Greetings, I have a measured boot implementation I have been working on that introduces a DRTM relocator that I would like to eventually upstream. This work does rely on the ability to access a TPM 1.2 chip from within Grub2. I am aware of Matthew Garrett's pending patch to add core TPM support[1] but that is limited to UEFI environments. My target environment uses Coreboot with the TCG BIOS payload to launch the environment. For TPM support I am using code picked out of the TrustedGRUB2 fork[2]. As a precursor to upstreaming my DRTM relocator, I would like to see if I could find a way to generically introduce TPM support into Grub2 that support's Matthew's UEFI backend, TrustedGrub2's TPM 1.2 raw I/O, as well as leave a path for TPM2 raw I/O. In both implementations TPM support is include as an x86 device when in fact they can also be found in ARM devices, which is on my wish list of future devices I would like to support. With all of this in mind, I wanted to open a discussion on the best way to implement generic TPM support. In Matthew's approach TPM is implemented under grub-core/commands while TrustedGRUB2 is split between grub-core/kern and grub-core/tpm. IMHO TPM functionality should be divided into HW interfaces, TPM command processing, and higher order TPM operations. If the logic was segmented in this manner, what are other's opinions on where segments of logic should reside within the Grub2 source tree?
[1] http://lists.gnu.org/archive/html/grub-devel/2017-07/msg00005.html [2] https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
