TPM software stack unification for coreboot #113
Comments
|
Is there a coreboot ticket for this feature? If not, please create one. |
|
@miczyg1 last comment in this issue is from a month ago. What are the next steps you plan to take in this task? |
|
@rafkoch the work is being done by @SergiiDmytruk on upstream coreboot gerrit. I think we may consider it done as the development is complete, but not yet merged. However we did not test the code developed in this requirement on any hardware with various TPMs connected? So before we consider it done, let's verify the code at least on few devices in 3mdeb lab with dTPM 1.2, dTPM 2.0 and fTPM 2.0 |
|
Yes, more testing is necessary. Submitted reverts for 2 out of 4 commits merged yesterday as people report The other 2 commits seem like they shouldn't cause trouble. |
|
Is it possible to disable fTPM with some config Kconfig (with the hope that this will enable use of dTPM)? I didn't find anything related when I was looking for it in |
I don't think so, at least https://review.coreboot.org/c/coreboot/+/80456 is needed and probably some more to disable |
BeataZdunczyk
added this to the MSI Z690-A and Z790-P Dasharo (coreboot+Heads) v0.9.0 milestone
The problem you're addressing (if any)
coreboot has a compile time option not choose one of the TPMs: TPM1.2, TPM 2.0 SPI/LPC memory mapped, TPM 2.0 CRB memory mapped. Using fTPM or dTPM dynamically is not possible.
Describe the solution you'd like
Unify TPM drivers in coreboot. TPM 2.0 is first priority then TPM 1.2 eventually. TPM 1.2 support is being neglected by modern platforms.
Where is the value to a user, and who might that user be?
User will be able to dynamically switch between dTPM/fTPM with #112
Also, this will prevent bricks when vboot is enabled and secdata is not mocked for fTPM.
Describe alternatives you've considered
None
Additional context
None
The text was updated successfully, but these errors were encountered: