search

Dasharo / dasharo-issues

The Dasharo issue tracker
https://dasharo.com/
24 stars 0 forks source link

Switching between PTT(fTPM) and discrete TPM #112

Open miczyg1 opened 2 years ago

miczyg1 commented 2 years ago

The problem you're addressing (if any) Dynamic switching between fTPM and dTPM is currently not possible with coreboot/Dasharo. fTPM always takes precedence over dTPM.

Describe the solution you'd like Dasharo setup option to disable fTPM/PTT and use dTPM instead.

Where is the value to a user, and who might that user be? Some people may not necessarily want to use fTPM which is implemented in ME.

Describe alternatives you've considered None

Additional context None

miczyg1 commented 1 year ago

Sent a patch to gerrit: https://review.coreboot.org/c/coreboot/+/68919 tested on Protectli VP46xx: https://review.coreboot.org/c/coreboot/+/68920

rafkoch commented 1 year ago

@miczyg1 I understand that this 2 patches was last steps in this issue. Can You CLOSE it?

miczyg1 commented 1 year ago

Besides the patches we will also need a setup option to switch between fTPM and discrete TPM, however it depends on https://github.com/Dasharo/dasharo-issues/issues/113 The setup option was our ultimate goal, so this one is definitely not for closing for now.

rafkoch commented 1 year ago

@miczyg1 we need to have the next steps written down. Could you do it?

miczyg1 commented 1 year ago

@rafkoch I have written it above.

  1. Get https://github.com/Dasharo/dasharo-issues/issues/113 done
  2. Implement setup option to switch between fTPM and dTPM
wessel-novacustom commented 5 months ago

@miczyg1 Have both been implemented meanwhile? If so, I think the issue can be closed.

Also, I think dTPM should be the default? Is that the case?

miczyg1 commented 5 months ago

The second point is not yet implemented. Default is HW dependent. In case of NovaCustom laptops, you shouldn't probably even need it, because all your units have dTPM anyways. For other boards, fTPM should be the default, because it is always present.

It is rather a useful option for boards that have a SPI TPM header @wessel-novacustom

wessel-novacustom commented 5 months ago

The second point is not yet implemented. Default is HW dependent. In case of NovaCustom laptops, you shouldn't;t probably even need it, because all your units have dTPM anyways. For other boards, fTPM should be the default, because it is always present.

It is rather a useful option for boards that have a SPI TPM header @wessel-novacustom

@miczyg1 Thank you for clarifying.