On Fri, Mar 20, 2015 at 02:00:35PM -0400, Stefan Berger wrote:
This is a repost of a series of patches providing TPM support to SeaBIOS.
As an addition, this patch series now works on the Acer C720 Chromebook with limitations (S3 not getting invoked; no logging into TCPA table).
The patch series cleanly applies to a checkout of a1ac8861.
The following set of patches add TPM and Trusted Computing support to SeaBIOS. In particular the patches add:
- a TPM driver for the Qemu's TPM TIS emulation
- Support for initialzation of the TPM
- init of TCPA logging table
- Support for the TCG BIOS extensions (1ah handler [ah = 0xbb]) (used by trusted grub; http://trousers.sourceforge.net/grub.html)
- Static Root of Trusted for Measurement (SRTM) support
- Support for S3 resume (sends command to TPM upon resume)
- Support for sending control messages from the OS to the BIOS and have the BIOS control certain life-cycle aspects of the TPM following those messages
- TPM-specific menu for controlling aspects of the TPM
Thanks for working on this Stefan. How does this series compare with the xen patch that was recently sent (is it a prerequisite, unrelated, or a conflict)? What is the state of QEMU TPM TIS emulation?
I have some minor comments on the first five patches, but nothing major - they could probably all be addressed after inclusion.
I don't agree with adding a new top level menu option to SeaBIOS. Is patch six needed for the other patches to make sense? (FYI, Paolo was proposing enhancing the boot menu, and depending on the outcome of that proposal there might be a way forward for TPM control as a sub-menu to the boot menu. But I don't think the further waiting and further unknowns are a good idea unless necessary.)
-Kevin