Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46511 )
Change subject: security/vboot: Add new TPM NVRAM index MRC_RW_HASH_NV_INDEX ......................................................................
Patch Set 13:
(4 comments)
https://review.coreboot.org/c/coreboot/+/46511/13/src/drivers/mrc_cache/mrc_... File src/drivers/mrc_cache/mrc_cache.c:
https://review.coreboot.org/c/coreboot/+/46511/13/src/drivers/mrc_cache/mrc_... PS13, Line 183: vboot_recovery_mode_enabled() ? : MRC_REC_HASH_NV_INDEX : MRC_RW_HASH_NV_INDEX This should still be kept as MRC_REC_HASH_NV_INDEX. In the next CL, you add tpm_hash_index in the cache_region which takes care of handling recovery and non-recovery cases. The changes in this file and in mrc_cache_hash_tpm.c should be added to the next CL i.e. supporting tpm space for MRC hash in recovery and non-recovery modes. (Else, this CL on its own will break the variable data part for APL/GLK).
https://review.coreboot.org/c/coreboot/+/46511/13/src/security/vboot/antirol... File src/security/vboot/antirollback.h:
https://review.coreboot.org/c/coreboot/+/46511/13/src/security/vboot/antirol... PS13, Line 63: recovery s/recovery/MRC?
https://review.coreboot.org/c/coreboot/+/46511/13/src/security/vboot/antirol... PS13, Line 73: recovery s/recovery/MRC hash?
https://review.coreboot.org/c/coreboot/+/46511/13/src/security/vboot/antirol... PS13, Line 84: recovery s/recovery/MRC?