On Tue, Dec 22, 2015 at 11:03:09AM -0500, Stefan Berger wrote:
"Kevin O'Connor" kevin@koconnor.net wrote on 12/22/2015 10:40:03 AM:
On Mon, Dec 21, 2015 at 11:50:07AM -0500, Stefan Berger wrote:
tpm_foo() { [...]
switch (tpmversion) { case TPM_VERSION_1_2: tpm12_foo() break; case TPM_VERSION_2: tpm2_foo(); break; } [...]
}
Is the difference between 1.2 and 2.0 so large that the above is needed?
TPM 2 and TPM 1.2 have completely different commands, so yes, unfortunately it's needed.
Okay. Just so I understand, is TPM 2.0 a new interface to the hardware, new BIOS API, or both?
-Kevin
"Kevin O'Connor" kevin@koconnor.net wrote on 12/22/2015 11:06:17 AM:
On Tue, Dec 22, 2015 at 11:03:09AM -0500, Stefan Berger wrote:
"Kevin O'Connor" kevin@koconnor.net wrote on 12/22/2015 10:40:03 AM:
On Mon, Dec 21, 2015 at 11:50:07AM -0500, Stefan Berger wrote:
tpm_foo() { [...]
switch (tpmversion) { case TPM_VERSION_1_2: tpm12_foo() break; case TPM_VERSION_2: tpm2_foo(); break; } [...]
}
Is the difference between 1.2 and 2.0 so large that the above is needed?
TPM 2 and TPM 1.2 have completely different commands, so yes, unfortunately it's needed.
Okay. Just so I understand, is TPM 2.0 a new interface to the hardware, new BIOS API, or both?
TPM 2.0 is a new device with incompatible commands compared to TPM 1.2. The TPM TIS interface has been extended with a few registers for TPM 2 and TPM 2 can be recognized by a flag in one of those registers. In terms of API I am not sure whether TCG has defined a BIOS API for TPM 2 (UEFI for sure). However, I have been trying with an implementation of trusted Grub and the current BIOS API is abstract enough so that it works with both TPM 1.2 and TPM 2. So from that perspective there is at least not necessarily a need to disable the API for the TPM 2 case.
Stefan
-Kevin