOCK is not locked > TBOOT: BSP is cpu 0 > TBOOT: original e820 map: > TBOOT: 0000000000000000 - 000000000009e000 (1) > TBOOT: 0000000000100000 - 00000000bd2f0000 (1) > TBOOT: 00000000bd2f0000 - 00000000bd31c000 (2) > TBOOT: 00000000bd31c000 - 00000000bd35b000 (3) > TBOOT: 00000000bd35b000 - 00000000c0000000 (2) > TBOOT: 00000000e0000000 - 00000000f0000000 (2) > TBOOT: 00000000fe000000 - 0000000100000000 (2) > TBOOT: 0000000100000000 - 0000000840000000 (1) > TBOOT: checking if module is an SINIT for this platform... > TBOOT: ACM size is too small: acmod_size=1ccd685, acm_hdr->size*4=c0c0c0c0 > TBOOT: no SINIT AC module found > TBOOT: TXT.SINIT.BASE: 0xbf700000 > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072) > TBOOT: BIOS has already loaded an SINIT module > TBOOT: chipset production fused: 1 > TBOOT: chipset ids: vendor: 0x8086, device: 0xb001, revision: 0x1 > TBOOT: processor family/model/stepping: 0x206d7 > TBOOT: platform id: 0xc000000000000 > TBOOT: 1 ACM chipset id entries: > TBOOT: vendor: 0x8086, device: 0xb001, flags: 0x1, revision: 0x3f, > extended: 0x0 > TBOOT: 2 ACM processor id entries: > TBOOT: fms: 0x306e0, fms_mask: 0xfff0ff0, platform_id: 0x0, > platform_mask: 0x0 > TBOOT: fms: 0x206d0, fms_mask: 0xfff0ff0, platform_id: 0x0, > platform_mask: 0x0 > TBOOT: no SINIT provided by bootloader; using BIOS SINIT > TBOOT: AC mod base alignment OK > TBOOT: SMXE not enabled, can't read parameters > TBOOT: get_parameters() failed > TBOOT: verifying AC module failed. > TBOOT: no LCP module found > TBOOT: ELF magic number is not matched, image is not ELF format. > TBOOT: assuming kernel is Linux format > TBOOT: Initrd from 0x7e332000 to 0x7ffff685 > TBOOT: Kernel (protected mode) from 0x1000000 to 0x14ef070 > TBOOT: Kernel (real mode) from 0x90000 to 0x94200 > TBOOT: Linux cmdline placed in header: > root=/dev/mapper/rhel_dell--pem520--02-root ro crashkernel=auto rd.lvm > TBOOT: .lv=rhel_dell-pem520-02/root rd.lvm.lv=rhel_dell-pem520-02/swap > consol > TBOOT: e=ttyS0,115200n81 intel_iommu=on > TBOOT: > TBOOT: transfering control to kernel @0x1000000... > [ 0.000000] Initializing cgroup subsys cpuset > [ 0.000000] Initializing cgroup subsys cpu > [ 0.000000] Initializing cgroup subsys cpuacct > [ 0.000000] Linux version 3.10.0-352.el7.x86_64 > (mockbu...@x86-034.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red > Hat 4.8.5-4) (GCC) ) #1 SMP Fri Feb 26 08:30:34 EST 2016 > > -- snip -- > ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
