Attention is currently required from: Miriam Polzer, Andrey Pronin, Yu-Ping Wu. Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/59097 )
Change subject: security/vboot: Add NVRAM counter for TPM 2.0 ......................................................................
Patch Set 3:
(2 comments)
File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/c/coreboot/+/59097/comment/9bfb2a3b_ec23fbf4 PS3, Line 150: .TPMA_NV_NO_DA = 1,
NV_BITS makes it a bit index which is bit different from a counter. […]
I don't know, maybe Andrey does. Maybe there are other ways to trigger a DA lockout (like aborting transactions half-way through or something)?
https://review.coreboot.org/c/coreboot/+/59097/comment/917ef303_4bd47d80 PS3, Line 438: NULL, 0)
I think recreating the counter wont help an attacker, it will start again at a higher ot the same va […]
Oh... yeah, okay, I guess that's already designed for that purpose. Then I guess this should be good as it is.