On Mon, Aug 25, 2014 at 05:18:49PM -0400, Stefan Berger wrote:
On 07/02/2014 11:51 AM, Kevin O'Connor wrote:
On Wed, Jul 02, 2014 at 11:38:44AM -0400, Stefan Berger wrote:
This is a repost of a series of patches providing TPM support to SeaBIOS.
As an addition, this patch series now works on the Acer C720 Chromebook with limitations (S3 not getting invoked; no logging into TCPA table).
The patch series cleanly applies to a checkout of tags/rel-1.7.5.
The following set of patches add TPM and Trusted Computing support to SeaBIOS.
Kevin,
do you have comments about the patches? I have to say that in the meantime I did some more minor work on them (fixed a bug or two), but the general structure of the code is still the same.
Hi Stefan,
Sorry for not responding earlier.
As we discussed in the past, the main concern I have is the addition of the TPM boot menu. The problem with the menu, is that I suspect the number of people who will find utility in it is extremely small. (Most people wont even know what a TPM is.) However, many more users are likely to see the prompt, click through it, and then get very confused with the available options and the implications of choosing them. So, I think it is a poor trade off of complexity for gain. Which leads to my second major concern with bios menus - those users that would find gain are also likely to be the users that need to make a change to hundreds of machines. Those users don't want to go around connecting keyboards (or the VM equivalent) to all those machines.
I have a couple of other minor comments on the patch series - I'll send some notes out. However, my other comments are minor and I think finding a solution to the menu is the most important next step.
We now have ACPI support in QEMU as well. In SeaBIOS the TPM patches add the TPM ACPI tables (SSDT, TCPA) if SeaBIOS is building ACPI tables. I suppose this is still the correct thing to do.
I'd prefer to keep the ACPI code unchanged. New users that want TPM functionality on QEMU can use a newer machine type, and users that want to use an older machine type for compatibility reasons should not see changes to the ACPI definitions.
-Kevin