Hi All!
I hope you are having a wonderful day today :). I am trying to get tboot to
work in my machine. My computer has a TPM 2.0 and I am trying to understand
some of the available features.
The Intel TXT Software Development Guide defines Launch Control Policies.
Given that I have TPM 2.0, I believe I should use version 3.0 or 3.1, there
seem to be some utilities to write these files in the lcp-gen2 folder.
Looking at the source code, I found that there's also TBOOT Control
Policies, which seem to be referred as Verified Launch Control Policies.
What is the difference between them? When should I use each of them? Are
they also executed by the ACM? if not, when?
It seems that VLCPs don't support policy data files, is that so?
Regarding LCPs, where should I define them in NVRAM? I've tried using
0x1400001, but that index gets deleted every time I reboot the system,
regardless of using TXT. I'm defining the space with attr 0xF00F, and size
102 bytes, which is the size of the lcp_policy_2 struct. There's another
index to use that doesn't get deleted: 0x01c10106, but I am not sure how to
tell TXT to use it.
My original goal was to install a policy with POLTYPE_ANY, just to test,
but I can't see anything related to it in txt-stat, should it be logged
somehow?
Any help with these issues would be really appreciated :)
Best Regards,
Marco
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
