On 8/7/09 6:53 PM, Ludwig Jaffe wrote:
Hi folks!
Question: Is there a tpm enabled chain of trust to boot trusted grub? Does Coreboot support the infineon tpm which is supported by kernel? I want to have trusted-grub as payload?
We had a signature checking grub2 a year or two ago. Didn't use TPMs though, as they didn't seem to add much to the security though.
It's still available at http://www.coresystems.de/~stepan/grub2-coresystems.diff but we didn't update it to newer svn revisions than r1756 when it became clear that the grub2 development team would not be interested to allow our work go into their upstream repository. So it would be a bit work to get it up to date with a recent grub2 again.
Best regards, Stefan