Ken Goldman <kgold@...>
On 12/26/2018 10:29 PM, James Bottomley wrote:
On Wed, 2018-12-26 at 19:23 +0000, Doug Fraser wrote:I don't know if firmware upgrade is guaranteed - depends on your definition of 'wipe it'. E.g., some (maybe all) TPMs persist theDoes anyone know if tssclear supports hardware PresenceDetect clear?This isn't a property of the command code (or the actual tssclear
EKs and EK certificates through 1.2 <-> 2.0 cycles.
Also beware that some TPMs limit the number of 1.2 <> 2.0 cycles. Thus, it's not a good soltion if you're doing this often.
I added the tss users list for better information, but TPM2_Clear()Agreed. TPM 2.0 was designed so that platform authorization could
take the place of physical presence hardware. Even with 1.2, I suspect that the command physical presence was more often used.
1 - Lockout authorization can be used for TPM2_Clear.
2 - Since both platform and lockout support policies, with enough indirection, you can get whatever you want.