[coreboot] Tianocore and TPM

You, Benjamin benjamin.you at intel.com
Thu Sep 20 10:21:55 CEST 2018

Hi Jorge,

You could use UEFI Payload's .dsc and .fdf files as a reference and modify the TianoCore CorebootPayload's .dsc and .fdf files accordingly for those TPM related modules.

UEFI Payload is under development (in staging area) and hasn't reached the quality standard required by EDKII master. 

On CustomizationSample/Boards, yes it is required. However, a board's content may be trivial (as in the Qemu folder). Per your suggestion, probably we can add a board named "generic" that has all the minimalized settings so user won't have to create a new one if the "generic" one meets the needs.


- ben

From: Jorge Fernandez Monteagudo [mailto:jorgefm at cirsa.com] 
Sent: Thursday, September 20, 2018 3:24 PM
To: You, Benjamin <benjamin.you at intel.com>; coreboot at coreboot.org
Subject: Re: Tianocore and TPM

Hi Ben!

Thanks for the info! I have one question. Have I to implement a CustomizationSample/Boards for my board? With the current
tianocore payload I don't have to implement nothing to have a working UEFI...


De: You, Benjamin <benjamin.you at intel.com>
Enviado: jueves, 20 de septiembre de 2018 3:42:33
Para: Jorge Fernandez Monteagudo; coreboot at coreboot.org
Asunto: RE: Tianocore and TPM 

Another note is on the use of NULL|UefiPayloadPkg/Library/Tpm2InstanceLib/Tpm2InstanceLib.inf. This lib is not fully populated right now.

Please consider using  NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf depending on your needs.


- ben

From: coreboot [mailto:coreboot-bounces at coreboot.org] On Behalf Of You, Benjamin
Sent: Thursday, September 20, 2018 8:44 AM
To: Jorge Fernandez Monteagudo <jorgefm at cirsa.com>; coreboot at coreboot.org
Subject: Re: [coreboot] Tianocore and TPM

Hi Jorge,

The staging UEFI Payload project (https://github.com/tianocore/edk2-staging/tree/UEFIPayload) has TPM support (although turned off by default, and using "FTPM" as the name (which needs to be fixed)).

Please have a look at UefiPayloadPkgIA32X64.dsc for the components under tag "$(FTPM_ENABLE)". These components mainly do the measuring of firmware components and log the results.

Also there is parsing logic in Library/PlatformInfoParseLib/ParseLib.c that parses TPM info in ACPI table passed from Coreboot. (This logic hasn't been sufficiently verified as this is still a "staging" project).

You might have a try. Please let us know if you see any bugs / problems in these. You might also use the EDKII mailing list for discussing issues with the UEFI Payload.


- ben

From: coreboot [mailto:coreboot-bounces at coreboot.org] On Behalf Of Jorge Fernandez Monteagudo
Sent: Wednesday, September 19, 2018 5:24 PM
To: coreboot at coreboot.org
Subject: [coreboot] Tianocore and TPM

Hi all!

I'm trying to enable the TPM2 support in the tianocore payload. The TPM2 device is working, because I've enabled the DEBUG_TPM and coreboot reports is up. I guess that I have to modify the 'CorebootPayloadPkgIa32X64.dsc' file to enable the TPM support but there are so many dependencies. Anybody has a working tianocore payload with TPM?


More information about the coreboot mailing list