https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263557
--- Comment #18 from Peter Much <p...@citylink.dinoex.sub.org> --- Graham, there was a security flaw in TPM 2.0: After a suspend/resume one was able to circumvent TPM; this is explained in one of the BsdCon videos. To fix this flaw, TPM 2.0 does now not allow the computer to resume after a suspend, and forces a reset instead, unless it had been properly primed during the suspend. Our TPM kmod does handle this. So, if the computer has a TPM 2.0 installed and running, one must kldload tpm, otherwise the resume cannot work. It became obvious to me when working myself thru the changelog of OpenBSD, searching for something they do differently: > Identified TPM2.0 devices and performed the 2.0-specific "suspend" > command, allowing the lenovo xlr9 and xlnano using the latest BIOS > (which added S3) to resume." Additionally this hints to something else, too: there is some issue with the S3, which apparently has been deprecated by Intel for the Gen 11 processors, and was later re-added on public demand. But I don't know the details of this. -- You are receiving this mail because: You are the assignee for the bug.
