Attention is currently required from: Christian Walter, Felix Held, Fred Reitberger, Jason Glenesk, Julius Werner, Jérémy Compostella, Krystian Hebel, Matt DeVillier, Raul Rangel, Sergii Dmytruk.
1 comment:
File src/security/tpm/Kconfig:
config TPM_LOG_TPM1
bool "TPM 1.2 format"
depends on TPM1
help
Log per TPM 1.2 specification.
See "TCG PC Client Specific Implementation Specification for Conventional BIOS".
config TPM_LOG_TPM2
bool "TPM 2.0 format"
depends on TPM2
help
Log per TPM 2.0 specification.
See "TCG PC Client Platform Firmware Profile Specification".
Now that we can have either a TPM1.2 or TPM2.0 on board, coreboot will need to dynamically choose the log format. Even if it does it right now, we will need to clean up this Kconfig choice option, i.e. if both TPM1 and TPM2 are selected, then it doesn't make sense to use TPM2 log format for TPM1.2 and vice versa.
TPM2 has no spec for conventional BIOS, so the only option is to have TPM_LOG_TPM2 for both TPM1 and TPM2 for dual drivers I think. TPM_LOG_CB can be select regardless of detected TPM of course...
So maybe:
config TPM_LOG_TPM1
bool "TPM 1.2 format"
depends on TPM1 && !TPM2
config TPM_LOG_TPM2
bool "TPM 2.0 format"
depends on TPM1 || TPM2
But for TPM 1.2 we have either this spec:
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementation_1-21_1_00.pdf
or this one:
https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf
We could probably unify TCG EFI for TPM1.2 and for TPM2.0 under TCG EFI log umbrella, and let TPM1.2 log to be either TPM CB format or the conventional BISO format.
Another approach would be separate event logging options for TPM1 and TPM2, but that might be an overkill...
To view, visit change 69162. To unsubscribe, or for help writing mail filters, visit settings.