[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TPM support within Grub2
|
From: |
Daniel Kiper |
|
Subject: |
Re: TPM support within Grub2 |
|
Date: |
Mon, 2 Jul 2018 18:35:08 +0200 |
|
User-agent: |
Mutt/1.3.28i |
Hi Daniel,
On Sun, Jul 01, 2018 at 07:09:30PM -0400, Daniel P. Smith wrote:
> Greetings,
>
> I have a measured boot implementation I have been working on that
> introduces a DRTM relocator that I would like to eventually upstream.
> This work does rely on the ability to access a TPM 1.2 chip from within
> Grub2. I am aware of Matthew Garrett's pending patch to add core TPM
> support[1] but that is limited to UEFI environments. My target
> environment uses Coreboot with the TCG BIOS payload to launch the
> environment. For TPM support I am using code picked out of the
> TrustedGRUB2 fork[2]. As a precursor to upstreaming my DRTM relocator, I
> would like to see if I could find a way to generically introduce TPM
> support into Grub2 that support's Matthew's UEFI backend, TrustedGrub2's
> TPM 1.2 raw I/O, as well as leave a path for TPM2 raw I/O. In both
> implementations TPM support is include as an x86 device when in fact
> they can also be found in ARM devices, which is on my wish list of
> future devices I would like to support. With all of this in mind, I
> wanted to open a discussion on the best way to implement generic TPM
> support. In Matthew's approach TPM is implemented under
> grub-core/commands while TrustedGRUB2 is split between grub-core/kern
> and grub-core/tpm. IMHO TPM functionality should be divided into HW
> interfaces, TPM command processing, and higher order TPM operations. If
> the logic was segmented in this manner, what are other's opinions on
> where segments of logic should reside within the Grub2 source tree?
>
>
> [1] http://lists.gnu.org/archive/html/grub-devel/2017-07/msg00005.html
> [2] https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2
This comes just in time. I am back from vacation and I am going to
revisit the issue (including the verifiers framework). I will take
deeper dive in it probably at the end of this week or at the beginning
of next one after clearing my backlog. In meantime I am CC-ing guys
who may be interested in that project too.
Stay tuned...
Daniel
- TPM support within Grub2, Daniel P. Smith, 2018/07/01
- Re: TPM support within Grub2,
Daniel Kiper <=
- Re: TPM support within Grub2, Daniel Kiper, 2018/07/16
- Re: TPM support within Grub2, Daniel P. Smith, 2018/07/16
- Re: TPM support within Grub2, Daniel Kiper, 2018/07/17
- Re: TPM support within Grub2, Matthew Garrett, 2018/07/17
- Re: TPM support within Grub2, Daniel Kiper, 2018/07/18
- Re: TPM support within Grub2, Javier Martinez Canillas, 2018/07/18
- Re: TPM support within Grub2, Daniel P. Smith, 2018/07/18
- Re: TPM support within Grub2, Daniel Kiper, 2018/07/20
- Re: TPM support within Grub2, Philip Tricca, 2018/07/17
- Re: TPM support within Grub2, Daniel P. Smith, 2018/07/18