Attention is currently required from: Christian Walter, Filip Lewiński, Michał Żygowski.
View Change
1 comment:
Patchset:
Patch Set #4:
and then in ramstage again
It's not run in ramstage for vboot, though. `drivers/tpm/tpm.c` (somewhat badly named, it should really be `tpm_init_in_ramstage.c`) is only linked in for `CONFIG_TPM_INIT_RAMSTAGE`, which depends on `!VBOOT`.
I don't think any approach that runs `tpm_setup()` twice is a good idea. I think the best solution here is probably to just guard the `tpm_setup()` call in `vboot_setup_tpm()` with `if (!CONFIG(TPM_MEASURED_IN_BOOTBLOCK))`. That means you'll not quite get the right TPM setup error when TPM communication failed, but vboot should still go into recovery on account of not being able to read secdata so it probably doesn't make too much of a difference.
To view, visit change 82695. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit-MessageType: comment
Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: I19dc3d910c23fcfd8732465c488f47dd86a96781
Gerrit-Change-Number: 82695
Gerrit-PatchSet: 4
Gerrit-Owner: Filip Lewiński <filip.lewinski@3mdeb.com>
Gerrit-Reviewer: Christian Walter <christian.walter@9elements.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Julius Werner <jwerner@chromium.org>
Gerrit-CC: Michał Żygowski <michal.zygowski@3mdeb.com>
Gerrit-CC: Paul Menzel <paulepanter@mailbox.org>
Gerrit-Attention: Michał Żygowski <michal.zygowski@3mdeb.com>
Gerrit-Attention: Filip Lewiński <filip.lewinski@3mdeb.com>
Gerrit-Attention: Christian Walter <christian.walter@9elements.com>
Gerrit-Comment-Date: Tue, 30 Jul 2024 21:00:44 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Michał Żygowski <michal.zygowski@3mdeb.com>
Comment-In-Reply-To: Julius Werner <jwerner@chromium.org>