[PATCH v6 13/14] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch
Ross Philipson
ross.philipson at oracle.com
Fri May 12 09:22:13 PDT 2023
On 5/12/23 07:43, Matthew Garrett wrote:
> On Thu, May 04, 2023 at 02:50:22PM +0000, Ross Philipson wrote:
>> The Secure Launch MLE environment uses PCRs that are only accessible from
>> the DRTM locality 2. By default the TPM drivers always initialize the
>> locality to 0. When a Secure Launch is in progress, initialize the
>> locality to 2.
>
> This looks correct in itself, but looking at the CRB driver code I don't
> think locality support is actually implemented. Are there any SL systems
> using CRB?
We have never seen a system that supports CRB other than some firmware
TPMs that don't work with TXT in the first place. CRB is unexplored
territory at this point.
Thanks
Ross
More information about the kexec
mailing list