Keith Short has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31260 )
Change subject: coreboot: check TPM mode on normal boot ......................................................................
Patch Set 1:
(3 comments)
https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... File src/vendorcode/google/chromeos/cr50_enable_update.c:
https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... PS1, Line 15: Comment from Julius Werner on original CL:
Should probably rename this file now, maybe just chromeos/cr50.c
We could also consider moving the whole thing to something like src/security/tpm/tss/vendor/cr50/boot_hooks.c (that directory didn't exist yet when this was added but may be a better place, because really you want to run this even if you compile without CONFIG_CHROMEOS as long as your board has a Cr50).
https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... PS1, Line 84: if (vboot_recovery_mode_enabled()) Vadim - what's the rationale for skipping the Cr50 update check when recovery mode is enabled? Is this still needed? Should we always reboot the Cr50 if the key-ladder is disabled regardless of recovery mode?
https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... PS1, Line 123: elog_add_event(ELOG_TYPE_CR50_NEED_RESET); I have a separate CL that adds the ELOG_TYPE_CR50_NEED_RESET event type into mosys.