If this is the intent, can't we just pass a flag
(via fw_cfg) from
QEMU command line to SeaBIOS to force a clear? That is, the guest
software can't manipulate the QEMU command line (or its fw_cfg
entries) and so the ability to set a flag there is proof of physical
I'm not so sure moving this to fw_cfg is the right answer here.
We use fw_cfg for alot of configuration bits, because it is easier that
way. We don't need a setup menu in seabios. We don't need persistent
storage for config options.
There are exceptions though. We have a boot menu, which strictly
speaking would not be needed as you can set the boot order via fw_cfg.
But it is very useful that you can change the boot order interactively
if needed (for a guest reinstall for example), without having to touch
the virtual machine configuration.
Same applies here. IMO it should be possible to manage the TPM without
having to touch the virtual machine configuration. Persistent storage
isn't an issue in that case, the tpm device provides that.
We could add a fw_cfg file to enable/disable the tpm menu, simliar to
the etc/show-boot-menu file for the boot menu. That way the menu would
be off by default, avoiding user confusion.
For the qemu case it would not be needed IMHO as the tpm menu shows only
up in case tpm hardware is present, and why should you add a tpm to your
VM if you don't want to use it?
When running (via coreboot) on physical hardware it is more useful as
you can't simply rip off the tpm chip to disable the menu ;)