As I just posted in another thread, switching from grub 2.00 to 2.02 enabled me
to get tboot, the kernel (3.10), the initramfs, and Intel's SINIT module loaded
and boot my system, and when I check txt-stat it shows that a measured boot was
performed. Yay! Except, there's no /dev/tpm0 device file. If I reboot and
just load the kernel and initramfs normally, i.e., without the tboot and SINIT
modules, /dev/tpm0 is there as expected. Here's the grub configuration I'm
using:
set root='hd0,msdos1'
multiboot /tboot.gz /tboot.gz logging=vga,memory,serial
module /bzImage /bzImage ro console=tty0 console=ttyS0,115200
module /rootfs.cpio.gz /rootfs.cpio.gz
module /5th_gen_i5_i7_SINIT_79.BIN /5th_gen_i5_i7_SINIT_79.BIN
boot
Looking in the log (journalctl) I see some errors that may be related:
kernel: tpm_crb MSFT0101:00: tpm_transmit: tpm_recv: error -5
kernel: tpm_crb: probe of MSFT0101:00 failed with error -5
kernel[349]: tpm_crb MSFT0101:00: tpm_transmit: tpm_recv: error -5
kernel[349]: tpm_crb: probe of MSFT0101:00 failed with error -5
Looking at the output from txt-stat, it looks like tboot is communicating with
the TPM, but there also seem to be some read and write errors, too:
Intel(r) TXT Configuration Registers:
STS: 0x00018091
senter_done: TRUE
sexit_done: FALSE
mem_config_lock: FALSE
private_open: TRUE
locality_1_open: TRUE
locality_2_open: TRUE
ESTS: 0x00
txt_reset: FALSE
E2STS: 0x0000000000000006
secrets: TRUE
ERRORCODE: 0x00000000
DIDVID: 0x00000001b0028086
vendor_id: 0x8086
device_id: 0xb002
revision_id: 0x1
FSBIF: 0xffffffffffffffff
QPIIF: 0x000000009d003000
SINIT.BASE: 0x9cef0000
SINIT.SIZE: 196608B (0x30000)
HEAP.BASE: 0x9cf20000
HEAP.SIZE: 917504B (0xe0000)
DPR: 0x000000009d000041
lock: TRUE
top: 0x9d000000
size: 4MB (4194304B)
PUBLIC.KEY:
2d 67 dd d7 5e f9 33 92 66 a5 6f 27 18 95 55 ae
77 a2 b0 de 77 42 22 e5 de 24 8d be b8 e3 3d d7
***********************************************************
TXT measured launch: TRUE
secrets flag set: TRUE
***********************************************************
TBOOT log:
max_size=32706
zip_count=0
curr_pos=31478
buf:
TBOOT: ******************* TBOOT *******************
TBOOT: 2017-07-11 12:00 -0800 1.9.6
TBOOT: *********************************************
TBOOT: command line: /tboot.gz logging=vga,memory,serial
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009d000 (1)
TBOOT: 000000000009d000 - 00000000000a0000 (2)
TBOOT: 00000000000e0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 0000000096f2f000 (1)
TBOOT: 0000000096f2f000 - 000000009c7bf000 (2)
TBOOT: 000000009c7bf000 - 000000009cbbf000 (4)
TBOOT: 000000009cbbf000 - 000000009cbff000 (3)
TBOOT: 000000009cbff000 - 000000009cc00000 (1)
TBOOT: 000000009cc00000 - 00000000a0000000 (2)
TBOOT: 00000000e0000000 - 00000000f0000000 (2)
TBOOT: 00000000feb00000 - 00000000feb04000 (2)
TBOOT: 00000000fec00000 - 00000000fec01000 (2)
TBOOT: 00000000fed10000 - 00000000fed1a000 (2)
TBOOT: 00000000fed1c000 - 00000000fed20000 (2)
TBOOT: 00000000fee00000 - 00000000fee01000 (2)
TBOOT: 00000000ff800000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 000000025f000000 (1)
TBOOT: checking if module /5th_gen_i5_i7_SINIT_79.BIN is an SINIT for this
platform...
TBOOT: chipset production fused: 1
TBOOT: chipset ids: vendor: 0x8086, device: 0xb002, revision: 0x1
TBOOT: processor family/model/stepping: 0x40671
TBOOT: platform id: 0x14000000000000
TBOOT: 2 ACM chipset id entries:
TBOOT: vendor: 0x8086, device: 0xb002, flags: 0x1, revision: 0x1,
extended: 0x0
TBOOT: 5 ACM processor id entries:
TBOOT: fms: 0x306c0, fms_mask: 0xfff3ff0, platform_id: 0x0,
platform_mask: 0x0
TBOOT: fms: 0x40660, fms_mask: 0xfff3ff0, platform_id: 0x0,
platform_mask: 0x0
TBOOT: fms: 0x40650, fms_mask: 0xfff3ff0, platform_id: 0x0,
platform_mask: 0x0
TBOOT: fms: 0x306d0, fms_mask: 0xfff3ff0, platform_id: 0x0,
platform_mask: 0x0
TBOOT: fms: 0x40670, fms_mask: 0xfff3ff0, platform_id: 0x0,
platform_mask: 0x0
TBOOT: SINIT matches platform
TBOOT: TXT.SINIT.BASE: 0x9cef0000
TBOOT: TXT.SINIT.SIZE: 0x30000 (196608)
TBOOT: copied SINIT (size=15580) to 0x9cef0000
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: subtype: 0x0
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_id: 0xb005
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20140915
TBOOT: size*4: 0x15580 (87424)
TBOOT: txt_svn: 0x00000000
TBOOT: se_svn: 0x00000000
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:0000a656
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 5
TBOOT: length: 0x30 (48)
TBOOT: chipset_id_list: 0x4f0
TBOOT: os_sinit_data_ver: 0x7
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x0000016e
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 1
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 1
TBOOT: max_phy_addr: 1
TBOOT: tcg_event_log_format: 0
TBOOT: acm_ver: 79
TBOOT: chipset list:
TBOOT: count: 2
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xb002
TBOOT: revision_id: 0x1
TBOOT: extended_id: 0x0
TBOOT: entry 1:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0xb005
TBOOT: revision_id: 0x1
TBOOT: extended_id: 0x0
TBOOT: processor list:
TBOOT: count: 5
TBOOT: entry 0:
TBOOT: fms: 0x306c0
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 1:
TBOOT: fms: 0x40660
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 2:
TBOOT: fms: 0x40650
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 3:
TBOOT: fms: 0x306d0
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: entry 4:
TBOOT: fms: 0x40670
TBOOT: fms_mask: 0xfff3ff0
TBOOT: platform_id: 0x0
TBOOT: platform_mask: 0x0
TBOOT: TPM info list:
TBOOT: TPM capability:
TBOOT: ext_policy: 0x3
TBOOT: tpm_family : 0x3
TBOOT: tpm_nv_index_set : 0x0
TBOOT: alg count: 3
TBOOT: alg_id: 0x4
TBOOT: alg_id: 0xb
TBOOT: alg_id: 0x14
TBOOT: TPM: FIFO_INF Locality 0 is open
TBOOT: TPM: discrete TPM2.0 Family 0x1
TBOOT: TPM: supported bank count = 2
TBOOT: TPM: bank alg = 00000004
TBOOT: TPM: bank alg = 0000000b
TBOOT: tboot: supported alg count = 2
TBOOT: tboot: hash alg = 00000004
TBOOT: tboot: hash alg = 0000000B
TBOOT: TPM:CreatePrimary creating hierarchy handle = 40000007
TBOOT: TPM:CreatePrimary created object handle = 80000000
TBOOT: TPM attribute:
TBOOT: extend policy: 2
TBOOT: current alg id: 0x4
TBOOT: timeout values: A: 750, B: 2000, C: 75000, D: 750
TBOOT: SGX:verify_IA32_se_svn_status is called
TBOOT: SGX is not enabled, cpuid.ebx: 0x21c2fbb
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01200001 in TPM NV
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01400001 in TPM NV
TBOOT: :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[1]:
TBOOT: mod_num: any
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[2]:
TBOOT: mod_num: nv_raw
nv_index: 40000010
TBOOT: pcr: 22
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: TPM: write NV 01200002, offset 00000000, 00000004 bytes, return value =
0000018B
TBOOT: Error: write TPM error: 0x18b.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: RSDP (v2, INSYDE) @ 0x0fe0
TBOOT: TXT.HEAP.BASE: 0x9cf20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0x9cf20008, 0x56):
TBOOT: version: 4
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xfff0a000
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: CR0 and EFLAGS OK
TBOOT: supports preserving machine check errors
TBOOT: CPU support processor-based S-CRTM
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
TPM: read NV index 01200002 from offset 00000000, return value = 0000018B
TBOOT: Error: read TPM error: 0x18b.
TBOOT: last boot has no error.
TBOOT: file addresses:
TBOOT: &_start=0x804000
TBOOT: &_end=0xb56aa0
TBOOT: &_mle_start=0x804000
TBOOT: &_mle_end=0x83a000
TBOOT: &_post_launch_entry=0x804010
TBOOT: &_txt_wakeup=0x804200
TBOOT: &g_mle_hdr=0x81e760
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
{0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000010
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=4000
TBOOT: mle_end_off=3a000
TBOOT: capabilities: 0x00000227
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 1
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 1
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: tcg_event_log_format: 1
TBOOT: MLE start=0x804000, end=0x83a000, size=0x36000
TBOOT: ptab_size=3000, ptab_base=0x801000
TBOOT: TXT.HEAP.BASE: 0x9cf20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0x9cf20008, 0x56):
TBOOT: version: 4
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xfff0a000
TBOOT: discarding RAM above reserved regions: 0x9cbff000 - 0x9cc00000
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0x96f2f000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x25f000000
TBOOT: no LCP module found
TBOOT: INTEL TXT LOG elt SIZE = 36
TBOOT: os_sinit_data (@0x9cf3517e, 0x90):
TBOOT: version: 7
TBOOT: flags: 1
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x36000 (221184)
TBOOT: mle_hdr_base: 0x1a760
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0x96e00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x15f000000
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000202
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: tcg_event_log_format: 1
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: ext_data_elts[]:
TBOOT: EVENT_LOG_PTR:
TBOOT: size: 36
TBOOT: count: 1
TBOOT: Log Descrption:
TBOOT: Alg: 4
TBOOT: Size: 4096
TBOOT: EventsOffset: [0,0]
TBOOT: No Event Log.
TBOOT: setting MTRRs for acmod: base=0x9cef0000, size=0x15580, num_pages=22
TBOOT: The maximum allowed MTRR range size=16 Pages
TBOOT: executing GETSEC[SENTER]...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: ******************* TBOOT *******************
TBOOT: 2017-07-11 12:00 -0800 1.9.6
TBOOT: *********************************************
TBOOT: command line: /tboot.gz logging=vga,memory,serial
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: SINIT ACM successfully returned...
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: 0000000000000000 - 000000000009d000 (1)
TBOOT: 000000000009d000 - 00000000000a0000 (2)
TBOOT: 00000000000e0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 0000000096f2f000 (1)
TBOOT: 0000000096f2f000 - 000000009c7bf000 (2)
TBOOT: 000000009c7bf000 - 000000009cbbf000 (4)
TBOOT: 000000009cbbf000 - 000000009cbff000 (3)
TBOOT: 000000009cbff000 - 000000009cc00000 (1)
TBOOT: 000000009cc00000 - 00000000a0000000 (2)
TBOOT: 00000000e0000000 - 00000000f0000000 (2)
TBOOT: 00000000feb00000 - 00000000feb04000 (2)
TBOOT: 00000000fec00000 - 00000000fec01000 (2)
TBOOT: 00000000fed10000 - 00000000fed1a000 (2)
TBOOT: 00000000fed1c000 - 00000000fed20000 (2)
TBOOT: 00000000fee00000 - 00000000fee01000 (2)
TBOOT: 00000000ff800000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 000000025f000000 (1)
TBOOT: TPM: FIFO_INF Locality 0 is open
TBOOT: TPM: discrete TPM2.0 Family 0x1
TBOOT: TPM: supported bank count = 2
TBOOT: TPM: bank alg = 00000004
TBOOT: TPM: bank alg = 0000000b
TBOOT: tboot: supported alg count = 2
TBOOT: tboot: hash alg = 00000004
TBOOT: tboot: hash alg = 0000000B
TBOOT: TPM attribute:
TBOOT: extend policy: 2
TBOOT: current alg id: 0x4
TBOOT: timeout values: A: 750, B: 2000, C: 75000, D: 750
TBOOT: SGX:verify_IA32_se_svn_status is called
TBOOT: SGX is not enabled, cpuid.ebx: 0x21c2fbb
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01200001 in TPM NV
TBOOT: :reading failed
TBOOT: reading Launch Control Policy from TPM NV...
TBOOT: TPM: fail to get public data of 0x01400001 in TPM NV
TBOOT: :reading failed
TBOOT: failed to read policy from TPM NV, using default
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 3
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[1]:
TBOOT: mod_num: any
TBOOT: pcr: 17
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: policy entry[2]:
TBOOT: mod_num: nv_raw
nv_index: 40000010
TBOOT: pcr: 22
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: TPM: write NV 01200002, offset 00000000, 00000004 bytes, return value =
0000018B
TBOOT: Error: write TPM error: 0x18b.
TBOOT: no policy in TPM NV.
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: TXT.ERRORCODE: 0xc0000001
TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0
TBOOT: TXT.ESTS: 0x0
TBOOT: TXT.E2STS: 0x0
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: RSDP (v2, INSYDE) @ 0x0fe0
TBOOT: TXT.HEAP.BASE: 0x9cf20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0x9cf20008, 0x56):
TBOOT: version: 4
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xfff0a000
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: Post_launch started ...
TBOOT: measured launch succeeded
TBOOT: TXT.HEAP.BASE: 0x9cf20000
TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
TBOOT: bios_data (@0x9cf20008, 0x56):
TBOOT: version: 4
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 8
TBOOT: flags: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: BIOS_SPEC_VER:
TBOOT: major: 0x2
TBOOT: minor: 0x1
TBOOT: rev: 0x0
TBOOT: ACM:
TBOOT: num_acms: 1
TBOOT: acm_addrs[0]: 0xfff0a000
TBOOT: os_mle_data (@0x9cf2005e, 0x15120):
TBOOT: version: 3
TBOOT: loader context addr: 0x10000
TBOOT: os_sinit_data (@0x9cf3517e, 0x90):
TBOOT: version: 7
TBOOT: flags: 1
TBOOT: mle_ptab: 0x801000
TBOOT: mle_size: 0x36000 (221184)
TBOOT: mle_hdr_base: 0x1a760
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0x96e00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x15f000000
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000202
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: ecx_pgtbl: 0
TBOOT: stm: 0
TBOOT: pcr_map_no_legacy: 0
TBOOT: pcr_map_da: 0
TBOOT: platform_type: 0
TBOOT: max_phy_addr: 0
TBOOT: tcg_event_log_format: 1
TBOOT: efi_rsdt_ptr: 0x0
TBOOT: ext_data_elts[]:
TBOOT: EVENT_LOG_PTR:
TBOOT: size: 36
TBOOT: count: 1
TBOOT: Log Descrption:
TBOOT: Alg: 4
TBOOT: Size: 4096
TBOOT: EventsOffset: [0,801]
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x402
TBOOT: Digest: e0 64 42 17 72 da 0c ca 59 ce a4 78 01 c2
ee 5e 5c 2a 17 58
TBOOT: Data: 36 bytes
01 e0 e4 69 91 1a 09 c3 cf ea 6e 49 2c b3 6a 50
fc c4 a5 37 80 60 8b 90 b8 03 1a 4d c3 2c ff 7b
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 255
TBOOT: Type: 0x401
TBOOT: Digest: 00 f0 53 ff 00 f0 c3 e2 00 f0 dd 34 00 f0
53 ff 00 f0 54 ff
TBOOT: Data: 4 bytes
01 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40a
TBOOT: Digest: 31 d0 76 5c f1 4a 39 5d 88 aa 99 bd 2e 5d
c4 19 f4 2b 06 f7
TBOOT: Data: 32 bytes
00 00 00 00 15 09 14 20 05 b0 00 00 00 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40b
TBOOT: Digest: 90 69 ca 78 e7 45 0a 28 51 73 43 1b 3e 52
c5 c2 52 99 e4 73
TBOOT: Data: 4 bytes
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40c
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68
e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x412
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e
43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40e
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e
43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x40f
TBOOT: Digest: e8 f8 bb 99 f9 c7 98 40 05 8c 45 62 8a 72
79 d5 e6 e3 50 91
TBOOT: Data: 4 bytes
02 02 00 00
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x404
TBOOT: Digest: c4 99 e6 e3 67 7b 81 59 21 09 b5 56 51 d9
dc 3f 1c 51 4f a1
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x414
TBOOT: Digest: 9d 8c fc db 89 a9 ba bc 0d 31 31 54 8d ea
a1 9d 2a 65 82 8c
TBOOT: Data: 95 bytes
01 01 80 00 03 00 0b 62 04 44 08 00 20 ef 9a 26
fc 22 d1 ae 8c ec ff 59 e9 48 1a c1 ec 53 3d be
22 8b ec 6d 17 93 0f 4c b2 cc 5b 97 24 00 68 01
01 80 00 01 00 0b 62 04 04 08 00 20 c0 01 c8 00
02 10 d0 fa a4 f4 f4 f8 a7 8e f4 f8 26 4e 6f 85
55 34 0d 2f 04 18 0f 8c f1 10 ff dd 00 46 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x410
TBOOT: Digest: fe 48 79 5c e3 18 12 ff a8 14 99 7f 46 3e
a0 ca 19 eb 33 2c
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40b
TBOOT: Digest: 90 69 ca 78 e7 45 0a 28 51 73 43 1b 3e 52
c5 c2 52 99 e4 73
TBOOT: Data: 4 bytes
00 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40f
TBOOT: Digest: e8 f8 bb 99 f9 c7 98 40 05 8c 45 62 8a 72
79 d5 e6 e3 50 91
TBOOT: Data: 4 bytes
02 02 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x40c
TBOOT: Digest: 0a af 76 f4 25 c6 e0 f4 3a 36 19 7d e7 68
e6 7d 9e 03 5a bb
TBOOT: Data: 4 bytes
02 00 00 00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x413
TBOOT: Digest: 5b a9 3c 9d b0 cf f9 3f 52 b5 21 d7 42 0e
43 f6 ed a2 78 4f
TBOOT: Data: 1 bytes
00
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x414
TBOOT: Digest: 9d 8c fc db 89 a9 ba bc 0d 31 31 54 8d ea
a1 9d 2a 65 82 8c
TBOOT: Data: 95 bytes
01 01 80 00 03 00 0b 62 04 44 08 00 20 ef 9a 26
fc 22 d1 ae 8c ec ff 59 e9 48 1a c1 ec 53 3d be
22 8b ec 6d 17 93 0f 4c b2 cc 5b 97 24 00 68 01
01 80 00 01 00 0b 62 04 04 08 00 20 c0 01 c8 00
02 10 d0 fa a4 f4 f4 f8 a7 8e f4 f8 26 4e 6f 85
55 34 0d 2f 04 18 0f 8c f1 10 ff dd 00 46 00
TBOOT: sinit_mle_data (@0x9cf3520e, 0x270):
TBOOT: version: 9
TBOOT: bios_acm_id:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: edx_senter_flags: 0x00000000
TBOOT: mseg_valid: 0x0
TBOOT: sinit_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: mle_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: stm_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: lcp_policy_hash:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TBOOT: lcp_policy_control: 0x00000000
TBOOT: rlp_wakeup_addr: 0x9cef1d10
TBOOT: num_mdrs: 6
TBOOT: mdrs_off: 0x1e0
TBOOT: num_vtd_dmars: 176
TBOOT: vtd_dmars_off: 0x130
TBOOT: sinit_mdrs:
TBOOT: 0000000000000000 - 00000000000a0000 (GOOD)
TBOOT: 0000000000100000 - 0000000001000000 (GOOD)
TBOOT: 0000000001000000 - 000000009cc00000 (GOOD)
TBOOT: 0000000100000000 - 000000025f000000 (GOOD)
TBOOT: 000000009d000000 - 000000009d800000 (SMRAM NON-OVERLAY)
TBOOT: 00000000e0000000 - 00000000f0000000 (PCIE EXTENDED CONFIG)
TBOOT: proc_scrtm_status: 0x00000000
TBOOT: ext_data_elts[]:
TBOOT: unknown element: type: 6, size: 148
TBOOT: unknown element: type: 1380011332, size: 176
TBOOT: CPU supports 39 phys address bits
TBOOT: acpi_table_ioapic @ 0x9cbf106c, .address = 0xfec00000
TBOOT: acpi_table_mcfg @ 0x9cbf0000, .base_address = 0xe0000000
TBOOT: mtrr_def_type: e = 1, fe = 1, type = 0
TBOOT: mtrrs:
TBOOT: base mask type v
TBOOT: 0000000000000 0000007f80000 06 01
TBOOT: 0000000080000 0000007fe0000 06 01
TBOOT: 000000009cc00 0000007fffc00 00 01
TBOOT: 000000009d000 0000007fff000 00 01
TBOOT: 000000009e000 0000007ffe000 00 01
TBOOT: 00000000ff800 0000007fff800 05 01
TBOOT: 0000000100000 0000007f00000 06 01
TBOOT: 0000000200000 0000007f80000 06 01
TBOOT: 000000025f000 0000007fff000 00 01
TBOOT: 0000000260000 0000007fe0000 00 01
TBOOT: discarding RAM above reserved regions: 0x9cbff000 - 0x9cc00000
TBOOT: reserving 0x96e00000 - 0x96f2f000, which was truncated for VT-d
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0x96f2f000
TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x25f000000
TBOOT: MSR for SMM monitor control on BSP is 0x0.
TBOOT: verifying ILP is opt-out or has the same MSEG header with TXT.MSEG.BASE
opt-out
TBOOT: : succeeded.
TBOOT: enabling SMIs on BSP
TBOOT: mle_join.entry_point = 804200
TBOOT: mle_join.seg_sel = 8
TBOOT: mle_join.gdt_base = 805000
TBOOT: mle_join.gdt_limit = 3f
TBOOT: joining RLPs to MLE with MONITOR wakeup
TBOOT: rlp_wakeup_addr = 0x9cef1d10
TBOOT: cpu 4 waking up from TXT sleep
TBOOT: waiting for all APs (7) to enter wait-for-sipi...
TBOOT: MSR for SMM monitor control on cpu 4 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 4
: succeeded.
TBOOT: enabling SMIs on cpu 4
TBOOT: .VMXON done for cpu 4
TBOOT:
TBOOT: cpu 5 waking up from TXT sleep
TBOOT: launching mini-guest for cpu 4
TBOOT: MSR for SMM monitor control on cpu 5 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 5
: succeeded.
TBOOT: enabling SMIs on cpu 5
TBOOT: VMXON done for cpu 5
TBOOT: launching mini-guest for cpu 5
TBOOT: cpu 2 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 2 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 2
: succeeded.
TBOOT: enabling SMIs on cpu 2
TBOOT: VMXON done for cpu 2
TBOOT: launching mini-guest for cpu 2
TBOOT: cpu 3 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 3 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 3
: succeeded.
TBOOT: enabling SMIs on cpu 3
TBOOT: VMXON done for cpu 3
TBOOT: launching mini-guest for cpu 3
TBOOT: cpu 6 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 6 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 6
: succeeded.
TBOOT: enabling SMIs on cpu 6
TBOOT: .VMXON done for cpu 6
TBOOT: launching mini-guest for cpu 6
TBOOT: cpu 7 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 7 is 0x0
TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 7
: succeeded.
TBOOT: enabling SMIs on cpu 7
TBOOT: VMXON done for cpu 7
TBOOT: launching mini-guest for cpu 7
TBOOT: cpu 1 waking up from TXT sleep
TBOOT: MSR for SMM monitor control on cpu 1 is 0x0
TBOOT: .verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 1
. : succeeded.
TBOOT: enabling SMIs on cpu 1
TBOOT: .VMXON done for cpu 1
TBOOT:
TBOOT: launching mini-guest for cpu 1
TBOOT: all APs in wait-for-sipi
TBOOT: saved IA32_MISC_ENABLE = 0x00850089
TBOOT: set TXT.CMD.SECRETS flag
TBOOT: opened TPM locality 1
TBOOT: DMAR table @ 0x9cbd0000 saved.
TBOOT: got sinit match on module #2
TBOOT: no LCP module found
TBOOT: protecting TXT heap (9cf20000 - 9cffffff) in e820 table
TBOOT: protecting SINIT (9cef0000 - 9cf1ffff) in e820 table
TBOOT: protecting TXT Private Space (fed20000 - fed2ffff) in e820 table
TBOOT: verifying e820 table against SINIT MDRs: verification succeeded.
TBOOT: verifying module 0 of mbi (b57000 - 1536cbf) in e820 table
(range from 0000000000b57000 to 0000000001536cc0 is in E820_RAM)
TBOOT: : succeeded.
TBOOT: verifying module 1 of mbi (1537000 - e953bff) in e820 table
(range from 0000000001537000 to 000000000e953c00 is in E820_RAM)
TBOOT: : succeeded.
TBOOT: verifying tboot and its page table (800000 - b56a9f) in e820 table
(range from 0000000000800000 to 0000000000b56aa0 is in E820_RAM)
TBOOT: : succeeded.
TBOOT: ELF magic number is not matched, image is not ELF format.
TBOOT: protecting tboot (800000 - b56fff) in e820 table
TBOOT: reserving tboot memory log (60000 - 67fff) in e820 table
TBOOT: adjusted e820 map:
TBOOT: 0000000000000000 - 0000000000060000 (1)
TBOOT: 0000000000060000 - 0000000000068000 (2)
TBOOT: 0000000000068000 - 000000000009d000 (1)
TBOOT: 000000000009d000 - 00000000000a0000 (2)
TBOOT: 00000000000e0000 - 0000000000100000 (2)
TBOOT: 0000000000100000 - 0000000000800000 (1)
TBOOT: 0000000000800000 - 0000000000b57000 (2)
TBOOT: 0000000000b57000 - 0000000096e00000 (1)
TBOOT: 0000000096e00000 - 0000000096f2f000 (2)
TBOOT: 0000000096f2f000 - 000000009c7bf000 (2)
TBOOT: 000000009c7bf000 - 000000009cbbf000 (4)
TBOOT: 000000009cbbf000 - 000000009cbff000 (3)
TBOOT: 000000009cbff000 - 000000009cc00000 (2)
TBOOT: 000000009cc00000 - 000000009cef0000 (2)
TBOOT: 000000009cef0000 - 000000009cf20000 (2)
TBOOT: 000000009cf20000 - 000000009d000000 (2)
TBOOT: 000000009d000000 - 00000000a0000000 (2)
TBOOT: 00000000e0000000 - 00000000f0000000 (2)
TBOOT: 00000000feb00000 - 00000000feb04000 (2)
TBOOT: 00000000fec00000 - 00000000fec01000 (2)
TBOOT: 00000000fed10000 - 00000000fed1a000 (2)
TBOOT: 00000000fed1c000 - 00000000fed20000 (2)
TBOOT: 00000000fed20000 - 00000000fed30000 (2)
TBOOT: 00000000fee00000 - 00000000fee01000 (2)
TBOOT: 00000000ff800000 - 0000000100000000 (2)
TBOOT: 0000000100000000 - 000000025f000000 (1)
TBOOT: verifying policy
TBOOT: verifying module "
/bzImage ro console=tty0 console=ttyS0,115200"...
TBOOT: OK : de 3e 10 e1 17 63 63 0e 85 9f 19 76 52 10 6d 9d 34 35 e5 81
TBOOT: verifying module "
/rootfs.cpio.gz"...
TBOOT: OK : ac 8a ef 98 29 c4 fd 89 c4 75 dd 28 98 e4 e8 20 35 5b 05 5e
TBOOT: all modules are verified
TBOOT: pre_k_s3_state:
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0x96e00000
TBOOT: vtd_pmr_hi_base: 0x100000000
TBOOT: vtd_pmr_hi_size: 0x15f000000
TBOOT: pol_hash: ce 78 8c 7b 47 b2 91 85 b8 8c 3c a0 7d f7 02 e3 a1 e4 60
03
TBOOT: VL measurements:
TBOOT: PCR 17 (alg count 1):
TBOOT: alg 0004: fb b1 b9 ea b0 c9 2a c0 9c 28 14 f5 38 b5 ad 02 af
e0 ee af
TBOOT: PCR 18 (alg count 1):
TBOOT: alg 0004: fb b1 b9 ea b0 c9 2a c0 9c 28 14 f5 38 b5 ad 02 af
e0 ee af
TBOOT: PCR 17 (alg count 1):
TBOOT: alg 0004: de 3e 10 e1 17 63 63 0e 85 9f 19 76 52 10 6d 9d 34
35 e5 81
TBOOT: PCR 17 (alg count 1):
TBOOT: alg 0004: ac 8a ef 98 29 c4 fd 89 c4 75 dd 28 98 e4 e8 20 35
5b 05 5e
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x501
TBOOT: Digest: fb b1 b9 ea b0 c9 2a c0 9c 28 14 f5 38 b5
ad 02 af e0 ee af
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 18
TBOOT: Type: 0x501
TBOOT: Digest: fb b1 b9 ea b0 c9 2a c0 9c 28 14 f5 38 b5
ad 02 af e0 ee af
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x501
TBOOT: Digest: de 3e 10 e1 17 63 63 0e 85 9f 19 76 52 10
6d 9d 34 35 e5 81
TBOOT: Data: 0 bytes
TBOOT: Event:
TBOOT: PCRIndex: 17
TBOOT: Type: 0x501
TBOOT: Digest: ac 8a ef 98 29 c4 fd 89 c4 75 dd 28 98 e4
e8 20 35 5b 05 5e
TBOOT: Data: 0 bytes
TBOOT: TPM: tpm2 context save successful, return value = 00000000
TBOOT: requested 0x40 random bytes but only got 0x20
TBOOT: trying one more time to get remaining 0x20 bytes
TBOOT: tboot_shared data:
TBOOT: version: 6
TBOOT: log_addr: 0x00060000
TBOOT: shutdown_entry: 0x008041c0
TBOOT: shutdown_type: 0
TBOOT: tboot_base: 0x00804000
TBOOT: tboot_size: 0x352aa0
TBOOT: num_in_wfs: 7
TBOOT: flags: 0x00000000
TBOOT: ap_wake_addr: 0x00000000
TBOOT: ap_wake_trigger: 0
TBOOT: no LCP module found
TBOOT: ELF magic number is not matched, image is not ELF format.
TBOOT: assuming kernel is Linux format
TBOOT: Initrd from 0x72be3000 to 0x7ffffc00
TBOOT: Kernel (protected mode) from 0xc00000 to 0x15dbcc0
TBOOT: Kernel (real mode) from 0x90000 to 0x94000
TBOOT: Linux cmdline from 0x98d00 to 0x99100:
TBOOT: /bzImage ro console=tty0 console=ttyS0,115200
TBOOT: transfering control to kernel @0xc00000...
TBOOT: VMXOFF done for cpu 1
TBOOT: cpu 1 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 2
TBOOT: cpu 2 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 3
TBOOT: cpu 3 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 4
TBOOT: cpu 4 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 5
TBOOT: cpu 5 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 6
TBOOT: cpu 6 waking up, SIPI vector=98000
TBOOT: VMXOFF done for cpu 7
TBOOT: cpu 7 waking up, SIPI vector=98000
Any ideas why /dev/tmp0 is missing?
Peter
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
