tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR banks

Implement a TPM 2.0 menu item that allows a user to toggle the activation
of PCR banks of the TPM 2.0. After successful activation we shut down the
TPM 2.0 and reset the machine.


A TPM 2.0 may have multiple PCR banks, such as for SHA1, SHA256, SHA384,
SHA512, and SM3-256. One or multiple of those banks may be active (by
factory for example) and modifying the set of active PCR banks is only
possible while in the firmware since it requires platform authorization.
Platform authorization is not possible for a user when in the OS since
the firmware generates a random password for the platform authorization
before booting the system and it throws that password away.

Signed-off-by: Stefan Berger <>
2 files changed
tree: 47b743c1684dea95535dbdb8c803b67271d723de
  1. .gitignore
  4. Makefile
  6. docs/
  7. scripts/
  8. src/
  9. vgasrc/