proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-05-16 08:00:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9d07b7c23c
fwupd/plugins/tpm
History
Richard Hughes c1eda7d516 Add many new plugins to support for the Host Security ID 
The HSI specification is currently incomplete and in active development.

Sample output for my Lenovo P50 Laptop:

    Host Security ID: HSI:2+UA!

    HSI-1
    ✔  UEFI dbx: OK
    ✔  TPM: v2.0
    ✔  SPI: Write disabled
    ✔  SPI: Lock enabled
    ✔  SPI: SMM required
    ✔  UEFI Secure Boot: Enabled

    HSI-2
    ✔  TPM Reconstruction: Matched PCR0 reading

    HSI-3
    ✘  Linux Kernel S3 Sleep: Deep sleep available

    HSI-4
    ✘  Intel CET: Unavailable

    Runtime Suffix -U
    ✔  Firmware Updates: Newest release is 8 months old

    Runtime Suffix -A
    ✔  Firmware Attestation: OK

    Runtime Suffix -!
    ✔  fwupd plugins: OK
    ✔  Linux Kernel: OK
    ✔  Linux Kernel: Locked down
    ✘  Linux Swap: Not encrypted
2020-05-12 21:20:18 +01:00
..
fu-plugin-tpm.c Add many new plugins to support for the Host Security ID 2020-05-12 21:20:18 +01:00
fu-tpm-device.c Add many new plugins to support for the Host Security ID 2020-05-12 21:20:18 +01:00
fu-tpm-device.h Add many new plugins to support for the Host Security ID 2020-05-12 21:20:18 +01:00
meson.build Add a new plugin that exposes the system TPM device firmware version 2019-12-05 21:05:17 +00:00
README.md trivial: Document the use of vendor-id in each plugin 2019-12-11 18:10:44 +00:00
tpm.quirk Add a new plugin that exposes the system TPM device firmware version 2019-12-05 21:05:17 +00:00

README.md

TPM Support

Introduction

This allows enumerating Trusted Platform Modules, also known as "TPM" devices, although it does not allow the user to update the firmware on them.

GUID Generation

These devices use custom GUIDs:

  • TPM\VEN_$(manufacturer)&DEV_$(type)
  • TPM\VEN_$(manufacturer)&MOD_$(vendor-string)
  • TPM\VEN_$(manufacturer)&DEV_$(type)_VER_$(family),
  • TPM\VEN_$(manufacturer)&MOD_$(vendor-string)_VER_$(family)

...where family is either 2.0 or 1.2

Example GUIDs from a real system containing a TPM from Intel:

  Guid:                 34801700-3a50-5b05-820c-fe14580e4c2d <- TPM\VEN_INTC&DEV_0000
  Guid:                 03f304f4-223e-54f4-b2c1-c3cf3b5817c6 <- TPM\VEN_INTC&DEV_0000&VER_2.0

Vendor ID Security

The device is not upgradable and thus requires no vendor ID set.