Hi,
I'm trying to get to the bottom of a problem using the combination of tboot
(http://tboot.sf.net, trusted boot kernel for Intel TXT) and extlinux.
TBOOT loads using the multiboot protocol, where the tboot "kernel" is
loaded as the kernel, and the actual linux kernel and initrd are specified as
modules. A working grub configuration looks something like:
=================================================title measured
2.6.28.9-itpm-dirty
root (hd0,3)
kernel /boot/tboot.gz logging=vga,serial
module /boot/vmlinuz-2.6.28.9-itpm-dirty root=/dev/sda4 ro intel_iommu=on
earlyprintk=vga console=ttyS0,115200
module /boot/initrd.img-2.6.28.9-itpm-dirty
module /boot/GM45_PM45_SINIT_19.BIN
=================================================
I tried replicating this with a extlinux config file.
=================================================LABEL measured
KERNEL /usr/lib/syslinux/mboot.c32
APPEND /boot/tboot.gz logging=vga,serial --- /boot/vmlinuz-2.6.28.9-itpm-dirty
root=/dev/sda4 ro intel_iommu=on earlyprintk=vga console=ttyS0,115200 ---
/boot/initrd.img-2.6.28.9-itpm-dirty --- /boot/GM45_PM45_SINIT_19.BIN
=================================================
But the tboot process fails when extlinux is used to load it. The boot log from
extlinux, as well as tboot is included below:
=================================================EXTLINUX 3.75 3.75 Copyright
(C) 1994-2009 H. Peter Anvin et al
COM32 Multiboot loader v0.2. Copyright (C) 2005-2006 Tim Deegan.
_end: 0x0018ecf8
argv[1]: 0x0018ecf8
next_load_addr: 0x0018ee0c
section_addr 0x7b07ffd0
__mem_end: 0x7b07ffd0
argv[0]: 0x7b19ffc3
Requesting memory map from BIOS:
0x0000000000000000 -- 0x000000000009ec00 : Available
0x000000000009ec00 -- 0x00000000000a0000 : Reserved
0x00000000000e0000 -- 0x0000000000100000 : Reserved
0x0000000000100000 -- 0x000000007b1a1000 : Available
0x000000007b1a1000 -- 0x000000007b1a7000 : Reserved
0x000000007b1a7000 -- 0x000000007b2b7000 : Available
0x000000007b2b7000 -- 0x000000007b30f000 : Reserved
0x000000007b30f000 -- 0x000000007b3c6000 : Available
0x000000007b3c6000 -- 0x000000007b3d1000 : ACPI NVS
0x000000007b3d1000 -- 0x000000007b3d4000 : ACPI Reclaim
0x000000007b3d4000 -- 0x000000007b3d8000 : Reserved
0x000000007b3d8000 -- 0x000000007b3dc000 : ACPI NVS
0x000000007b3dc000 -- 0x000000007b3df000 : Reserved
0x000000007b3df000 -- 0x000000007b406000 : ACPI NVS
0x000000007b406000 -- 0x000000007b408000 : ACPI Reclaim
0x000000007b408000 -- 0x000000007b60f000 : Reserved
0x000000007b60f000 -- 0x000000007b69f000 : ACPI NVS
0x000000007b69f000 -- 0x000000007b6ff000 : ACPI Reclaim
0x000000007b6ff000 -- 0x000000007b700000 : Available
0x000000007bc00000 -- 0x000000007e000000 : Reserved
0x00000000e0000000 -- 0x00000000f0000000 : Reserved
0x00000000fec00000 -- 0x00000000fec10000 : Reserved
0x00000000fed00000 -- 0x00000000fed00400 : Reserved
0x00000000fed10000 -- 0x00000000fed14000 : Reserved
0x00000000fed18000 -- 0x00000000fed19000 : Reserved
0x00000000fed19000 -- 0x00000000fed1a000 : Reserved
0x00000000fed1c000 -- 0x00000000fed20000 : Reserved
0x00000000fed20000 -- 0x00000000fed90000 : Reserved
0x00000000fee00000 -- 0x00000000fee01000 : Reserved
0x00000000ff800000 -- 0x0000000100000000 : Reserved
SECTION: 0x0018ef83 --> 0x00010000 (0x2d0)
SECTION: 0x0018ee0c --> 0x000102d0 (0x177)
Kernel: /boot/tboot.gz logging=vga,serial
Loading /boot/tboot.gz...
Using ELF header.
Placed kernel section (0x00803000+0x4cc4c)
SECTION: 0x00190253 --> 0x00803000 (0x22000)
SECTION: 0x00000000 --> 0x00825000 (0x2ac4c)
Loading ELF section table.
SECTION: 0x001b2633 --> 0x00850000 (0x140)
SECTION: 0x001b2253 --> 0x00850140 (0x3a8)
SECTION: 0x001b25fb --> 0x008504e8 (0x38)
Section information: shnum: 8, entSize: 40, shstrndx: 7, addr: 0x850000
Module: /boot/vmlinuz-2.6.28.9-itpm-dirty root=/dev/sda4 ro intel_iommu=on
earlyprintk=vga console=ttyS0,115200
Loading /boot/vmlinuz-2.6.28.9-itpm-dirty.....................
SECTION: 0x001b2773 --> 0x00851000 (0x27faa0)
Placed module (0x00851000+0x27faa0)
Module: /boot/initrd.img-2.6.28.9-itpm-dirty
Loading
/boot/initrd.img-2.6.28.9-itpm-dirty.................................................................................................................................
SECTION: 0x00432213 --> 0x00ad1000 (0xfff400)
Placed module (0x00ad1000+0xfff400)
Module: /boot/GM45_PM45_SINIT_19.BIN
Loading /boot/GM45_PM45_SINIT_19.BIN..
SECTION: 0x01431613 --> 0x01ad1000 (0x67c0)
Placed module (0x01ad1000+0x67c0)
Relocations:
0x0018ef83 --> 0x00010000 (0x2d0)
0x0018ee0c --> 0x000102d0 (0x177)
0x00190253 --> 0x00803000 (0x22000)
0x00000000 --> 0x00825000 (0x2ac4c)
0x001b2633 --> 0x00850000 (0x140)
0x001b2253 --> 0x00850140 (0x3a8)
0x001b25fb --> 0x008504e8 (0x38)
0x001b2773 --> 0x00851000 (0x27faa0)
0x00432213 --> 0x00ad1000 (0xfff400)
0x01431613 --> 0x01ad1000 (0x67c0)
Relocations:
0x0018ef83 --> 0x00010000 (0x2d0)
0x0018ee0c --> 0x000102d0 (0x177)
0x01431613 --> 0x01ad1000 (0x67c0)
0x00432213 --> 0x00ad1000 (0xfff400)
0x001b2633 --> 0x00850000 (0x140)
0x001b2253 --> 0x00850140 (0x3a8)
0x001b25fb --> 0x008504e8 (0x38)
0x001b2773 --> 0x00851000 (0x27faa0)
0x00190253 --> 0x00803000 (0x22000)
0x00000000 --> 0x00825000 (0x2ac4c)
tr_sections: 0x7b07ffd0
trampoline: 0x7b080048
trampoline_size: 0x000000a0
max_run_addr: 0x7b07ffd0
Booting: MBI=0x000102d0, entry=0x00803000
TBOOT: ******************* TBOOT *******************
TBOOT: 2009-03-30 11:52 -0700 141:3bb0b8cbb29c
TBOOT: *********************************************
TBOOT: command line: logging=vga,serial
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: read verified launch policy (256 bytes) from TPM NV
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 00000001 (EXTEND_PCR17)
TBOOT: num_entries: 2
TBOOT: policy entry[0]:
TBOOT: mod_num: 0
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 4a 25 fb d9 14 d0 29 2f f7 3c bd 6d 65 69 5e 36 e8
41 97 4c
TBOOT: policy entry[1]:
TBOOT: mod_num: 1
TBOOT: pcr: 19
TBOOT: hash_type: TB_HTYPE_IMAGE
TBOOT: num_hashes: 1
TBOOT: hashes[0]: 27 9a 15 e1 7a 1e 8d 34 10 03 c8 7a aa 1f 4d 11 70
a3 6f 73
TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff0f
TBOOT: CPU is SMX-capable
TBOOT: CPU is VMX-capable
TBOOT: SMX is enabled
TBOOT: TXT chipset and all needed capabilities present
TBOOT: LT.ERRORCODE=0
TBOOT: LT.ESTS=0
TBOOT: bios_data (@7b920008, 2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 2
TBOOT: flags: 0x00000001
TBOOT: CR0 and EFLAGS OK
TBOOT: no machine check errors
TBOOT: CPU is ready for SENTER
TBOOT: checking previous errors on the last boot.
last boot has error.
TBOOT: user-provided SINIT found: /boot/GM45_PM45_SINIT_19.BIN
TBOOT: chipset ids: vendor=8086, device=9000, revision=7f
TBOOT: 1 ACM chipset id entries:
TBOOT: vendor=8086, device=9000, flags=1, revision=3f, extended=0
TBOOT: copied SINIT (size=67c0) to 7b900000
TBOOT: AC mod base alignment OK
TBOOT: AC mod size OK
TBOOT: AC module header dump for SINIT:
TBOOT: type: 0x2 (ACM_TYPE_CHIPSET)
TBOOT: length: 0xa1 (161)
TBOOT: version: 0
TBOOT: chipset_id: 0x2a40
TBOOT: flags: 0x0
TBOOT: pre_production: 0
TBOOT: debug_signed: 0
TBOOT: vendor: 0x8086
TBOOT: date: 0x20081017
TBOOT: size*4: 0x67c0 (26560)
TBOOT: code_control: 0x0
TBOOT: entry point: 0x00000008:00004120
TBOOT: scratch_size: 0x8f (143)
TBOOT: info_table:
TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
TBOOT: ACM_UUID_V3
TBOOT: chipset_acm_type: 0x1 (SINIT)
TBOOT: version: 3
TBOOT: length: 0x28 (40)
TBOOT: chipset_id_list: 0x4e8
TBOOT: os_sinit_data_ver: 0x4
TBOOT: min_mle_hdr_ver: 0x00020000
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: acm_ver: 19
TBOOT: chipset list:
TBOOT: count: 1
TBOOT: entry 0:
TBOOT: flags: 0x1
TBOOT: vendor_id: 0x8086
TBOOT: device_id: 0x9000
TBOOT: revision_id: 0x3f
TBOOT: extended_id: 0x0
TBOOT: file addresses:
TBOOT: &_start=00803000
TBOOT: &_end=0084fc4c
TBOOT: &_mle_start=00803000
TBOOT: &_mle_end=00822000
TBOOT: &_post_launch_entry=00803020
TBOOT: &_txt_wakeup=008031f0
TBOOT: &g_mle_hdr=00819160
TBOOT: MLE header:
TBOOT: uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
{0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
TBOOT: length=34
TBOOT: version=00020001
TBOOT: entry_point=00000020
TBOOT: first_valid_page=00000000
TBOOT: mle_start_off=0
TBOOT: mle_end_off=1f000
TBOOT: capabilities: 0x00000003
TBOOT: rlp_wake_getsec: 1
TBOOT: rlp_wake_monitor: 1
TBOOT: MLE start=803000, end=822000, size=1f000
TBOOT: ptab_size=3000, ptab_base=00800000
TBOOT: bios_data (@7b920008, 2c):
TBOOT: version: 3
TBOOT: bios_sinit_size: 0x0 (0)
TBOOT: lcp_pd_base: 0x0
TBOOT: lcp_pd_size: 0x0 (0)
TBOOT: num_logical_procs: 2
TBOOT: flags: 0x00000001
TBOOT: min_lo_ram: 0x0, max_lo_ram: 0x7b700000
TBOOT: min_hi_ram: 0x0, max_hi_ram: 0x0
TBOOT: no LCP manifest found
TBOOT: os_sinit_data (@7b920154, 5c):
TBOOT: version: 4
TBOOT: mle_ptab: 0x800000
TBOOT: mle_size: 0x1f000 (126976)
TBOOT: mle_hdr_base: 0x16160
TBOOT: vtd_pmr_lo_base: 0x0
TBOOT: vtd_pmr_lo_size: 0x7b600000
TBOOT: vtd_pmr_hi_base: 0x0
TBOOT: vtd_pmr_hi_size: 0x0
TBOOT: lcp_po_base: 0x0
TBOOT: lcp_po_size: 0x0 (0)
TBOOT: capabilities: 0x00000002
TBOOT: rlp_wake_getsec: 0
TBOOT: rlp_wake_monitor: 1
TBOOT: setting MTRRs for acmod: base=7b900000, size=67c0, num_pages=7
TBOOT: executing GETSEC[SENTER]...
=================================================
At this point, the machine resets, which is the standard tboot failure mode. On
the next boot, certain registers contain error information, and the particular
error code in this case indicates that the hash of the tboot kernel does not
match the one that was pre-programmed into the boot policy. This probably means
that extlinux is loading tboot in a way that is different from grub, but
that's just a theory. I would like to ask the list whether there could be
such a difference, and does the log indicate that any kind significant image
reorganization could be happening in memory, that would cause a na?ve hash to
fail.
Thanks,
Ken