Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/41100 )
Change subject: security: tcg-2.0: Ignore data payload for errors, fix Cr50 boot mode ......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... File src/security/tpm/tss/tcg-2.0/tss_marshaling.c:
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... PS1, Line 556: ibuf_nr_read(ib) == resp->hdr.tpm_size
- The proper size would be verified for all responses in line 594; […]
Why would we make a difference between vendor commands and standard commands? I think vendor commands should follow the standard commands in how they are specified -- so either we say that the contents of the response payload are clearly specified for all commands (standard and vendor) and we can do some more specific processing like in this patch set, or we say that it's not exactly clear how the error response looks for any of them and we don't interpret it at all (like I did in Patch Set 2 now).