Integrate dTPM with HAP enabled in EDK/UEFI on MSI boards #1039
Comments
|
It was already done when releasing heads variant. it is not available for UEFI just because there was no release for UEFI variant. |
@miczyg1 Could you explain what you mean by this? Are we not able to integrate this into EDK2 for MSI Z790-P boards |
dTPM support has been added after v0.9.1 version has been released. So if you would like to use dTPM, you would have to build the binary yourself from |
|
Awesome thank you. Looks like its working great, just what I needed. |
|
@miczyg1 I had a question, I noticed some new tags (v0.9.2-rc1, v0.9.2.-rc0). Will this be added to v0.9.2? I built v0.9.2-rc1 and it didn't have dTPM when HAP was disabled. |
I'm not sure what is the scope. @SergiiDmytruk ? |
|
I don't think it's out of scope, but looks like I need to update configuration a bit to enable it (thought it's automatic). This is a very early preparation for upcoming releases (tags will move, testing hasn't started yet), so thanks for pointing this out right away @MykeHalk. I've updated Dasharo/coreboot#565 with changes that should enable dTPM if you're eager to test it. |
|
Awesome thank you. |
The problem you're addressing (if any)
The dTPM is also disabled when HAP bit enabled.
Describe the solution you'd like
I noticed that this a feature in the heads firmware, would it be possible to integrate it into the UEFI firmware as well? When HAP is enabled check header for dTPM. Not sure if there are some conflicts I am unaware about that allows heads to have this feature and not EDK payload.
Where is the value to a user, and who might that user be?
Not sure but first thing that comes to mind is some games are starting to require Secure Boot and TPM to be enabled to play them.
Some people might want to have ME disabled so they can sleep at night knowing that its one less attack surface that they don't have to worry about but still have a discrete TPM for instances that require it. Heads also does not implement secure boot afaik.
I feel like this would benefit an average users that is slightly security focused but does not want to compromise functionality of his system.
Describe alternatives you've considered
Using heads itself but it does not support secure boot so its trading on thing for another.
Additional context
No response
The text was updated successfully, but these errors were encountered: