Share this page!

Nikolaj Schlej Profile picture
Twitter logo
1 Jul, 4 tweets, 1 min read
Kind of late to the TPM2 bandwagon, but I wholeheartedly believe that making it a requirement for Win11 is not only a good idea by itself, but the only working way for MS to force IBVs/OEMs to implement the firmware drivers and flows for it correctly.
Optional security tech is automatically underprioritized and undertested, then too often never gets enabled correctly because of that. IRL it's either "enabled by default" or "doesn't work", especially when OS vendor A needs to rely on HW vendor B to do the right thing.
That right thing is indeed hard to do, and the UX of physical presence check for TPM reset is often bad, and the fact that BIOS updates often require key recovery procedures due to mismanaging the PCRs is really sad, but if not dragged along, vendors will do *nothing* about that.
So I, for one, welcome our new TPM2 overlords.

If you aren't into that at all, somebody will soon write a DXE runtime driver that will store all your keys and PCRs in NVRAM and/or CMOS SRAM, while making Win11 perfectly happy with that emulated TPM2 device.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nikolaj Schlej

Nikolaj Schlej Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @NikolajSchlej

Nikolaj Schlej Profile picture
3 Jul
Annual "new somewhat interesting stuff in ACPI/UEFI/PI specs updates" thread, let's go. PI 1.8 is not published yet, so I'll add it when it be ready.🧵
[ACPI 6.4] A new ACPI system descriptor table 'SVKL', aka "Storage Volume Key Data table in the Intel Trusted Domain Extensions". Described and defined here among other things related to Intel TDX: software.intel.com/content/dam/de…
[ACPI 6.4] A new ACPI system descriptor table 'MPAM', aka "Arm Memory Partitioning And Monitoring". Should be defined and described in Arm DEN0065 document, but it's still in beta and not yet publicly available. This presentation has some hints: static.linaro.org/connect/lvc20/…
Read 24 tweets
Nikolaj Schlej Profile picture
6 Apr 19
UEFI specification 2.8 is out, will highlight some interesting (at least to me) changes and additions compared to the to the previous one - 2.7B.
uefi.org/sites/default/…
New chapter on serial device identification and a corresponding update of SERIAL_IO_PROTOCOL to include DeviceTypeGuid.
Lots of additions related to REST and JSON: new EFI_REST_EX_PROTOCOL, a converter from JSON to C structures and back (EFI_REST_JSON_STRUCTURE), a new type of REST_STYLE_FORMSET that contains REST-configurable HII forms, JSON support for capsule update mechanism, etc.
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @NikolajSchlej has new unrolls!

Check out other threads from @NikolajSchlej!

Read all threads by @NikolajSchlej

:(