[Skiboot] [PATCH v2 06/12] secvar_tpmnv: add high-level tpm nv index abstraction for secvar
stefanb at linux.ibm.com
Wed Jan 29 00:08:49 AEDT 2020
On 1/24/20 8:43 PM, Eric Richter wrote:
> On 1/23/20 8:39 AM, Stefan Berger wrote:
>> On 1/19/20 9:36 PM, Eric Richter wrote:
>>> + // TODO: Determine the proper auth
>> right. I doubt it will always work with physical presence protection. What all environments do you intend to run this in? Will SLOF be there before you run this ?
> This whole file is largely only intended for secure boot of the host OS, specifically on p9 witherspoon machines. Guest secure boot should (hopefully) not be requiring the TPM NV space as part of key storage.
To support this kind of scenario you'll probably need a driver
abstraction / interface for pnor+tpm so that one can accommodate some
other storage driver underneath. Probably some sort of probing would be
needed so that one executable can work for both environments then.
More information about the Skiboot