[Bug 3510] New: OVMF: The TPM 2 platform hierarchy must be disabled


bugzilla-daemon@...
 

https://bugzilla.tianocore.org/show_bug.cgi?id=3510

Bug ID: 3510
Summary: OVMF: The TPM 2 platform hierarchy must be disabled
Product: EDK2
Version: Current
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Lowest
Component: Code
Assignee: unassigned@tianocore.org
Reporter: stefanb@linux.ibm.com
CC: edk2+bugs+int+994+563148131503455288@groups.io

Per the TCG firmware specification "TCG PC Client Platform Firmware Profile
Specification" the TPM 2 platform hierarchy needs to be disabled or a random
password set and discarded before the firmware passes control to the next stage
bootloader or kernel.

Current specs are here:
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v22_02dec2020.pdf

Section 11 states:
"Platform Firmware MUST protect access to the Platform Hierarchy and prevent
access to the platform hierarchy by non-manufacturer-controlled components. "

Ideally the bugfix would be applied to a recent stable branch as well.

--
You are receiving this mail because:
You are on the CC list for the bug.