Attention is currently required from: Christian Walter, Tim Van Patten.
Subrata Banik has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/79736?usp=email )
Change subject: security/tpm: Retrieve factory configuration for TI50 devices ......................................................................
Patch Set 2:
(3 comments)
Commit Message:
https://review.coreboot.org/c/coreboot/+/79736/comment/fc799ce3_3bdfcb83 : PS1, Line 9: This patch enables retrieval of factory configuration data from : TI50 TPM devices.
I think it's worth checking with the GSC team to verify the validity of that comment.
I trust go/cr50-board-id-in-factory more though, since it's explicit about version numbers:
To get/set the factory config, it requires Cr50 firmware version >= 0.{5,6}.170, or Ti50 firmware version >= 0.{23,24}.30.
For reference, Monkey Island is running CR50 `0.5.201`, which is new enough to support the command as well (based on the values listed).
Further evidence it's supported by the CR50 is the CL that added those values:
cr50: Add get/set factory config command codes.
The bug that added them (b/275356839) also mentions both the CR50 and TI50.
i have executed this cmd on cr50 and ti50 devices, no error return. assuming things are support on both security chip.
File src/security/tpm/tss/tcg-2.0/tss_structures.h:
https://review.coreboot.org/c/coreboot/+/79736/comment/7ad99147_d324e13f : PS1, Line 359: uint8_t factory_config;
Can we make this a `uint64_t` now, so it matches what the GSC returns and we can avoid growing it in […]
Acknowledged
File src/security/tpm/tss/vendor/cr50/cr50.c:
https://review.coreboot.org/c/coreboot/+/79736/comment/56c23174_c6dfc070 : PS1, Line 213: *factory_config = response->vcr.factory_config;
This looks odd. […]
Acknowledged