TPM 1.2 support for Intel TXT path in GRUB #3
Labels
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
T: enhancement
Type: enhancement. An enhancement or improvement of existing functionality.
W: todo
Workflow: todo. The issue is in the initial to do state.
Comments
miczyg1
added
T: enhancement
12 tasks
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The problem you're addressing (if any)
GRUB with TrenchBoot support refuses to perform measured launch on Intel TXT enabled platform with TPM 1.2. The TPM 1.2 is reported as unsupported.
Describe the solution you'd like
Implement the TrechBoot support for TPM 1.2 for Intel TXT path in GRUB.
Where is the value to a user, and who might that user be?
Users with a slightly older platform still have TPM 1.2 onboard. The Intel ACMs are tightly coupled to TPM versions that were available at the time of platform shipment OR the TPMs are soldered and there are no means to upgrade their firmware even if the Intel ACM supports TPM2.0. Because of this, platforms owners might not be able to use TrenchBoot.
Describe alternatives you've considered
There are a few alternatives, but I do not consider them valid in my case:
Additional context
When GRUB debugging is enabled for slaunch module, the GRUB prints an error on the debug console
TPM 1.2 is not supported:Relevant documentation you've consulted
https://github.com/TrenchBoot/grub/blob/intel-txt/grub-core/loader/i386/txt/txt.c#L617
Related, non-duplicate issues
None
The text was updated successfully, but these errors were encountered: