On 06/10/2015 10:38 AM, Kevin O'Connor wrote:
On Wed, Jun 10, 2015 at 07:12:29AM -0400, Stefan Berger wrote:
On 06/01/2015 12:54 PM, Kevin O'Connor wrote:
On Tue, May 26, 2015 at 03:48:35PM -0400, Stefan Berger wrote:
This patch provides an addtional menu entry that enables the user to control certain aspects of the TPM's state.
If a working TPM has been detected, the boot menu will look like this:
Select boot device:
- ata0-1: QEMU HARDDISK ATA-7 Hard-Disk (6144 MiBytes)
- Legacy option rom
- iPXE (PCI 00:03.0)
t. TPM Menu
Upon pressing t the TPM menu will be shown:
- Enable TPM
- Disable TPM
- Activate TPM
- Deactivate TPM
- Clear ownership
- Allow installation of owner
- Prevent installation of owner
Escape for previous menu. TPM is enabled, active, does not have an owner but one can be installed.
I'm okay with adding a "t" to the boot menu. However, I think this sub-menu is too complex and cryptic. (For example, I suspect most users wont even know what "TPM" means.)
I think I'd prefer something like:
t. TPM Configuration
Upon pressing t the TPM menu will be shown:
The Trusted Platform Module (TPM) is a hardware device in this machine. It can help verify the integrity of system software.
The current state of the TPM is: Enabled No ownership key has been installed System software can install an ownership key
Available options are: d) Disable TPM and clear any ownership key settings
If no change is desired or if this menu was reached by mistake, press ESC and this machine will be rebooted without change.
Specifically, I think the menu should be a little more verbose (for users that just explore the menu), it should only be reached if the given hardware is present, and menu options should only be shown if they are actually available and make sense to invoke.
-Kevin
Here's now the (code for the) menu I created. I hope it's an acceptable middle-ground. This sub-menu will only be available if a TPM has been detected on the machine. Also, only those menu items that can be selected at the moment, considering the state of the TPM, are shown. The allowed scancodes are collected in an array.
Thanks. It does look much better to me. What's the difference between enabled and activated? Can you describe it or point me to a link?
So I'll ditch the physical presence part for now , ditch that bool patch and post the menu patch on top of the cleanups.
Here the link to the documentation about the TPM 1.2 states:
http://www.trustedcomputinggroup.org/resources/tpm_main_specification
Access document Part 1 - Design Principles. Section 9.4 and subsections explain the different states of the TPM 1.2.
From the spec 9.4.1:
"A disabled TPM is not able to execute commands that use the resources of a TPM. While some commands are available (SHA-1 for example) the TPM is not able to load keys and perform TPM_Seal and other such operations. These restrictions are the same as for an inactive TPM. The difference between inactive and disabled is that a disabled TPM is unable to execute the TPM_TakeOwnership command. A disabled TPM that has a TPM Owner is not able to execute normal TPM commands."
From the spec 9.4.2:
"A deactivated TPM is not able to execute commands that use TPM resources. A major difference between deactivated and disabled is that a deactivated TPM CAN execute the TPM_TakeOwnership command. [...]"
Regards, Stefan
-Kevin