Software Archive
Read-only legacy content
17061 Discussions

correct indexes

John_M_2
Beginner
‎07-08-2014 06:17 AM
1,075 Views

Intel folks - the tboot mailing list shows

 3 indices have been defined
>     list of indices for defined NV storage areas:
>     0x10000001 0x50000001 0x50000003
>
>     The second two need to be there - the are LCP related indexes

Then of course Intel says we need 0x20000001 0x40000001 etc. for owner etc.

I actually have an ST Micro TPM and it came from Dell with

0x100f0000 - 0x50010000 and a couple others not mentioned anywhere - any light you can shed on required
indexes ?

....JW

0 Kudos

Link Copied

4 Replies
Colleen_C_Intel
Employee
‎07-15-2014 08:26 AM
1,075 Views

(This thread was continued in email but for troubleshooting/archive purposes - the main information is included here. )

The error 0xC03d0441, (3D = 61 = TPM_BAD_LOCALITY  TPM_BASE) is indicating that  the PM_PCR_Extend, and TPM_NV_ReadValue/WriteValue commands returned "The locality is incorrect for the attempted operation."

Also the index values listed are wrong. TPM 1.2 uses: 5000_0001, 5000_0003, 4000_0001

Since with correct TPM provisioning, the read would not be restricted by locality, we believe the issue is incorrect TPM provisioning 

It is suggested you perform TPM 1.2 provisioning by using the following from the ACM package (only available by NDA from your Intel field rep)::

  • PS_READ.BAT to read PS
  • AUX2_RD.BAT to read AUX
  • PS_CAP.BAT to read PS capabilities
  • AUX2_CAP.BAT to read  AUX capabilities
0 Kudos
Copy link
John_M_2
Beginner
‎07-15-2014 09:13 AM
1,075 Views

 Thanks - as you know I'm running Linux - those utilities seem to be bat files - as in DOS or Windows . None the less I can port them, but they are not included in the ACM package I got . Where would I download those?

....JW

0 Kudos
Copy link
Safayet_A_1
Beginner
‎07-16-2014 06:48 AM
1,075 Views

Is there any documentation on what needs to go inside 0x20000001? I understand that it is the "Verified Launch Policy". Based on the little documentation provided in the tboot source, I gathered that it is generated by the tool, "tb_polgen".

I was wondering if there was more detailed documentation on the "Verified Launch Policy" in the way that there is for the PS policy and PO policy in the Software Development Guide for Intel Trusted Execution Technology.

0 Kudos
Copy link
Colleen_C_Intel
Employee
‎07-16-2014 09:55 AM
1,075 Views

Assuming client TXT (core i5, Xecon e3), there's some coverage of tb_polgen at https://fedoraproject.org/wiki/Tboot. It shows creating and then loading the policy into the TPM (which is where 0x20000001 comes in. (near bottom of page).  There's also a little coverage of writing to it in another post here in IDZ. 

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.