On 9/23/19 12:12 PM, Philipp Stanner wrote:
I've recently flashed coreboot with SeaBIOS and
discovered that you
folks have added some support in the boot menu to configure the TPM
since I last used SeaBIOS.
Now, I never had any direct contact to TPM and only know roughly what
it does. As far as I know it's used as a cryptographic coprocessor
among other things.
The menu's options confuse me:
d. Disable the TPM
v. Deactivate the TPM
p. Prevent installation of an owner
Why would I want to activate or deactivate it? What's the difference
between disabling and deactivating?
Its supports different levels of deactivating TPM functionality.
And who's the owner? What's this good for?
The owner would typically be the admin of the machine and once the TPM
1.2 has a owner it enables certain functionality such as have it create
The only thing I'm concerned about is that some troll could do
something fishy with this when having access to the machine.
If you are concerned about this and you don't need the TPM 1.2 it's
probably best to deactivate and disable it or remove the driver from the OS.
Would I suffer negative consequences if I disabled TPM support in
SeaBIOS config before building?
Unless you decided to use the TPM you are probaby fine if you turn it off.
SeaBIOS mailing list -- seabios(a)seabios.org
To unsubscribe send an email to seabios-leave(a)seabios.org