Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35077 )
Change subject: security/vboot: Decouple measured boot from verified boot ......................................................................
Patch Set 74: Code-Review+2
(1 comment)
We are an Open Source project right? Sometimes people are busy, vacationing or vanish for a longer time. I wouldn't call it lack of willingness to communicate. I just have to prioritize my time and the coreboot community work is currently at the end of my list. So I can see that this raised some frustration on your and persmule side. Sorry for that.
Yeah sure, it's just either you can argue against a change going in or you can withdraw from the project for a bit, you can't really do both (at least for too long). What I meant by "willingness to communicate" was just that I had no idea whether you even read the counter-arguments or when (if ever) to expect a response. Next time please just say that you're on vacation until X or you'll need two weeks to find the time to look at it in detail or something, and then we know what to expect and can give you the time.
Thanks for coming around on this issue now.
https://review.coreboot.org/c/coreboot/+/35077/72/src/security/tpm/tspi/log.... File src/security/tpm/tspi/log.c:
https://review.coreboot.org/c/coreboot/+/35077/72/src/security/tpm/tspi/log.... PS72, Line 115: int result = tlcl_extend(tce->pcr,
Done
Well, I wouldn't call it misuse, it's just killing two birds with one stone. We have the TCPA log anyway and it happens to look exactly like a PCR cache would need to look, sounds like a great opportunity to me.
Initializing the TPM in the bootblock is the obvious alternative but I really think it is inferior. We're already at the very limit for bootblock size on many boards, so doing this would both mean making this feature permanently unavailable on many boards and would also make future development much harder on other boards that would now be pushed very closely to that limit. And what for? Is there really a technical concern about this or is it just that it vaguely feels wrong? (It can't be about security because we're not extending the hashes to the TPM any later than the old solution used to.)
And doing it in the bootblock would still be less flexible, too. I'm bringing up a Qualcomm platform right now where the SPI controller that talks to the TPM needs a firmware blob loaded from CBFS to work. That's a kind of chicken and egg problem you cannot solve unless you're willing to cache hashes somewhere.