9 Sep
2019
9 Sep
'19
10:17 a.m.
Hello,
Is anybody aware what would be the effort to include TPM measurements in UefiPayloadPkg?
The drivers for TPM seem to be already present for DXE in SecurityPkg and a function to measure the data with TPM and logging. However it does not seem the payload package uses them.
Also I assume that PEI and DXE cannot be measured before execution with current implementation, because drivers are available late in DXE. If my understanding is correct, if I would use vboot+measured boot in coreboot the whole payload is measured still, but the trust chain would be broken after SEC. Can anybody tell if I am wrong?
Best regards,
--
Michał Żygowski
Firmware Engineer
http://3mdeb.com | @3mdeb_com