[Bug 3510] New: OVMF: The TPM 2 platform hierarchy must be disabled



Bug ID: 3510
Summary: OVMF: The TPM 2 platform hierarchy must be disabled
Product: EDK2
Version: Current
Hardware: All
OS: All
Severity: normal
Priority: Lowest
Component: Code
Assignee: unassigned@tianocore.org
Reporter: stefanb@linux.ibm.com
CC: edk2+bugs+int+994+563148131503455288@groups.io

Per the TCG firmware specification "TCG PC Client Platform Firmware Profile
Specification" the TPM 2 platform hierarchy needs to be disabled or a random
password set and discarded before the firmware passes control to the next stage
bootloader or kernel.

Current specs are here:

Section 11 states:
"Platform Firmware MUST protect access to the Platform Hierarchy and prevent
access to the platform hierarchy by non-manufacturer-controlled components. "

Ideally the bugfix would be applied to a recent stable branch as well.

You are receiving this mail because:
You are on the CC list for the bug.

Join bugs@edk2.groups.io to automatically receive all group messages.