Hello Philipp Deppenwiese, build bot (Jenkins), Bill XIE, Werner Zeh, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/39993 to look at the new patch set (#2). Change subject: security/tpm: Fix compile-time elimination for SEPARATE_VERSTAGE ...................................................................... security/tpm: Fix compile-time elimination for SEPARATE_VERSTAGE CB:35077 pulled TPM measurement code into the bootblock, with the catch that we'll only cache PCR extensions and not actually write them to the TPM until it gets initialized in a later stage. The goal of this was to keep the heavy TPM driver code out of the size-constrained bootblock. Unfortunately, a small mistake in the tspi_tpm_is_setup() function prevents the compiler from eliminating references to the TPM driver code in the bootblock on platforms with CONFIG_VBOOT and CONFIG_SEPARATE_VERSTAGE. In those cases vboot_logic_executed() is known at compile-time to be 0, but that still makes the final expression `return 0 || tpm_is_setup;`. We know that tpm_is_setup can never be set to 1 in the bootblock, but the compiler doesn't. This patch rewrites the logic slightly to achieve the same effect in a way that the compiler can follow (because we only really need to check tpm_is_setup in the stage that actually runs the vboot code). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870 --- M src/security/tpm/tspi/tspi.c 1 file changed, 12 insertions(+), 2 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/93/39993/2 -- To view, visit https://review.coreboot.org/c/coreboot/+/39993 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870 Gerrit-Change-Number: 39993 Gerrit-PatchSet: 2 Gerrit-Owner: Julius Werner <jwerner@chromium.org> Gerrit-Reviewer: Bill XIE <persmule@hardenedlinux.org> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Gerrit-Reviewer: Werner Zeh <werner.zeh@siemens.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org> Gerrit-CC: Aaron Durbin <adurbin@chromium.org> Gerrit-MessageType: newpatchset