Shelley Chen has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46432 )
Change subject: security/vboot: Make mrc_cache hash functions generic ......................................................................
Patch Set 3:
(4 comments)
https://review.coreboot.org/c/coreboot/+/46432/2/src/security/vboot/antiroll... File src/security/vboot/antirollback.h:
https://review.coreboot.org/c/coreboot/+/46432/2/src/security/vboot/antiroll... PS2, Line 27: MRC_
Why did we add MRC_ to this? I think we should be consistent with REC_HASH_NV_INDEX and MRC_RW_HASH_ […]
Renamed REC_HASH_NV_INDEX to MRC_REC_HASH_NV_INDEX per Julius' suggestion.
https://review.coreboot.org/c/coreboot/+/46432/1/src/security/vboot/mrc_cach... File src/security/vboot/mrc_cache_hash_tpm.c:
https://review.coreboot.org/c/coreboot/+/46432/1/src/security/vboot/mrc_cach... PS1, Line 28: if (!vboot_recovery_mode_enabled())
Removing this will immediately enable this on the FSP 2. […]
What do you think Furquan?
https://review.coreboot.org/c/coreboot/+/46432/2/src/security/vboot/mrc_cach... File src/security/vboot/mrc_cache_hash_tpm.c:
https://review.coreboot.org/c/coreboot/+/46432/2/src/security/vboot/mrc_cach... PS2, Line 67: /* Calculate hash of data read from RECOVERY_MRC_CACHE. */
This comment is stale.
Done. Removed recovery reference.
https://review.coreboot.org/c/coreboot/+/46432/1/src/security/vboot/secdata_... File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/c/coreboot/+/46432/1/src/security/vboot/secdata_... PS1, Line 169: ro_space_attributes
This is the tricky part: for the RW hash, this needs to be rw_space_attributes and no policy (simila […]
Done