[edk2-devel] Missing TPM 2 related call to Tpm2HierarchyChangeAuth
Stefan Berger
stefanb at linux.ibm.com
Mon Jul 26 14:46:52 UTC 2021
Hello!
The TPM 2 code in EDK2 is missing an important call to
Tpm2HierarchyChangeAuth for the platform hierarchy. We have to set the
password of that hierarchy and discard the password. See also specs
section 11:
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v22_02dec2020.pdf
"Platform Firmware MUST protect access to the Platform Hierarchy and
prevent access to the platform hierarchy by
non-manufacturer-controlled components. "
I was wondering where we could put that call so it's invoked after the
user has possibly interacted with the menu and before passing control to
the next stage such as boot loader.
Regards,
Stefan
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78174): https://edk2.groups.io/g/devel/message/78174
Mute This Topic: https://groups.io/mt/84459973/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list