Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46432 )
Change subject: security/vboot: Make mrc_cache hash functions generic ......................................................................
Patch Set 17:
(3 comments)
https://review.coreboot.org/c/coreboot/+/46432/1/src/security/vboot/mrc_cach... File src/security/vboot/mrc_cache_hash_tpm.c:
https://review.coreboot.org/c/coreboot/+/46432/1/src/security/vboot/mrc_cach... PS1, Line 28: if (!vboot_recovery_mode_enabled())
For now I've split the current CL into CL1-5. I still have to do CL6-8.
Done
https://review.coreboot.org/c/coreboot/+/46432/4/src/security/vboot/mrc_cach... File src/security/vboot/mrc_cache_hash_tpm.c:
https://review.coreboot.org/c/coreboot/+/46432/4/src/security/vboot/mrc_cach... PS4, Line 26: uint32_t hash_idx = vboot_recovery_mode_enabled() ? : MRC_REC_HASH_NV_INDEX : MRC_RW_HASH_NV_INDEX;
Instead of identifying what hash_idx to use here, I think it would be better to let the caller imple […]
Done
https://review.coreboot.org/c/coreboot/+/46432/10/src/security/vboot/secdata... File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/c/coreboot/+/46432/10/src/security/vboot/secdata... PS10, Line 246: static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
Since you now already restricted this to TPM2 in the last patch, you could also just take out all of […]
Will be done in later CL.