Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35077 )
Change subject: security/vboot: Decouple measured boot from verified boot ......................................................................
Patch Set 70: Code-Review+2
(5 comments)
https://review.coreboot.org/c/coreboot/+/35077/27/src/lib/bootblock.c File src/lib/bootblock.c:
https://review.coreboot.org/c/coreboot/+/35077/27/src/lib/bootblock.c@73 PS27, Line 73: !CONFIG(VBOOT) && CONFIG(TSPI_MEASURED_BOOT)
Reverted to this, for what is observed in https://qa.coreboot. […]
Done
https://review.coreboot.org/c/coreboot/+/35077/61/src/security/tpm/tspi/crtm... File src/security/tpm/tspi/crtm.c:
https://review.coreboot.org/c/coreboot/+/35077/61/src/security/tpm/tspi/crtm... PS61, Line 143: case CBFS_TYPE_MRC:
This, too, is probably correct but should be a separate patch.
Done
https://review.coreboot.org/c/coreboot/+/35077/61/src/security/tpm/tspi/crtm... PS61, Line 143: case CBFS_TYPE_MRC:
This, too, is probably correct but should be a separate patch.
Done
https://review.coreboot.org/c/coreboot/+/35077/5/src/security/vboot/Kconfig File src/security/vboot/Kconfig:
https://review.coreboot.org/c/coreboot/+/35077/5/src/security/vboot/Kconfig@... PS5, Line 16: menu "vboot functionalities"
I think you should move all the measured boot stuff (i.e. […]
Done
https://review.coreboot.org/c/coreboot/+/35077/27/src/security/vboot/vboot_l... File src/security/vboot/vboot_logic.c:
https://review.coreboot.org/c/coreboot/+/35077/27/src/security/vboot/vboot_l... PS27, Line 329: if (CONFIG(TSPI_MEASURED_BOOT) && : !(ctx->flags & VB2_CONTEXT_S3_RESUME)) { : if (tspi_init_crtm() != VB2_SUCCESS)
I may have to conclude that TSPI_MEASURED_BOOT cannot be decoupled from VBOOT on platforms with only […]
No longer relevant.