[SeaBIOS] [PATCH v2 3/3] Add a menu for TPM control

Kevin O'Connor kevin at koconnor.net
Wed Jun 10 16:38:56 CEST 2015 

On Wed, Jun 10, 2015 at 07:12:29AM -0400, Stefan Berger wrote:
> On 06/01/2015 12:54 PM, Kevin O'Connor wrote:
> >On Tue, May 26, 2015 at 03:48:35PM -0400, Stefan Berger wrote:
> >>This patch provides an addtional menu entry that enables the user to control
> >>certain aspects of the TPM's state.
> >>
> >>If a working TPM has been detected, the boot menu will look like this:
> >>
> >>Select boot device:
> >>
> >>1. ata0-1: QEMU HARDDISK ATA-7 Hard-Disk (6144 MiBytes)
> >>2. Legacy option rom
> >>3. iPXE (PCI 00:03.0)
> >>
> >>t. TPM Menu
> >>
> >>Upon pressing t the TPM menu will be shown:
> >>
> >>1. Enable TPM
> >>2. Disable TPM
> >>3. Activate TPM
> >>4. Deactivate TPM
> >>5. Clear ownership
> >>6. Allow installation of owner
> >>7. Prevent installation of owner
> >>Escape for previous menu.
> >>TPM is enabled, active, does not have an owner but one can be installed.
> >I'm okay with adding a "t" to the boot menu.  However, I think this
> >sub-menu is too complex and cryptic.  (For example, I suspect most
> >users wont even know what "TPM" means.)
> >
> >I think I'd prefer something like:
> >
> >t. TPM Configuration
> >
> >Upon pressing t the TPM menu will be shown:
> >
> >
> >The Trusted Platform Module (TPM) is a hardware device in this
> >machine.  It can help verify the integrity of system software.
> >
> >The current state of the TPM is:
> >   Enabled
> >   No ownership key has been installed
> >   System software can install an ownership key
> >
> >Available options are:
> >   d) Disable TPM and clear any ownership key settings
> >
> >If no change is desired or if this menu was reached by mistake, press
> >ESC and this machine will be rebooted without change.
> >
> >
> >Specifically, I think the menu should be a little more verbose (for
> >users that just explore the menu), it should only be reached if the
> >given hardware is present, and menu options should only be shown if
> >they are actually available and make sense to invoke.
> >
> >-Kevin
> >
> 
> Here's now the (code for the) menu I created. I hope it's an acceptable
> middle-ground. This sub-menu will only be available if a TPM has been
> detected on the machine. Also, only those menu items that can be selected at
> the moment, considering the state of the TPM, are shown. The allowed
> scancodes are collected in an array.

Thanks.  It does look much better to me.  What's the difference
between enabled and activated?  Can you describe it or point me to a
link?

-Kevin

More information about the SeaBIOS mailing list