During my master thesis I have to understand to some degree how one can use the TPM for security.
I have been testing on a Thinkpad x270. With Linux and tpm2-tools I have managed to take the ownership and set owner password etc.
But when booting the machine into BIOS settings I can just clear the TPM (delete all passwords and keys), without any form of authentication.
So my question is, is it possible to protect the “clear TPM” mechanism with a password, such that anybody cannot just boot into BIOS and clear all the stored crypto keys and owner password etc?