Attention is currently required from: Joel Kitching, Andrey Pronin, Julius Werner, Aaron Durbin. Aseda Aboagye has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/52919 )
Change subject: vboot/secdata_tpm: Create FWMP space in coreboot ......................................................................
Patch Set 7:
(3 comments)
File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/c/coreboot/+/52919/comment/b4e28426_2272e3ed PS1, Line 420: /* : * Set initial values of secdata_firmware space. : * kernel space is created in _factory_initialize_tpm(). : */ : vb2api_secdata_firmware_create(ctx); Does anyone know if there's any particular reason this is done prior to _factory_initialize_tpm()? Is there any sort of dependency here?
File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/c/coreboot/+/52919/comment/26a91f88_baf3a057 PS5, Line 200: VB2_SECDATA_FWMP_MAX_SIZE
Actually, thinking it through again this needs to be the size of the currently used FWMP structure, […]
Ack, that does seem cleaner. I left the MRC hash space though since it seems that's more standard (HASH_NV_SIZE)?
File src/vendorcode/google/chromeos/Kconfig:
https://review.coreboot.org/c/coreboot/+/52919/comment/e8acb782_b0cbb63c PS1, Line 95: config TPM20_CREATE_FWMP
Let's just switch all boards over at once and avoid more fragmentation.
Ack, SGTM.