[syslinux] TBOOT and extlinux

Geert Stappers stappers at stappers.nl
Fri Apr 24 17:09:12 PDT 2009 

Op 20090424 om 12:15 schreef Ken Deeter:
> Hi,
> 
> I'm trying to get to the bottom of a problem using the combination
> of tboot (http://tboot.sf.net, trusted boot kernel for Intel TXT)
> and extlinux.
> 
> TBOOT loads using the multiboot protocol, where the tboot "kernel"
> is loaded as the kernel, and the actual linux kernel and initrd are
> specified as modules. A working grub configuration looks something like:
> 
> ==================================================
> title measured 2.6.28.9-itpm-dirty
> root (hd0,3)
> kernel /boot/tboot.gz logging=vga,serial
                     ^^
> module /boot/vmlinuz-2.6.28.9-itpm-dirty root=/dev/sda4 ro intel_iommu=on earlyprintk=vga console=ttyS0,115200
> module /boot/initrd.img-2.6.28.9-itpm-dirty
> module /boot/GM45_PM45_SINIT_19.BIN
> ==================================================
> 
> I tried replicating this with a extlinux config file. 
> 
> ==================================================
> LABEL measured
>   KERNEL /usr/lib/syslinux/mboot.c32
>   APPEND /boot/tboot.gz logging=vga,serial --- /boot/vmlinuz-2.6.28.9-itpm-dirty root=/dev/sda4 ro intel_iommu=on earlyprintk=vga console=ttyS0,115200 --- /boot/initrd.img-2.6.28.9-itpm-dirty --- /boot/GM45_PM45_SINIT_19.BIN
> ==================================================
> 
> But the tboot process fails when extlinux is used to load it. The boot log from extlinux, as well as tboot is included below:
> 
> ==================================================
> EXTLINUX 3.75 3.75  Copyright (C) 1994-2009 H. Peter Anvin et al
> COM32 Multiboot loader v0.2.  Copyright (C) 2005-2006 Tim Deegan.
> Module: /boot/vmlinuz-2.6.28.9-itpm-dirty root=/dev/sda4 ro intel_iommu=on earlyprintk=vga console=ttyS0,115200
> Loading /boot/vmlinuz-2.6.28.9-itpm-dirty.....................
> SECTION: 0x001b2773 --> 0x00851000 (0x27faa0)
> Placed module (0x00851000+0x27faa0)
> Module: /boot/initrd.img-2.6.28.9-itpm-dirty
> Loading /boot/initrd.img-2.6.28.9-itpm-dirty.................................................................................................................................
> TBOOT: ******************* TBOOT *******************
> TBOOT:    2009-03-30 11:52 -0700 141:3bb0b8cbb29c
> TBOOT: *********************************************
  <snip/>
> TBOOT:   capabilities: 0x00000002
> TBOOT:       rlp_wake_getsec: 0
> TBOOT:       rlp_wake_monitor: 1
> TBOOT: setting MTRRs for acmod: base=7b900000, size=67c0, num_pages=7
> TBOOT: executing GETSEC[SENTER]...
> ==================================================
> 
> At this point, the machine resets, which is the standard tboot failure
> mode. On the next boot, certain registers contain error information,
> and the particular error code in this case indicates that the hash of
> the tboot kernel does not match the one that was pre-programmed into
> the boot policy. This probably means that extlinux is loading tboot in
> a way that is different from grub, but that's just a theory. I would
> like to ask the list whether there could be such a difference, and
> does the log indicate that any kind significant image reorganization
> could be happening in memory, that would cause a naïve hash to fail.

Euh, this might be a shot in the dark,
but because no-one will get hurt, here it comes.


   I imagine that the compressed tboot  (tboot.gz) is the cullprit.

   Loading the modules goes fine, when tboot comes alive,
   it does an uncompressed and destroys some module content.

   Grub uses a different memory layout where the uncompress goes fine.


Once again: I did made it up ( no research, no indepth knowledge )

The whole message of this E-mail is


  Try with a non-compressed tboot


> Thanks,
> Ken


HtH
GSt

More information about the Syslinux mailing list