Attention is currently required from: Nico Huber, Christian Walter. Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/64418 )
Change subject: security/tpm/crtm.c: Fix !CONFIG_BOOTBLOCK_IN_CBFS measuring ......................................................................
Patch Set 1:
(1 comment)
File src/security/tpm/tspi/crtm.c:
https://review.coreboot.org/c/coreboot/+/64418/comment/474a8c26_cf37691a PS1, Line 74: } /* else: TODO: Add SoC specific measurement methods. */
Shouldn't we still return an error? or is this merely a best-effort measuring? IOW, should people know that the measuring is incomplete?
I think nothing else ever gets measured if this fails.
(TBH, I don't understand self-measuring generally. It wouldn't make a difference if we'd use a pre-computed hash, would it?)
I think this codes dates from when this was not done in bootblock. Self-measuring might be useful if the binary you build != binary loaded, e.g. with APL TXE fixing up FIT. Not sure though...