HP 8530p Trusted Execution Technology and Tboot Implementation - Page 6

4. modprobe tpm_tis (in case of FC8 you may have to try '/sbin/modprobe tpm_tis') 5. tcsd (in case of FC8 you may have to try '/usr/sbin/tcsd') 6. tpm_takeownerhip -z (create owner password. In case of FC8 you may have to try '/usr/local/sbin/tpm_takeownerhip -z') Define TPM NV indices for polices: 7. tpmnv_defindex -i owner -p (creates owner index) 8. tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p (creates index 0x20000001 for verified launch policies. This index is hardcoded in tboot source code, so you can't use any other index to write the verified launch policies. If this command gives errors related to available space in TPM NV, try 256 instead of 512) Create and Write LCP policies to TPM NV (implemented by SINIT): 9. cd tboot.hg/lcptools 10.lcp_mlehash /boot/tboot.gz > mle_hash 11.lcp_crtpol -t hashonly -m mle_hash -o lcp.pol 12.lcp_writepol -i owner -f lcp.pol -p Create and Write Verified Launch policies to TPM NV (implemented by Tboot): 13.cd ../tb_polgen 14.tb_polgen --create --type nonfatal tcb.pol 15.tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "iommu=required com1=115200,8n1 console=com1" --image /boot/xen.gz tcb.pol (all in a single line. Make sure that the command line parameters via -cmdline, MUST match the parameters as specified in /boot/grub/menu.lst EXCLUDING the name of the file) 16.tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "root=LABEL=/ ro console=tty0 console=ttyS0,115200,8n1 pci=nommconf" --image /boot/vmlinuz-2.6.18.8-xen tcb.pol (all in a single line) 17.tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image /boot/initrd-2.6.18.8-xen.img tcb.pol(all in a single line) 18.lcp_writepol -i 0x20000001 -f tcb.pol -p Note: Please refer to the "Intel Trusted Execution Technology- Launch Control Policy: Linux Tools User Manual" for the proper usage of other related commands 6