Attention is currently required from: Andrey Pronin, Raul Rangel, Christian Walter, Julius Werner, Karthik Ramasubramanian. Andrey Pronin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/59475 )
Change subject: src/security/tpm: Add TPM2_NV_Increment command ......................................................................
Patch Set 1:
(2 comments)
File src/security/tpm/tss/tcg-2.0/tss.c:
https://review.coreboot.org/c/coreboot/+/59475/comment/ce7f7ab8_beb29162 PS1, Line 360: TPM_E_INC_FAILURE nit: can we just reuse TPM_E_WRITE_FAILURE instead of adding a new code?
also, we may want to do different error handling based on what's wrong (index doesn't exist vs wrong auth, for example). if that's the case it makes sense to switch on the actual response code as tlcl_read does. and if (!response) return TPM_E_IOERROR.
but of we don't care about the return code and treat it as a success flag in all callers, reusing TPM_E_WRITE_FAILURE should be enough.
File src/security/tpm/tss/tcg-2.0/tss_marshaling.c:
https://review.coreboot.org/c/coreboot/+/59475/comment/e2cabf9f_394536f9 PS1, Line 203: TPM_RH_PLATFORM nit: why not use command_body->nvIndex and rely on AUTHWRITE(authValue = NULL) here?