linuxboottpmtrusted-computing

TBOOT: DMAR not found

I have also posted this on the tboot-devel@lists.sourceforge.net mailing list, but I descided to post here as well to get more exposure to this issue.

I'm trying to get tboot to work, but I'm getting nowhere fast.

I've installed tboot (1.7.4-0ubuntu1 via apt-get) on xubuntu 32-bit (kernel 3.11.0-18-generic) on my machine (Lenovo Thinkpad Helix 3701).

Then I put the 3rd_gen_i5_i7_SINIT_67.BIN file in /boot/ directory (got it form intel web page).

I edited relevant lines in /boot/grub/grub.cfg to look like this:

submenu "tboot 1.7.4" {
menuentry 'Ubuntu GNU/Linux, with tboot 1.7.4 and Linux 3.11.0-18-generic' --class ubuntu --class gnu-linux --class gnu --class os --class tboot {
        insmod part_msdos
        insmod ext2
        set root='hd1,msdos1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos1 --hint-efi=hd1,msdos1 --hint-baremetal=ahci1,msdos1  1ffcf898-aa43-4729-873a-f17bd4342ca0
        else
          search --no-floppy --fs-uuid --set=root 1ffcf898-aa43-4729-873a-f17bd4342ca0
        fi
        echo    'Loading tboot 1.7.4 ...'
        multiboot       /tboot.gz /tboot.gz logging=serial,vga,memory vga_delay=5
        echo    'Loading Linux 3.11.0-18-generic ...'
        module  /vmlinuz-3.11.0-18-generic /vmlinuz-3.11.0-18-generic root=UUID=abda87ef-d7e7-4411-a3cc-49817ad7b692 ro  quiet splash intel_iommu=on
        echo    'Loading initial ramdisk ...'
        module  /initrd.img-3.11.0-18-generic /initrd.img-3.11.0-18-generic
        echo    'Loading ACM module ...'
        module  /3rd_gen_i5_i7_SINIT_67.BIN
}

After this i reboot and select "tboot ..." in grub menu.

After displaying "Executing GETSEC[SENTER]..." the machine reboots and on the next attempt I get the following error:

TXT.ERRORCODE: 0xC00010c1
AC module error: acm_type=0x1, progress=0x0c, error=0x4

I've decoded the error code as per SINIT_Errors.pdf from the intel web page:

1 - Valid
1 - External software
000000 - Reserved
00000000 - Minor Error code
0 - Sotware source
00100 - Major error code
001100 - Class code
0001 - Module type

Acording to the pdf this indcates: Class ACPI Check, DMAR not found.

I have really no idea where to go from here, what do you guys suggest?

I would have included more logs in this post, but I only have them in JPEGs since I had to take pictures of the screen to save the output. If you think it will help I will attempt to transcribe them to text and post a link to pastebin ?

Thank you in advance!

Solution

  • The DMAR tables are initialized by the firmware.

    1. Check that VT-d is enabled in your firmware

    2. Check whether DMAR is present in your ACPI tables

      sudo ls -al /sys/firmware/acpi/tables

      • If the DMAR table is missing this indicates an issue with your firmware