Requesting feedback on GUI design - TPM Required policy and Virtual TPM
Joseph Reynolds
jrey at linux.ibm.com
Sat Feb 6 03:09:49 AEDT 2021
On 2/5/21 8:18 AM, Priyanka Pillai wrote:
> Hello, We have decided to remove the TPM Required Policy from...
> This Message Is From an External Sender
> This message came from outside your organization.
>
> Hello,
>
> *We have decided to remove the TPM Required Policy from the Server
> Power Operations Page and move it to the Security Panel page. *
> Our findings:
> * TPM Required policy is rarely required to be disabled during the
> power operations.
> * Only in cases of troubleshooting or if a physical TPM card is not
> part of the system, is when this setting needs to be disabled.
> * In all other cases, it is not advisable to disable it.
> * It affects the security of the host boot process.
>
> Similarly, we shall be *adding Virtual TPM to the security page* as
> well, since it’s usage is the same and it affects security of the
> logical partitions boot process.
Note this refers to the host's TPM (and not a TPM that measures the BMC
such as the BMC Trusted Boot design being discussed here
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/26169).
These findings sound right to me (but I am not a TPM expert).
Joseph
> Does anyone from the community have any concerns regarding this?
>
> Warm regards,
> *Priyanka Pillai*
> User Experience Designer
> IBM iX : Interactive Experience
More information about the openbmc
mailing list