* Re: using tpm on ovmf
2018-12-16 22:59 using tpm on ovmf Michał Zegan
@ 2018-12-17 10:20 ` Laszlo Ersek
0 siblings, 0 replies; 2+ messages in thread
From: Laszlo Ersek @ 2018-12-17 10:20 UTC (permalink / raw)
To: Michał Zegan; +Cc: edk2-devel, Marc-André Lureau, Stefan Berger
Hi Michał,
(adding Marc-André and Stefan)
On 12/16/18 23:59, Michał Zegan wrote:
> Hello,
> I have ovmf with TPM2_ENABLE and tpm seems to be supported. However, is
> it possible to configure it from the ui?
No, it isn't.
TPM configuration is platform specific. The example driver in
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
which contains visual forms, for the setup UI to display, is just that,
an example, that a platform might incorporate and/or customize. The INF
file states, "NOTE: This module is only for reference only, each
platform should have its own setup page."
Please see one of the past discussions in the thread at:
http://mid.mail-archive.com/20180223132311.26555-7-marcandre.lureau@redhat.com
That patch was dropped (as I requested), and instead, the end result is
commit 6cf1880fb5b6 ("OvmfPkg: add customized Tcg2ConfigPei clone",
2018-03-09); the commit message should hopefully describe the
configuration method well enough.
Regarding PPI (physical presence interface) operations, those are
supported through the firmware UI. That is, if you queue a number of TPM
ops while the OS runs, and you reboot from within the OS, then the
firmware gives you a UI to confirm those TPM ops.
Thanks,
Laszlo
^ permalink raw reply [flat|nested] 2+ messages in thread