Attention is currently required from: Andrey Pronin, Julius Werner, Yu-Ping Wu.
Miriam Polzer has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/59097 )
Change subject: security/vboot: Add NVRAM counter for TPM 2.0
......................................................................
Patch Set 7:
(1 comment)
File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/c/coreboot/+/59097/comment/24ac72e0_505edc98
PS3, Line 150: .TPMA_NV_NO_DA = 1,
(thought this was addressed already, but looks like it hasn't been yet)
Ah, now I understand. So the reason to have it is that it doesn't hurt and we want authorization failures not to count towards DA? Is the scenario here some kind of denial of service attack? Will add NV_NO_DA to the new counter as well then.
--
To view, visit
https://review.coreboot.org/c/coreboot/+/59097
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I511dba3b3461713ce20fb2bda9fced0fee6517e1
Gerrit-Change-Number: 59097
Gerrit-PatchSet: 7
Gerrit-Owner: Miriam Polzer
mpolzer@google.com
Gerrit-Reviewer: Andrey Pronin
apronin@chromium.org
Gerrit-Reviewer: Julius Werner
jwerner@chromium.org
Gerrit-Reviewer: Yu-Ping Wu
yupingso@google.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-Attention: Andrey Pronin
apronin@chromium.org
Gerrit-Attention: Julius Werner
jwerner@chromium.org
Gerrit-Attention: Yu-Ping Wu
yupingso@google.com
Gerrit-Comment-Date: Fri, 19 Nov 2021 14:13:32 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Miriam Polzer
mpolzer@google.com
Comment-In-Reply-To: Andrey Pronin
apronin@chromium.org
Comment-In-Reply-To: Julius Werner
jwerner@chromium.org
Gerrit-MessageType: comment
