On Wed, Jun 10, 2015 at 10:58:40AM -0400, Stefan Berger wrote:
On 06/10/2015 10:38 AM, Kevin O'Connor wrote:
Thanks. It does look much better to me.
What's the difference
between enabled and activated? Can you describe it or point me to a
So I'll ditch the physical presence part for now , ditch that bool patch and
post the menu patch on top of the cleanups.
Here the link to the documentation about the TPM 1.2 states:
Access document Part 1 - Design Principles. Section 9.4 and subsections
explain the different states of the TPM 1.2.
From the spec 9.4.1:
"A disabled TPM is not able to execute commands that use the
resources of a TPM. While some commands are available (SHA-1 for
example) the TPM is not able to load keys and perform TPM_Seal and
other such operations. These restrictions are the same as for an
inactive TPM. The difference between inactive and disabled is that a
disabled TPM is unable to execute the TPM_TakeOwnership command. A
disabled TPM that has a TPM Owner is not able to execute normal TPM
From the spec 9.4.2:
"A deactivated TPM is not able to execute commands that use TPM
resources. A major difference between deactivated and disabled is
that a deactivated TPM CAN execute the TPM_TakeOwnership
Thanks. Unfortunately I'm still confused.
The above seems to say that the only difference between disabled and
deactivated is that one can't take ownership of a disabled TPM. But,
if that's the case, when a tpm is active, why does the menu provide
for both "Deactivate the TPM" and "Prevent installation of an owner"?
(And, why would anyone want to take "ownership" of a TPM that is