correct indexes

correct indexes

Intel folks - the tboot mailing list shows

 3 indices have been defined
>     list of indices for defined NV storage areas:
>     0x10000001 0x50000001 0x50000003
>
>     The second two need to be there - the are LCP related indexes

Then of course Intel says we need 0x20000001 0x40000001 etc. for owner etc.

I actually have an ST Micro TPM and it came from Dell with

0x100f0000 - 0x50010000 and a couple others not mentioned anywhere - any light you can shed on required
indexes ?

....JW

5 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

(This thread was continued in email but for troubleshooting/archive purposes - the main information is included here. )

The error 0xC03d0441, (3D = 61 = TPM_BAD_LOCALITY  TPM_BASE) is indicating that  the PM_PCR_Extend, and TPM_NV_ReadValue/WriteValue commands returned "The locality is incorrect for the attempted operation."

Also the index values listed are wrong. TPM 1.2 uses: 5000_0001, 5000_0003, 4000_0001

Since with correct TPM provisioning, the read would not be restricted by locality, we believe the issue is incorrect TPM provisioning 

It is suggested you perform TPM 1.2 provisioning by using the following from the ACM package (only available by NDA from your Intel field rep)::

  • PS_READ.BAT to read PS
  • AUX2_RD.BAT to read AUX
  • PS_CAP.BAT to read PS capabilities
  • AUX2_CAP.BAT to read  AUX capabilities

 Thanks - as you know I'm running Linux - those utilities seem to be bat files - as in DOS or Windows . None the less I can port them, but they are not included in the ACM package I got . Where would I download those?

....JW

Is there any documentation on what needs to go inside 0x20000001? I understand that it is the "Verified Launch Policy". Based on the little documentation provided in the tboot source, I gathered that it is generated by the tool, "tb_polgen".

I was wondering if there was more detailed documentation on the "Verified Launch Policy" in the way that there is for the PS policy and PO policy in the Software Development Guide for Intel Trusted Execution Technology.

Assuming client TXT (core i5, Xecon e3), there's some coverage of tb_polgen at https://fedoraproject.org/wiki/Tboot. It shows creating and then loading the policy into the TPM (which is where 0x20000001 comes in. (near bottom of page).  There's also a little coverage of writing to it in another post here in IDZ. 

 

Leave a Comment

Please sign in to add a comment. Not a member? Join today