* Requesting feedback on GUI design - TPM Required policy and Virtual TPM
@ 2021-02-05 14:18 Priyanka Pillai
2021-02-05 16:09 ` Joseph Reynolds
0 siblings, 1 reply; 2+ messages in thread
From: Priyanka Pillai @ 2021-02-05 14:18 UTC (permalink / raw)
To: openbmc
[-- Attachment #1: Type: text/plain, Size: 826 bytes --]
Hello,
*We have decided to remove the TPM Required Policy from the Server Power
Operations Page and move it to the Security Panel page. *
Our findings:
* TPM Required policy is rarely required to be disabled during the power
operations.
* Only in cases of troubleshooting or if a physical TPM card is not part of
the system, is when this setting needs to be disabled.
* In all other cases, it is not advisable to disable it.
* It affects the security of the host boot process.
Similarly, we shall be *adding Virtual TPM to the security page* as well,
since it’s usage is the same and it affects security of the logical
partitions boot process.
Does anyone from the community have any concerns regarding this?
Warm regards,
*Priyanka Pillai*
User Experience Designer
IBM iX : Interactive Experience
[-- Attachment #2: Type: text/html, Size: 1055 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Requesting feedback on GUI design - TPM Required policy and Virtual TPM
2021-02-05 14:18 Requesting feedback on GUI design - TPM Required policy and Virtual TPM Priyanka Pillai
@ 2021-02-05 16:09 ` Joseph Reynolds
0 siblings, 0 replies; 2+ messages in thread
From: Joseph Reynolds @ 2021-02-05 16:09 UTC (permalink / raw)
To: Priyanka Pillai, openbmc
On 2/5/21 8:18 AM, Priyanka Pillai wrote:
> Hello, We have decided to remove the TPM Required Policy from...
> This Message Is From an External Sender
> This message came from outside your organization.
>
> Hello,
>
> *We have decided to remove the TPM Required Policy from the Server
> Power Operations Page and move it to the Security Panel page. *
> Our findings:
> * TPM Required policy is rarely required to be disabled during the
> power operations.
> * Only in cases of troubleshooting or if a physical TPM card is not
> part of the system, is when this setting needs to be disabled.
> * In all other cases, it is not advisable to disable it.
> * It affects the security of the host boot process.
>
> Similarly, we shall be *adding Virtual TPM to the security page* as
> well, since it’s usage is the same and it affects security of the
> logical partitions boot process.
Note this refers to the host's TPM (and not a TPM that measures the BMC
such as the BMC Trusted Boot design being discussed here
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/26169).
These findings sound right to me (but I am not a TPM expert).
Joseph
> Does anyone from the community have any concerns regarding this?
>
> Warm regards,
> *Priyanka Pillai*
> User Experience Designer
> IBM iX : Interactive Experience
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-02-05 16:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-05 14:18 Requesting feedback on GUI design - TPM Required policy and Virtual TPM Priyanka Pillai
2021-02-05 16:09 ` Joseph Reynolds
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.