I am currently using Laptop with Dasharo Coreboot. It may get Heads support soon, which would also be very interesting.
Afaik when disabling the Intel ME, the TPM is broken. Using a Nitrokey instead sounds like a good idea.
It would guarantee a second, hardware based factor, that couls be backed up and transferred though.
Does this already work?
Where did you get the info from that the TPM is broken without Intel ME?
Heads relies on the OEM TPM for the measured boot. The Nitrokey is not a TPM replacement with Heads, but used to verify the firmware is unaltered between boots. And you can’t back it up, Heads generates the credentials on the Nitrokey but provides a secondary verification in case the key breaks.
The dasharo coreboot tells me that itself. When turning off the intel ME, the TPM is broken.
But I need to do a harware flash myself, currently the device is software flashed through Dasharo Tools suite only.
Heads is not yet supported but that will be great, will absolutely switch
Ok, well, since Intel Skylake the CPU have an internal TPM. So, if your Laptop is not older, it will appear once the Heads project manages to support the platform. If it is older, it must be a limitation with the coreboot build. Perhaps, the Dasharo tool can then even be used for flashing at that point. I faintly remember a youtube demo Dasharo posted where they software-flash a device from OEM to dasharo coreboot.
Yes I software flashed it from insydeh2o to dasharo but have strange issues that may need hardware flashing.
The CPU is 11th gen and the Laptop soon EOL, will see what to do after that
I wonder if the fact that you believe disabling the Intel ME would break the TPM, is not a confusion about TPM-physical device and an fTPM? The later is a flaky Wintel implementation of a TPM by software and it effectively runs inside the ME co-processor (meaning there is no real physical TPM hardware.) So in effect you cannot disable the ME if you want to run the fTMP scheme.
To my knowledge, having a TPM device (physical) works in all cases with the ME disabled via HAP strap, from architectures Skylake/Kabylake (6th and 7th gen) to Alderlake 12th gen. It even works perfectly well if the ME firmware was cleansed (not only disabled, but also neutralized using the me_cleaner project) - unfortunately this was only possible with firmware 11.x and previous versions of the calamitous ME implementation.
Interesting. Dasharo tells me that the Clevo NV41MZ, 11th gen, has no TPM or that disabling ME breaks it.
I am a bit confused about me_cleaner.
Do I need to run this even if the flashrom process for a maximized image deletes all contents?
You need not worry about me_cleaner, since the Clevo model you mention has a 11th gen Core/Architecture. Unfortunately, me_cleaner worked for generations up to KabyLake 7th gen and then it was not possible to clean the ME region of the SPI flash anymore.
I’m not sure what that means. It could be that this particular model has a motherboard without a physical TPM chip installed. Therefore maybe it runs a software fTPM and the ME co-processor cannot be disabled because of this (it runs inside it)
It could also just be an error in documentation or specifications, this happens frequently.
You would have to ask their support for details.
So this is not the case yet? To my knowledge, Coreboot/Heads needs both a TPM (or maybe an fTPM software implementation provided by the CSME) and an external USB Security device (like i.e. Nitrokey3) as remote attestation of untampered state. Without either a TPM/fTPM or an external ToKey, boot chain state cannot be proved untampered.
Afaik Clevo provides factory options for a discrete TPM. So, it can be yours has one, or not, depending where you bought it.
That aside, I’ve come across this issue, which shows it’s not trivial to support switch from fTPM to dTPM if you want to have it configurable - which is the case for dasharo. To test, switch ME de-/activation and observe what shows up in ls /sys/class/tpm.
@ion Thank you for the good infos!
I didnt know that about me_cleaner. Dasharo simply allows to set that one Bit that determines if the ME is on or off. The NSA forced Intel to implement this, because of security concerns.
Cool, huh?
But not running at all without the ME is bad…
Dasharo’s UI tells me that my TPM is not working when disabling the ME, and in Linux I have no TPM device shown.
Interesting point about the dedicated TPM! That would make a lot of sense.
Do you know if TPM chips can simply be bought and soldered in? I kinda dont plan on replacing that laptop soon, but yes, Heads + TPM would be a big improvement.
I know that 3mdeb makes a TPM module, but no idea where that is used, I assume only in desktop PCs like the ones they port Dasharo to.
To my knowledge, Coreboot/Heads needs…
On my Thinkpad T430 with an outdated TPM it tells me “no TPM found, measuring in the system” or something, so it does the measurement itself.
I guess that is flawed if attackers could flash a malicious variant of Heads? Maybe not if the drive is LUKS encrypted from Heads.
That would make sense! I got mine used from a seller from England, so likely it is simply missing.
I will check the Clevo Website (if it can even be found…) for such a part to buy.
Or do you know a TPM that can be placed in a NV41?
Do you know about the differences between 11th and 12th Gen NV41?
I don’t know your T430 setup, but you can simply check cat /sys/class/tpm/tpm0/owned to see if the TPM (1.2) is used. Heads definetely uses it on my nitropad x230. Because of the secondary nitrokey factor, I’d be pressed to make an assessment how much the TPM being outdated (1.2) theoretically matters.
The 3mdeb tpm module you probably refer to is an MSI OEM, not made by 3mdeb. They sell it, because these optional parts are difficult to get. I’d be surprised, if the Clevo notebook chassis has a connector to plug a TPM module or even different mainboard designs, but don’t know any details/ generational differences. You should definetely see the labeled 20-pin connector or empty/populated soldering place for the TPM on any picture of the mainboard. TBH that is a lot tinkering, if it needs to have a dedicated TPM. I’d personally leave the Notebook intact and maybe sell it secondhand, rather than try upgrade it. After all, these generations should still be Intel supported for microcode/me updates. So, anyone wanting to use regular secureboot can do so.
