Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35077 )
Change subject: security/vboot: Decouple measured boot from verified boot ......................................................................
Patch Set 63:
Patch Set 63:
Hi Patrick, can you clarify your concern? Do you think this approach is somehow less reliable than the previous one? If VBOOT is enabled, then all of coreboot is verified (and therefore trusted) anyway, so I don't see how it makes a difference at what point exactly in coreboot we're writing the hashes to the TPM. If VBOOT isn't enabled, you can't trust any of the code and a malicious bootblock/verstage could have extended bad hashes already. In essence this is not doing anything that the older version didn't already do for bootblock and verstage, it's just doing that for romstage and ramstage as well because it greatly simplifies the design.
I fully understand the technical reasons to replay the TCPA log and that it simplifies the design a lot. In case of disabled VBOOT you could still write-protect the bootblock (CB:32705 could be extended to do that), which acts then as CRTM and then do a measured boot.
A *measured boot* is by definition extending the PCR *before* running the measured code. However by only putting it into TCPA log it's no a measured boot at all. I'm fine with this commit as long as it is documented and called "hashed boot" or something.