Hi Daniel, On Sun, Jul 01, 2018 at 07:09:30PM -0400, Daniel P. Smith wrote: > Greetings, > > I have a measured boot implementation I have been working on that > introduces a DRTM relocator that I would like to eventually upstream. > This work does rely on the ability to access a TPM 1.2 chip from within > Grub2. I am aware of Matthew Garrett's pending patch to add core TPM > support[1] but that is limited to UEFI environments. My target > environment uses Coreboot with the TCG BIOS payload to launch the > environment. For TPM support I am using code picked out of the > TrustedGRUB2 fork[2]. As a precursor to upstreaming my DRTM relocator, I > would like to see if I could find a way to generically introduce TPM > support into Grub2 that support's Matthew's UEFI backend, TrustedGrub2's > TPM 1.2 raw I/O, as well as leave a path for TPM2 raw I/O. In both > implementations TPM support is include as an x86 device when in fact > they can also be found in ARM devices, which is on my wish list of > future devices I would like to support. With all of this in mind, I > wanted to open a discussion on the best way to implement generic TPM > support. In Matthew's approach TPM is implemented under > grub-core/commands while TrustedGRUB2 is split between grub-core/kern > and grub-core/tpm. IMHO TPM functionality should be divided into HW > interfaces, TPM command processing, and higher order TPM operations. If > the logic was segmented in this manner, what are other's opinions on > where segments of logic should reside within the Grub2 source tree? > > > [1] http://lists.gnu.org/archive/html/grub-devel/2017-07/msg00005.html > [2] https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2
This comes just in time. I am back from vacation and I am going to revisit the issue (including the verifiers framework). I will take deeper dive in it probably at the end of this week or at the beginning of next one after clearing my backlog. In meantime I am CC-ing guys who may be interested in that project too. Stay tuned... Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
