tpm: Add a menu for TPM configuration

This patch adds an new menu entry to the main menu. This menu item enables
the user to enter a TPM control menu which allows control of those aspects
of the TPM's state that can only be controlled while in the firmware
and while physical presence can be asserted.

If the machine has a TPM, the boot menu will look as follows, with
the new menu item accessible by pressing the 't' key.

Select boot device:

1. ata0-1: QEMU HARDDISK ATA-7 Hard-Disk (6144 MiBytes)
2. Legacy option rom
3. iPXE (PCI 00:03.0)

t. TPM Menu

Upon pressing t the TPM submenu will be shown:

The Trusted Platform Module (TPM) is a hardware device in this machine.
It can help verify the integrity of system software.

The current state of the TPM is:
  Enabled and active
  Ownership has not been taken
  A user can take ownership of the TPM

Available options are:
 d. Disable the TPM
 v. Deactivate the TPM
 p. Prevent installation of an owner

If no change is desired or if this menu was reached by mistake, press ESC to
reboot the machine.

The TPM menu only shows those options that are currently accessible considering
the state of the TPM.

The patch adds several functions for sending those messages to the TPM
required for supporting those menu items.

Signed-off-by: Stefan Berger <>
5 files changed
tree: f075892f01d684d7b8d8a6e8da44ebef06141059
  1. docs/
  2. scripts/
  3. src/
  4. vgasrc/
  5. .gitignore
  8. Makefile