We fully understood this patch now, will merge it shortly after several runs on
our TXT servers and clients.
Thanks,
-Ning
From: Bo Adler [mailto:thum...@fb.com]
Sent: Wednesday, February 07, 2018 2:46 PM
To: tboot-devel@lists.sourceforge.nettSubject: Re: [tboot-devel] null pointer
dereference
Hi Ning,
Oops, you’re right – the “generic fatal error” is a different problem I’m
tracking down. I’ll send a separate email about that.
For this case, tboot goes into an infinite loop when TXT is off. To answer
your question – yes, tboot will complete but with “measured launch: FALSE”.
--Bo
Here’s the repeating section of the TBOOT output:
TBOOT: CPU is SMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: ******************* TBOOT *******************
TBOOT: 2017-07-11 12:00 -0800 1.9.6
TBOOT: *********************************************
TBOOT: command line: logging=memory,serial serial=57600,8n1,0x2f8
ignore_prev_err=false
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 00000000000a0000 (1)
TBOOT: 0000000000100000 - 0000000079592000 (1)
TBOOT: 0000000079592000 - 0000000079b58000 (2)
TBOOT: 0000000079b58000 - 0000000079ba9000 (3)
TBOOT: 0000000079ba9000 - 000000007a169000 (4)
TBOOT: 000000007a169000 - 000000007bcf6000 (2)
TBOOT: 000000007bcf6000 - 000000007bd51000 (20)
TBOOT: 000000007bd51000 - 000000007bd52000 (1)
TBOOT: 000000007bd52000 - 000000007bdd8000 (2)
TBOOT: 000000007bdd8000 - 000000007c000000 (1)
TBOOT: 000000007c000000 - 0000000090000000 (2)
TBOOT: 00000000fed1c000 - 00000000fed20000 (2)
TBOOT: 00000000ff000000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 0000002080000000 (1)
TBOOT: checking if module is an SINIT for this platform...
TBOOT: ACM size is too small: acmod_size=1010c39, acm_hdr->size*4=c0c0c0c0
TBOOT: no SINIT AC module found
TBOOT: TXT.SINIT.BASE: 0x0
TBOOT: TXT.SINIT.SIZE: 0x0 (0)
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
From: "Sun, Ning" <ning....@intel.com<mailto:ning....@intel.com>>
Date: Wednesday, February 7, 2018 at 2:13 PM
To: Bo Adler <thum...@fb.com<mailto:thum...@fb.com>>,
"tboot-devel@lists.sourceforge.net<mailto:tboot-devel@lists.sourceforge.net>"
<tboot-devel@lists.sourceforge.net<mailto:tboot-devel@lists.sourceforge.net>>
Subject: RE: null pointer dereference
Hi Bo,
Do you mean that your patch will allow a TPM 1.2 machine with Intel TXT turned
off to boot into Linux successfully with tboot but not into a trusted TXT
environment?
Was there any tboot logs for the “generic fatal error”?
Thanks,
-Ning
From: Bo Adler [mailto:thum...@fb.com]
Sent: Tuesday, February 06, 2018 3:18 PM
To: tboot-devel@lists.sourceforge.net<mailto:tboot-devel@lists.sourceforge.net>
Subject: [tboot-devel] null pointer dereference
I was trying to test more recent versions of tboot, and have run into a couple
of problems. Here’s the first one, which occurs if TXT is disabled in the
firmware. Is there any continuous testing plan for this project that could
catch errors like this?
--Bo
Test plan: found a machine running with tpm-1.2, turned off TXT. Verified that
my older 1.9.5 version would do a measured launch, and that the most recent
1.9.6 would report “generic fatal error”. A gazillion printk’s later, and I
discovered the problem was in the line below. Applying the patch allows the
machine to boot with a measured launch.
---
tboot/common/tb_error.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tboot/common/tb_error.c b/tboot/common/tb_error.c
index e9e8244..5880620 100644
--- a/tboot/common/tb_error.c
+++ b/tboot/common/tb_error.c
@@ -168,7 +168,7 @@ bool write_tb_error_code(tb_error_t error)
struct tpm_if *tpm = get_tpm();
const struct tpm_if_fp *tpm_fp = get_tpm_fp();
- if ( !tpm || no_err_idx )
+ if ( !tpm || !tpm_fp || no_err_idx )
return false;
if ( !tpm_fp->nv_write(tpm, tpm->cur_loc, tpm->tb_err_index, 0,
--
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
