Hello
I have a custom board (based on Jetson Orin Nano 8GB) that has TPM chip. I am using latest Jetpack release.
I added TPM support and it is working well in userspace and initramfs.
Is it possible to add TPM support in UEFI EDK2 Nvidia to provide PCR population automatically using the PCR7 (with secure boot UEFI keys)?
My understanding is that this is automatically done in UEFI implementation with TPM support but I am not sure about the NVIDIA UEFI implementation.
My usecase is having the PCR7 of the TPM populated each boot so that I can use my TPM to provide secrets based on this policy.
Thanks
Hi sidalit,
Do you mean JP5.1.4 or JP6.1?
Sorry that we don’t support using dTPM in UEFI and there’s no related resource about it.
UEFI implements the fTPM like secureboot feature rather than used for dTPM.
sidalit
October 30, 2024, 11:00am
4
Do you mean JP5.1.4 or JP6.1?
Using JP6.1
Sorry that we don’t support using dTPM in UEFI and there’s no related resource about it.
No problem, I would like to try to add support in NVIDIA UEFI but I just want to make sure that when I enable dTPM it will populate PCRs automatically or TPM event log is something that needs to be implemented also?
It seems you have to add custom driver in UEFI to handle for dTPM.
Currently, they are used for fTPM.
system
December 3, 2024, 1:46pm
9
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.