Hello build bot (Jenkins), Aaron Durbin,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46772
to look at the new patch set (#2).
Change subject: security/vboot: fix policy digest for nvmem spaces ......................................................................
security/vboot: fix policy digest for nvmem spaces
This CL fixes the policy digest that restricts deleting the nvmem spaces to specific PCR0 states for Chrome OS case. For the general case, the CL captures the issues with the currently used digest in the comment. Fixing the general case is only possible after understanding in which states the nvmem spaces should be deletable, so this CL doesn't attempt to fix it.
BRANCH=none BUG=b:140958855 TEST=verified that nvmem spaces created with this digest can be deleted in the intended states, and cannot be deleted in other states (test details for ChromeOS - in BUG comments).
Change-Id: I3cb7d644fdebda71cec3ae36de1dc76387e61ea7 --- M src/security/vboot/secdata_tpm.c 1 file changed, 37 insertions(+), 4 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/72/46772/2