Manualshelf

Trusted Execution Technology and TBoot Implementation - White Paper

ManualsBrandsHP ManualsTabletHP EliteBook 2740p Tablet PC (ENERGY STAR)
12345678910
6
For 2010 Calpella Platforms only:
tpmnv_defindex -i owner -s 0x36 -p <ownerauth password> (creates owner index)
8. tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p <ownerauth password> (creates index
0x20000001 for verified launch policies. This index is hardcoded in tboot source code, so you
can‟t use any other index to write the verified launch policies. If this command gives errors related
to available space in TPM NV, try 256 instead of 512)
Create and Write LCP policies to TPM NV (implemented by SINIT):
9. mkdir p /tmp/temp
10. cd /tmp/temp
11. lcp_mlehash –c “logging=serial,vga,memory” /boot/tboot.gz > tboot_hash
12. For 2009 Montevina Platforms only:
lcp_crtpol -t hashonly -m tboot_hash o lcp.pol
lcp_writepol -i owner -f lcp.pol -p <ownerauth password>
For 2010 Calpella Platforms only:
lcp_crtpolelt --create --type mle --ctrl 0x00 --out mle.elt tboot_hash
lcp_crtpollist --create --out list_unsig.lst mle.elt
lcp_crtpol2 --create --type list --pol owner_list.pol --data owner_list.data list_unsig.lst
cp owner_list.data /boot
lcp_writepol -i owner -f owner_list.pol -p <ownerauth password>
Create and Write Verified Launch policies to TPM NV (implemented by Tboot):
13. tb_polgen --create --type nonfatal tcb.pol
14. tb_polgen --add --num 0 --pcr 18 --hash image --cmdline “iommu=required--image /boot/xen.gz
tcb.pol (all in a single line. Make sure that the command line parameters via cmdline, MUST
match the parameters as specified in /boot/grub/menu.lst EXCLUDING the name of the file)
15. tb_polgen --add --num 1 --pcr 19 --hash image --cmdline “ro root=LABEL=/ rhgb--image
/boot/vmlinuz-2.6.18.8-xen tcb.pol (all in a single line)
16. tb_polgen --add --num 2 --pcr 19 --hash image --cmdline “” --image /boot/initrd-2.6.18.8-xen.img
tcb.pol(all in a single line)
17. lcp_writepol -i 0x20000001 -f tcb.pol -p <ownerauth password>
Note: Please refer to the “Intel Trusted Execution Technology- Launch Control Policy: Linux Tools User
Manual” for the proper usage of other related commands