(This thread was continued in

John_M_2 · ‎07-08-2014

Intel folks - the tboot mailing list shows

 3 indices have been defined
>     list of indices for defined NV storage areas:
>     0x10000001 0x50000001 0x50000003
>
>     The second two need to be there - the are LCP related indexes

Then of course Intel says we need 0x20000001 0x40000001 etc. for owner etc.

I actually have an ST Micro TPM and it came from Dell with

0x100f0000 - 0x50010000 and a couple others not mentioned anywhere - any light you can shed on required
indexes ?

....JW

Colleen_C_Intel · ‎07-15-2014

(This thread was continued in email but for troubleshooting/archive purposes - the main information is included here. )

The error 0xC03d0441, (3D = 61 = TPM_BAD_LOCALITY TPM_BASE) is indicating that the PM_PCR_Extend, and TPM_NV_ReadValue/WriteValue commands returned "The locality is incorrect for the attempted operation."

Also the index values listed are wrong. TPM 1.2 uses: 5000_0001, 5000_0003, 4000_0001

Since with correct TPM provisioning, the read would not be restricted by locality, we believe the issue is incorrect TPM provisioning

It is suggested you perform TPM 1.2 provisioning by using the following from the ACM package (only available by NDA from your Intel field rep)::

PS_READ.BAT to read PS
AUX2_RD.BAT to read AUX
PS_CAP.BAT to read PS capabilities
AUX2_CAP.BAT to read AUX capabilities

John_M_2 · ‎07-15-2014

Thanks - as you know I'm running Linux - those utilities seem to be bat files - as in DOS or Windows . None the less I can port them, but they are not included in the ACM package I got . Where would I download those?

....JW

Safayet_A_1 · ‎07-16-2014

Is there any documentation on what needs to go inside 0x20000001? I understand that it is the "Verified Launch Policy". Based on the little documentation provided in the tboot source, I gathered that it is generated by the tool, "tb_polgen".

I was wondering if there was more detailed documentation on the "Verified Launch Policy" in the way that there is for the PS policy and PO policy in the Software Development Guide for Intel Trusted Execution Technology.

Colleen_C_Intel · ‎07-16-2014

Assuming client TXT (core i5, Xecon e3), there's some coverage of tb_polgen at https://fedoraproject.org/wiki/Tboot. It shows creating and then loading the policy into the TPM (which is where 0x20000001 comes in. (near bottom of page). There's also a little coverage of writing to it in another post here in IDZ.

correct indexes