Hello build bot (Jenkins), Julius Werner, Aaron Durbin,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46772
to look at the new patch set (#4).
Change subject: security/vboot: fix policy digest for nvmem spaces ......................................................................
security/vboot: fix policy digest for nvmem spaces
This CL fixes the policy digest that restricts deleting the nvmem spaces to specific PCR0 states for Chrome OS case. For the general case, the CL captures the issues with the currently used digest in the comment. Fixing the general case is only possible after understanding in which states the nvmem spaces should be deletable, so this CL doesn't attempt to fix it.
BRANCH=none BUG=b:140958855 TEST=verified that nvmem spaces created with this digest can be deleted in the intended states, and cannot be deleted in other states (test details for ChromeOS - in BUG comments).
Change-Id: I3cb7d644fdebda71cec3ae36de1dc76387e61ea7 Signed-off-by: Andrey Pronin apronin@chromium.org --- M src/security/vboot/secdata_tpm.c 1 file changed, 37 insertions(+), 9 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/72/46772/4