Philipp Deppenwiese has posted comments on this change. ( https://review.coreboot.org/22106 )
Change subject: security/tpm: Set up generic TSPI ......................................................................
Patch Set 44:
(10 comments)
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c File src/security/tpm/tspi/tspi.c:
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c@62 PS44, Line 62: return TPM_E_MUST_REBOOT;
This is changing behavior... the old code just fell through to SUCCESS here. […]
Ack
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c@124 PS44, Line 124: if (IS_ENABLED(CONFIG_TPM_DEACTIVATE))
This should probably go above the enable/activate part below and then directly goto out, otherwise y […]
Ack
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c@148 PS44, Line 148: #if IS_ENABLED(CONFIG_TPM1)
Please use […]
Ack
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c@167 PS44, Line 167: uint32_t tpm_extend_pcr(int pcr, uint8_t *digest, uint8_t *out_digest)
I'm still really not sure what this function does. […]
Normally by extending a PCR, a TCPA log is generated as well. I will add more code here in later patches
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss.c File src/security/tpm/tss/tcg-2.0/tss.c:
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss.c@... PS44, Line 309: uint32_t tlcl_define_space(uint32_t space_index, size_t space_size, const TPMA_NV nv_attributes, const uint8_t *nv_policy)
80 character limit
Done
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss.c@... PS44, Line 330: nvds_cmd.publicInfo.attributes = nv_attributes;
It is weird that one of the arguments of the function only applies if the other one is not NULL, and […]
Done
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss_st... File src/security/tpm/tss/tcg-2.0/tss_structures.h:
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss_st... PS44, Line 133: #define KERNEL_NV_INDEX 0x1008
Why are these duplicated here? With your changes you shouldn't need them in the TSS code anymore, ri […]
yes, just a leftover. The changes are a way too complex.
https://review.coreboot.org/#/c/22106/44/src/security/vboot/antirollback.h File src/security/vboot/antirollback.h:
https://review.coreboot.org/#/c/22106/44/src/security/vboot/antirollback.h@2... PS44, Line 29: #define REC_HASH_NV_INDEX 0x100b
Bad merge? You're just duplicating lines here...
Ack
https://review.coreboot.org/#/c/22106/44/src/security/vboot/secdata_tpm.c File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/#/c/22106/44/src/security/vboot/secdata_tpm.c@19... PS44, Line 196: VB2_SECDATA_SIZE, ro_space_attributes, pcr0_unchanged_policy));
80 character limit
Done
https://review.coreboot.org/#/c/22106/44/src/security/vboot/secdata_tpm.c@43... PS44, Line 439: return TPM_SUCCESS;
This will return success on other errors. Just do […]
Done