[tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
Ken Goldman
kgold at linux.vnet.ibm.com
Mon Mar 20 19:42:13 UTC 2017
On 3/20/2017 5:54 AM, Alexander.Steffen at infineon.com wrote:
>
> There are a few special cases that need some thought though. For
> example, it is possible to use an upgrade to switch the TPM family
> from 1.2 to 2.0 (or vice versa). In this case it seems useful to let
> the kernel reinitialize the TPM driver, so it uses the correct
> timeouts for communication, activates the correct features (resource
> manager or not?), etc., without needing to reboot the system.
In practice, would a TPM upgrade from TPM 1.2 to TPM 2.0 even occur
without a reboot? Is it an important use case?
1 - It would leave the SHA-256 PCRs in the reset state.
2 - It's possible that this upgrade would also require a BIOS upgrade.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list