In grub.cfg, find the line "multiboot2 /boot/tboot.gz logging=serial,memory",
add extpol=sha256 at end of the line.
From: travis.gilb...@dell.com [mailto:travis.gilb...@dell.com]
Sent: Thursday, December 08, 2016 2:23 PM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] TPM 2.0 + TXT + EFI tboot
I am trying to perform a simple trusted boot on SLES 12 SP2 with TPM 2.0 and
EFI mode. I can verify that TXT works using getsec64.efi and performing SENTER,
setting the secrets flag, rebooting and doing SENTER then SEXIT. When I select
the "tboot 1.9.4" entry in grub2, my server pauses for a bit after the loading
initial RAM disk step and then reboots. I then get an SINIT error notification
from BIOS that points to a log error (ERR_BAD_LOG_POINTER_PTR2_MATCH).
I am working with a freshly provisioned TPM and a new install of SLES 12 SP2. I
added the tboot and tpm2.0-tools packages to that install and modified grub2 to
give me a tboot prompt (I think I added a file grub-tboot to /etc/default/ to
accomplish this).
Am I missing anything?
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
