[coreboot] SeaBIOS TPM support on Chromebook Acer C720

Stefan Berger stefanb at linux.vnet.ibm.com
Wed Jul 16 21:51:14 CEST 2014


On 07/16/2014 02:54 PM, Stefan Berger wrote:
> On 07/15/2014 03:37 PM, Stefan Reinauer wrote:
>> * Stefan Berger <stefanb at linux.vnet.ibm.com> [140714 12:14]:
>>> The TPM is successfully detected but sending TPM_Startup(ST_Clear)
>>> to the TPM fails since either coreboot or some other firmware seems
>>> to already have initialized the TPM, which is fine, and also
>>> extended PCR 0 with at least one hash. Ideally there would be a TCPA
>>> ACPI table containing information about what was logged, since
>>> otherwise the state of the PCR seems not that useful. SeaBIOS's TPM
>>> extensions could then also use this TCPA table and add its own logs
>>> into it along with extending PCRs in the TPM. So, in this case the
>>> TPM SeaBIOS extensions don't log anything and adding additional ACPI
>>> tables to the existing coreboot tables seems 'impractical'. I was
>>> wondering if coreboot could add such a table if a TPM was found to
>>> be present?
>> Sure that would be great. Someone looked into this in 2008 but I don't
>> think progress ever hit our tree..
>>
>> http://www.coreboot.org/pipermail/coreboot/2008-November/042406.html
>>
>> Patches would be very welcome!
>
> Seems like a hint ... Do you have instructions for how to build 
> coreboot for the Acer and write it into the existing coreboot image? I 
> assume a similar process would be needed as for the updating of 
> SeaBIOS -- Kevin posted a script that I think he wrote was based on 
> info you gave him. Is messing up coreboot a way to brick that device?
>

FYI: This here is the spec for the TCAP table:

http://www.trustedcomputinggroup.org/files/temp/6453AF78-1D09-3519-AD74028427486A3B/Server%20TCG_ACPIGeneralSpecification.pdf

    Stefan




More information about the coreboot mailing list