Andrey Pronin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/41100 )
Change subject: security: tcg-2.0: Improve error response handling, fix Cr50 boot mode ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... File src/security/tpm/tss/tcg-2.0/tss_marshaling.c:
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... PS1, Line 554: /* On errors, some subcommands do not return a payload. */ in fact, I'd even move this check before ibuf_read_be16(ib, &resp->vcr.vc_subcommand). if the RC says 'error', by default don't assume anything about the format or size of the payload. if we ever have subcommands, for which we are interested in parsing payloads in case of errors, we can add those special cases. but the default is: don't assume that the first two bytes is the suubcommand (or that you have 2 bytes) also.