Attention is currently required from: Christian Walter, Julius Werner, Paul Menzel, Yu-Ping Wu.
Yi Chou has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/79437?usp=email )
Change subject: vboot: Add firmware PCR support ......................................................................
Patch Set 6:
(1 comment)
Commit Message:
https://review.coreboot.org/c/coreboot/+/79437/comment/91b8fa9f_7a829255 : PS6, Line 24: to 10 (and we plan to use PCR 12 for kernel version).
Wait what? I thought we were planning to mix both versions into one PCR? Was there a specific reason […]
hmmm, those were discussed in go/cros-arm-widevine-cert
A potential advantage of separating them into two different PCRs is we can do the "double extended" prevention on the GSC side if we really need it. (Although I hope we don't need it.)
The "double extended prevention" on PCR0: https://chromium-review.googlesource.com/c/chromiumos/third_party/tpm2/+/433...
I think that should be a good reason to use an extra PCR for that.