Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36027 )
Change subject: nb/intel/nehalem: Add a VBOOT TPM init workaround
......................................................................
Patch Set 5: Code-Review-1
This is really undermining basic assumptions in vboot (e.g. that the firmware TPM NVRAM space is always writable during firmware verification, so I would rather not go in this direction, even behind a Kconfig. One of the vboot platform requirements is that the platform can reset itself, including the TPM. If a platform can't do that, then it can't fully run vboot (it should set MOCK_SECDATA instead).
Can you explain more about why/when this reset is needed? Why can't you just reset the whole board (including TPM) in that case instead?
--
To view, visit
https://review.coreboot.org/c/coreboot/+/36027
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I238b30866f78608c414de877b05a73cf8fdb9bbd
Gerrit-Change-Number: 36027
Gerrit-PatchSet: 5
Gerrit-Owner: Arthur Heymans
arthur@aheymans.xyz
Gerrit-Reviewer: Aaron Durbin
adurbin@chromium.org
Gerrit-Reviewer: Aaron Durbin
adurbin@gmail.com
Gerrit-Reviewer: Arthur Heymans
arthur@aheymans.xyz
Gerrit-Reviewer: Furquan Shaikh
furquan@google.com
Gerrit-Reviewer: Joel Kitching
kitching@google.com
Gerrit-Reviewer: Julius Werner
jwerner@chromium.org
Gerrit-Reviewer: Martin Roth
martinroth@google.com
Gerrit-Reviewer: Naresh Solanki
naresh.solanki@intel.com
Gerrit-Reviewer: Patrick Georgi
pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph
siro@das-labor.org
Gerrit-Reviewer: Philipp Deppenwiese
zaolin.daisuki@gmail.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Paul Menzel
paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Mon, 14 Oct 2019 20:46:23 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
