Re: TPM support within Grub2

[Javier Martinez Canillas]

On 07/18/2018 11:03 AM, Daniel Kiper wrote:
> On Tue, Jul 17, 2018 at 07:10:32PM +0100, Matthew Garrett wrote:
>> On Mon, Jul 16, 2018 at 12:33:42PM -0400, Daniel P. Smith wrote:
>>> On 07/16/2018 08:06 AM, Daniel Kiper wrote:
>>>> In general I am not against reorganization you are mentioning above.
>>>> Though I think that then you should rearange Matthew code and repost
>>>> it. Of course if Matthew does not object.
>>>
>>> I can align Matthew's code or if he would like, he is more than welcome
>>> to collaborate on the solution.
>>
>> There's a lot of user demand for TPM2 support in grub, so my preference
>> would be:
>>
>> 1) Review and merge the verifiers framework
> 
> OK, as I said earlier I will post it with some comments and minor
> fixes in a week or two.
> 
>> 2) Update the current TPM2 code to match and review and merge that
>> 3) Ensure that the functionality matches user expectations and then
>> develop a more generic midlayer based on that to support additional TPM
>> backends
>>
>> My concern about doing (3) before (2) is that it may take multiple
>> attempts to develop something that works for us, and delay being able to
>> provide functionality that people would like to take advantage of. I
>> think some real-world use would make the process easier.
> 
> This option works for me too. If Daniel S. is OK with that we can proceed.
>

FWIW I agree too, specially since Matthew's patches have been in the list
for more than a year now, so I don't see a reason to hold the TPM support
much longer just to make it more generic.

I think (3) can be built on top of the current patch-set once this lands,
while providing UEFI TPM support to users in the meantime.
 
> Daniel

Best regards,
-- 
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat