TPM/TXT: tboot log cannot be read

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

TPM/TXT: tboot log cannot be read

Postby lloyd » Fri Jun 17, 2016 12:58 pm

Hello. I'm trying to get tboot to work on my server. The kernel is hardened-sources-4.5.7-r1 (gentoo). I've enabled most of the grsecurity options, and when executing txt-stat (of tboot 1.9.4), I am now getting "ERROR: reading TBOOT log failed by read()". There's also a line in dmesg, "kernel: Program txt-stat tried to access /dev/mem between 60000->68000."

Hoping someone can advice me what to do. If I need to provide more information, please let me know which.

Finally (as this is my first post) as a non-professional Linux user I want to say thanks to the developers.
lloyd
 
Posts: 3
Joined: Fri Jun 17, 2016 8:36 am

Re: TPM/TXT: tboot log cannot be read

Postby spender » Fri Jun 17, 2016 5:15 pm

You must be trying to use txt-stat with a kernel where the log doesn't exist. We only allow access to that range when tboot_enabled() is true.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: TPM/TXT: tboot log cannot be read

Postby lloyd » Fri Jun 17, 2016 7:15 pm

To be sure I installed a vanilla 4.6.2 kernel and have done everything exactly the same way. For the vanilla kernel it seems to work as it should, txt-stat giving lots of output. I don't know if it matters, but this is a TPM2.0 module.

Apologies for being terse, I'm currently using my mobile.

For both kernels, txt-stat outputs that TXT measured launch is true, secrets flag is also true. I've scripted the generation of 'list.data', that file is loaded by grub2's multiboot2. I'm booting in uefi mode.
lloyd
 
Posts: 3
Joined: Fri Jun 17, 2016 8:36 am

Re: TPM/TXT: tboot log cannot be read

Postby spender » Fri Jun 17, 2016 8:20 pm

Can you add an #include <linux/tboot.h> to grsecurity/grsec_init.c and have it printk(KERN_ALERT "tboot_enabled: %d\n", tboot_enabled()); at the beginning of grsecurity_init() ? Then send me the dmesg of that kernel as well as the vanilla 4.6.2.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: TPM/TXT: tboot log cannot be read

Postby lloyd » Mon Jun 20, 2016 4:15 pm

Yes, will do.
lloyd
 
Posts: 3
Joined: Fri Jun 17, 2016 8:36 am


Return to grsecurity support

cron