Werner Zeh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35645 )
Change subject: vboot: Fix wrong algorithm in TCPA log for BOOT_MODE ......................................................................
Patch Set 2: Code-Review-1
The reason for this change is the following entry in the TCPA log when VBOOT is enabled on mc_bdx1 (fsp_broadwell_de) with TPM2:
PCR-0 62571891215b4efc1ceab744ce59dd0b66ea6f73 SHA256 [VBOOT: boot mode] PCR-1 a66c8c2cda246d332d0c2025b6266e1e23c89410051002f46bfad1c9265f43d0 SHA256 [VBOOT: GBB HWID]
This two PCRs claim to have the same algorithm used for hashing (SHA256) but for boot mode the entry is clear too short as it just has 20 bytes (which would be SHA1 instead of SHA256). So in this case it is just wrong that SHA256 is reported.
I do not want to break the expectations that OS has on VBOOT, just had to less background. But still it is wrong. We need to find a better way to fix it.