heads
heads copied to clipboard
linuxboot
TPM2 - modules / tpmx / nitropc-v2
- #1031 and #893 on top of the current master
- new board
nitropc_v2is essentially alibrem_mini_v2/ nitropc + tpm2 (not working due to some missing config-hacks I did inside coreboot, will pack them into a patch soon) - anyone crazy enough to test this on a supported platform is highly welcome to feedback, although I haven't had the chance to test @aesrentai's tpmx approach yet
expect this to change a lot, this is WIP
I broke my circleci, need to check, but currently does not build yet, it is missing the coreboot hack, although it should build for other platforms but also not tested yet ...
Why not https://github.com/hardenedvault/vaultboot/commit/4506fc26d0d9aed1e15030bbf8cd49cede6c4d49
I completely forgot where I was, however, so I'll get back to you late this week on why I didn't just copy the entire hardenedvault wrapper-- I remember I had a reason but honestly I forgot what it was.
@daringer @aesrentai We are at a stage, with KVM/QEMU support under #1188 for swtpm HOTP and local testing, to take a leadership decision on what implementation to chose and go forward.
Personally, I would take @root-hardenedvault implementation, based on #893 and #907 prior work and go from there, making hardenedvault approach upstream (tested and used in hardware already).
@aesrentai @daringer : your input on his approach and why you decided to create/use another one (while similar #1109 ) would be interesting prior of going forward.
#1188 board configurations can be reused easily to create -tpm2 instead of tpm in additional board configurations to test without real hardware first. #1188 will be merged soon.
I'm asking for your input, since I would take that ball and move it forward under paid grant application work, thanks to Nlnet.
Originally posted by @tlaurion in https://github.com/osresearch/heads/issues/1031#issuecomment-1225915734