[coreboot] SeaBIOS TPM support on Chromebook Acer C720
stefanb at linux.vnet.ibm.com
Wed Jul 16 21:51:14 CEST 2014
On 07/16/2014 02:54 PM, Stefan Berger wrote:
> On 07/15/2014 03:37 PM, Stefan Reinauer wrote:
>> * Stefan Berger <stefanb at linux.vnet.ibm.com> [140714 12:14]:
>>> The TPM is successfully detected but sending TPM_Startup(ST_Clear)
>>> to the TPM fails since either coreboot or some other firmware seems
>>> to already have initialized the TPM, which is fine, and also
>>> extended PCR 0 with at least one hash. Ideally there would be a TCPA
>>> ACPI table containing information about what was logged, since
>>> otherwise the state of the PCR seems not that useful. SeaBIOS's TPM
>>> extensions could then also use this TCPA table and add its own logs
>>> into it along with extending PCRs in the TPM. So, in this case the
>>> TPM SeaBIOS extensions don't log anything and adding additional ACPI
>>> tables to the existing coreboot tables seems 'impractical'. I was
>>> wondering if coreboot could add such a table if a TPM was found to
>>> be present?
>> Sure that would be great. Someone looked into this in 2008 but I don't
>> think progress ever hit our tree..
>> Patches would be very welcome!
> Seems like a hint ... Do you have instructions for how to build
> coreboot for the Acer and write it into the existing coreboot image? I
> assume a similar process would be needed as for the updating of
> SeaBIOS -- Kevin posted a script that I think he wrote was based on
> info you gave him. Is messing up coreboot a way to brick that device?
FYI: This here is the spec for the TCAP table:
More information about the coreboot