[coreboot] SeaBIOS TPM support on Chromebook Acer C720
stefanb at linux.vnet.ibm.com
Wed Jul 16 20:54:13 CEST 2014
On 07/15/2014 03:37 PM, Stefan Reinauer wrote:
> * Stefan Berger <stefanb at linux.vnet.ibm.com> [140714 12:14]:
>> The TPM is successfully detected but sending TPM_Startup(ST_Clear)
>> to the TPM fails since either coreboot or some other firmware seems
>> to already have initialized the TPM, which is fine, and also
>> extended PCR 0 with at least one hash. Ideally there would be a TCPA
>> ACPI table containing information about what was logged, since
>> otherwise the state of the PCR seems not that useful. SeaBIOS's TPM
>> extensions could then also use this TCPA table and add its own logs
>> into it along with extending PCRs in the TPM. So, in this case the
>> TPM SeaBIOS extensions don't log anything and adding additional ACPI
>> tables to the existing coreboot tables seems 'impractical'. I was
>> wondering if coreboot could add such a table if a TPM was found to
>> be present?
> Sure that would be great. Someone looked into this in 2008 but I don't
> think progress ever hit our tree..
> Patches would be very welcome!
Seems like a hint ... Do you have instructions for how to build coreboot
for the Acer and write it into the existing coreboot image? I assume a
similar process would be needed as for the updating of SeaBIOS -- Kevin
posted a script that I think he wrote was based on info you gave him. Is
messing up coreboot a way to brick that device?
More information about the coreboot