proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2026-03-28 09:59:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3fa2df2ab3
fwupd/plugins/tpm
History
Richard Hughes c4b7f42e43 Only compress one version of the builtin-quirks 
Saving the quirks in the GResource section worked well, but it made the build
system very complicated and also meant the .data section was duplicated in
both `fwupd` and `fwupdtool` -- negating a lot of the hard-fought savings.

Simplify this feature so that we just `cat` all the quirk files together, then
gzip them into a single file. This means that at startup fwupd only needs to
check the mtime of one file, and weirdly it's actually faster to load a smaller
compressed file from disk that it is to load multiple uncompressed files.
2022-09-27 12:44:04 +01:00
..
fuzzing Merge tpm-eventlog into the tpm plugin 2021-11-02 13:47:25 +00:00
tests Add HSI check that PCR registers 0-7 are not empty 2021-11-17 16:21:52 +00:00
fu-plugin-tpm.c tpm: Don't require uefi capsule updates for checking TPM PCR0 2022-08-29 07:56:23 +01:00
fu-self-test.c trivial: set firwmare attributes class directory for all tests 2022-07-28 17:30:57 -05:00
fu-tpm-device.c Split out the string helpers to a new source file 2022-06-14 14:36:52 -05:00
fu-tpm-device.h Move the TPM handling into the TPM place 2021-11-01 14:51:27 +00:00
fu-tpm-eventlog-common.c tpm: Fix eventlog replay for Intel TXT machines 2022-03-23 21:18:46 +00:00
fu-tpm-eventlog-common.h Be smarter and include less header files per source file 2022-06-14 14:36:52 -05:00
fu-tpm-eventlog-parser.c Split out the dump helpers to a new source file 2022-06-14 14:36:52 -05:00
fu-tpm-eventlog-parser.h Merge tpm-eventlog into the tpm plugin 2021-11-02 13:47:25 +00:00
fu-tpm-eventlog.c Split out the string helpers to a new source file 2022-06-14 14:36:52 -05:00
fu-tpm-v1-device.c Remove duplicate ->probe() calls to speed up startup by 150ms 2022-06-14 21:01:57 +01:00
fu-tpm-v1-device.h Move the TPM handling into the TPM place 2021-11-01 14:51:27 +00:00
fu-tpm-v2-device.c Remove duplicate ->probe() calls to speed up startup by 150ms 2022-06-14 21:01:57 +01:00
fu-tpm-v2-device.h Move the TPM handling into the TPM place 2021-11-01 14:51:27 +00:00
meson.build Only compress one version of the builtin-quirks 2022-09-27 12:44:04 +01:00
README.md Merge tpm-eventlog into the tpm plugin 2021-11-02 13:47:25 +00:00
tpm.quirk Simplify the quirk file format 2021-03-03 08:30:34 +00:00

README.md

TPM

Introduction

This allows enumerating Trusted Platform Modules, also known as "TPM" devices, although it does not allow the user to update the firmware on them.

The TPM Event Log records which events are registered for the PCR0 hash, which may help in explaining why PCR0 values are differing for some firmware.

The device exposed is not upgradable in any way and is just for debugging. The created device will be a child device of the system TPM device, which may or may not be upgradable.

GUID Generation

These devices use custom GUIDs:

  • TPM\VEN_$(manufacturer)&DEV_$(type)
  • TPM\VEN_$(manufacturer)&MOD_$(vendor-string)
  • TPM\VEN_$(manufacturer)&DEV_$(type)_VER_$(family),
  • TPM\VEN_$(manufacturer)&MOD_$(vendor-string)_VER_$(family)

...where family is either 2.0 or 1.2

Example GUIDs from a real system containing a TPM from Intel:

  Guid:                 34801700-3a50-5b05-820c-fe14580e4c2d <- TPM\VEN_INTC&DEV_0000
  Guid:                 03f304f4-223e-54f4-b2c1-c3cf3b5817c6 <- TPM\VEN_INTC&DEV_0000&VER_2.0

Vendor ID Security

The device is not upgradable and thus requires no vendor ID set.

External Interface Access

This plugin uses the tpm2-tss library to access the TPM. It requires access to /sys/class/tpm and optionally requires read only access to /sys/kernel/security/tpm0/binary_bios_measurements.