Attention is currently required from: Hung-Te Lin, Jason Glenesk, Raul Rangel, Jakub Czapiga, Matt DeVillier, Fred Reitberger, Felix Held.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/66909 )
Change subject: vboot: Add VBOOT_CBFS_INTEGRATION support ......................................................................
Patch Set 18:
(4 comments)
File src/security/vboot/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/66909/comment/e143c530_9bde7199 PS15, Line 104: bootblock-y += secdata_mock.c
I built firmware with this change, but with CBFS_VERIFICATION=y and VBOOT_CBFS_INTEGRATION=n. […]
The parentheses aren't right, that's why you get that error. You're running on a board with early EC sync enabled, so the TPM code should be built into romstage. You wrote `!verstage && !(romstage && ec_sync && (secdata change))` but it should be `!verstage && !(romstage && ec_sync) && (secdata change)`.
Not sure what you mean with your question. vboot_save_data() can be called in the cbfs_file_hash_mismatch() path from any stage, but when called in that path we know that no TPM updates will be necessary (because that path just calls vb2api_fail() which only touches NVRAM, not secdata).
File src/soc/amd/stoneyridge/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/66909/comment/d8ace9d4_0e4fa898 PS18, Line 40: postcar-y += i2c.c I think you should no longer need this
File src/soc/qualcomm/ipq40xx/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/66909/comment/6b493d69_b06e0c67 PS18, Line 7: bootblock-y += i2c.c and this
File src/soc/qualcomm/ipq806x/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/66909/comment/db3b9dac_a7a4107a PS18, Line 7: bootblock-y += i2c.c and this