[SeaBIOS] [PATCH v2 3/3] Add a menu for TPM control

Kevin O'Connor kevin at koconnor.net
Mon Jun 1 18:54:56 CEST 2015


On Tue, May 26, 2015 at 03:48:35PM -0400, Stefan Berger wrote:
> This patch provides an addtional menu entry that enables the user to control
> certain aspects of the TPM's state.
> 
> If a working TPM has been detected, the boot menu will look like this:
> 
> Select boot device:
> 
> 1. ata0-1: QEMU HARDDISK ATA-7 Hard-Disk (6144 MiBytes)
> 2. Legacy option rom
> 3. iPXE (PCI 00:03.0)
> 
> t. TPM Menu
> 
> Upon pressing t the TPM menu will be shown:
> 
> 1. Enable TPM
> 2. Disable TPM
> 3. Activate TPM
> 4. Deactivate TPM
> 5. Clear ownership
> 6. Allow installation of owner
> 7. Prevent installation of owner
> Escape for previous menu.
> TPM is enabled, active, does not have an owner but one can be installed.

I'm okay with adding a "t" to the boot menu.  However, I think this
sub-menu is too complex and cryptic.  (For example, I suspect most
users wont even know what "TPM" means.)

I think I'd prefer something like:

t. TPM Configuration

Upon pressing t the TPM menu will be shown:


The Trusted Platform Module (TPM) is a hardware device in this
machine.  It can help verify the integrity of system software.

The current state of the TPM is:
  Enabled
  No ownership key has been installed
  System software can install an ownership key

Available options are:
  d) Disable TPM and clear any ownership key settings

If no change is desired or if this menu was reached by mistake, press
ESC and this machine will be rebooted without change.


Specifically, I think the menu should be a little more verbose (for
users that just explore the menu), it should only be reached if the
given hardware is present, and menu options should only be shown if
they are actually available and make sense to invoke.

-Kevin



More information about the SeaBIOS mailing list