dasharo-issues icon indicating copy to clipboard operation
dasharo-issues copied to clipboard

Published 20 hours ago verified publisher icon Dasharo

Switching between PTT(fTPM) and discrete TPM

Open miczyg1 opened this issue 2 years ago • 8 comments

The problem you're addressing (if any) Dynamic switching between fTPM and dTPM is currently not possible with coreboot/Dasharo. fTPM always takes precedence over dTPM.

Describe the solution you'd like Dasharo setup option to disable fTPM/PTT and use dTPM instead.

Where is the value to a user, and who might that user be? Some people may not necessarily want to use fTPM which is implemented in ME.

Describe alternatives you've considered None

Additional context None

miczyg1 avatar Jun 08 '22 13:06 miczyg1

Sent a patch to gerrit: https://review.coreboot.org/c/coreboot/+/68919 tested on Protectli VP46xx: https://review.coreboot.org/c/coreboot/+/68920

miczyg1 avatar Oct 27 '22 10:10 miczyg1

@miczyg1 I understand that this 2 patches was last steps in this issue. Can You CLOSE it?

rafkoch avatar Nov 29 '22 14:11 rafkoch

Besides the patches we will also need a setup option to switch between fTPM and discrete TPM, however it depends on https://github.com/Dasharo/dasharo-issues/issues/113 The setup option was our ultimate goal, so this one is definitely not for closing for now.

miczyg1 avatar Nov 29 '22 14:11 miczyg1

@miczyg1 we need to have the next steps written down. Could you do it?

rafkoch avatar Nov 30 '22 10:11 rafkoch

@rafkoch I have written it above.

  1. Get https://github.com/Dasharo/dasharo-issues/issues/113 done
  2. Implement setup option to switch between fTPM and dTPM

miczyg1 avatar Dec 04 '22 17:12 miczyg1

@miczyg1 Have both been implemented meanwhile? If so, I think the issue can be closed.

Also, I think dTPM should be the default? Is that the case?

wessel-novacustom avatar Apr 15 '24 14:04 wessel-novacustom

The second point is not yet implemented. Default is HW dependent. In case of NovaCustom laptops, you shouldn't probably even need it, because all your units have dTPM anyways. For other boards, fTPM should be the default, because it is always present.

It is rather a useful option for boards that have a SPI TPM header @wessel-novacustom

miczyg1 avatar Apr 16 '24 07:04 miczyg1

The second point is not yet implemented. Default is HW dependent. In case of NovaCustom laptops, you shouldn't;t probably even need it, because all your units have dTPM anyways. For other boards, fTPM should be the default, because it is always present.

It is rather a useful option for boards that have a SPI TPM header @wessel-novacustom

@miczyg1 Thank you for clarifying.

wessel-novacustom avatar Apr 16 '24 07:04 wessel-novacustom