Trusted Execution Technology and TBoot Implementation - White Paper
5
kernel /tboot.gz logging=serial,vga,memory
module /xen-3.4.3.gz iommu=required
module /vmlinuz-2.6.18.8-xen ro root=LABEL=/ rhgb
module /initrd-2.6.18.8-xen.img
module /sinit.bin
19. Make sure to check the root location and „root=LABEL=/‟ match with the first grub entry and points
to the root partition.
20. Reboot the system. Enable TPM, VTD and TXT in the BIOS if not already done.
21. The next time you boot into the system, you can select the option at the boot menu to boot into
„Fedora Tboot (2.6.18.8-xen)‟.
Note: If the unit hangs after you boot into Tboot at the boot menu, check if you have any USB devices
plugged in to your unit. Also disable USB Legacy Support in your BIOS settings (under F10: System
Configuration Device Configurations USB legacy Support) and try to boot into Tboot again.
TPM TOOLS 1.3.5 Installation
1. Open the terminal
2. cd ~/
3. If required set the proxy options as, export http_proxy=<proxy address>:<port number>
4. Install wget if not already installed (yum install wget)
5. wget http://internap.dl.sourceforge.net/sourceforge/trousers/tpm-tools-1.3.5.tar.gz
6. Make sure you have „automake‟, „autoconf‟, „libtool‟, „gettext‟, „gettext-devel‟ and „trousers‟
installed.
7. tar –xzvf tpm-tools-1.3.5.tar.gz
8. cd tpm-tools-1.3.5
9. sh bootstrap.sh
10. ./configure
11. make
12. make install
LCP: Define Platform Owner Policy
Take TPM Ownership:
1. Open the terminal
2. sudo –s
3. ldconfig /usr/local/lib (in case of FC8 you may have to try „/sbin/ldconfig /usr/local/lib‟)
4. modprobe tpm_tis (in case of FC8 you may have to try „/sbin/modprobe tpm_tis‟)
5. tcsd (in case of FC8 you may have to try „/usr/sbin/tcsd‟)
6. tpm_takeownerhip –z (create owner password. In case of FC8 you may have to try
„/usr/local/sbin/tpm_takeownerhip –z‟)
Define TPM NV indices for polices:
7. For 2009 Montevina Platforms only:
tpmnv_defindex -i owner -p <ownerauth password> (creates owner index)