Hello, Is anybody aware what would be the effort to include TPM measurements in UefiPayloadPkg?
The drivers for TPM seem to be already present for DXE in SecurityPkg and a function to measure the data with TPM and logging. However it does not seem the payload package uses them. Also I assume that PEI and DXE cannot be measured before execution with current implementation, because drivers are available late in DXE. If my understanding is correct, if I would use vboot+measured boot in coreboot the whole payload is measured still, but the trust chain would be broken after SEC. Can anybody tell if I am wrong? Best regards, -- Michał Żygowski Firmware Engineer http://3mdeb.com | @3mdeb_com _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
