Attention is currently required from: Miriam Polzer, Andrey Pronin, Yu-Ping Wu.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/59097 )
Change subject: security/vboot: Add NVRAM counter for TPM 2.0
......................................................................
Patch Set 7: Code-Review+2
(1 comment)
File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/c/coreboot/+/59097/comment/df341179_a5b10e87
PS3, Line 150: .TPMA_NV_NO_DA = 1,
Ah, now I understand. […]
It's just a precaution, yeah, I don't think we really know of a concrete scenario this is supposed to prevent. But in my experience, once you get a TPM into DA defense mode it can be really annoying to get out (and break everything), so preventing it from happening in the first place is nice.
--
To view, visit
https://review.coreboot.org/c/coreboot/+/59097
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I511dba3b3461713ce20fb2bda9fced0fee6517e1
Gerrit-Change-Number: 59097
Gerrit-PatchSet: 7
Gerrit-Owner: Miriam Polzer
mpolzer@google.com
Gerrit-Reviewer: Andrey Pronin
apronin@chromium.org
Gerrit-Reviewer: Julius Werner
jwerner@chromium.org
Gerrit-Reviewer: Yu-Ping Wu
yupingso@google.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-Attention: Miriam Polzer
mpolzer@google.com
Gerrit-Attention: Andrey Pronin
apronin@chromium.org
Gerrit-Attention: Yu-Ping Wu
yupingso@google.com
Gerrit-Comment-Date: Fri, 19 Nov 2021 17:19:33 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Comment-In-Reply-To: Miriam Polzer
mpolzer@google.com
Comment-In-Reply-To: Andrey Pronin
apronin@chromium.org
Comment-In-Reply-To: Julius Werner
jwerner@chromium.org
Gerrit-MessageType: comment
