[S] Change in coreboot[master]: security/tpm: Add Kconfig to allow payload control of TPM1 - coreboot-gerrit

29 Apr 2023


      Attention is currently required from: Matt DeVillier, Christian Walter.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74856 )
Change subject: security/tpm: Add Kconfig to allow payload control of TPM1
......................................................................
Patch Set 2:
(1 comment)
Patchset:
PS2: 
How is this practically different from just not enabling CONFIG_TPM1 at all (and letting the payload do everything, from TPM_Startup)? Sending the Startup in coreboot but then keeping the TPM disabled/deactivated, doesn't seem very useful, because then (IIRC?) it doesn't accept any commands (e.g. PCR extensions for measured boot), so you don't really get anything out of having done the Startup so early. I think the only really practically useful configurations are either that you want coreboot to set up and use your TPM (which means it must enable and activate it), or that you want coreboot to not touch your TPM at all and do everything from the payload, and I think both of those should already be possible with the existing options.
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/74856
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ieb7db109cbcc1a0166d95b6130b624b635bb7ac9
Gerrit-Change-Number: 74856
Gerrit-PatchSet: 2
Gerrit-Owner: Matt DeVillier matt.devillier@gmail.com
Gerrit-Reviewer: Christian Walter christian.walter@9elements.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-Attention: Matt DeVillier matt.devillier@gmail.com
Gerrit-Attention: Christian Walter christian.walter@9elements.com
Gerrit-Comment-Date: Sat, 29 Apr 2023 00:52:33 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment