[coreboot-gerrit] Change in ...coreboot[master]: coreboot: check Cr50 PM mode on normal boot

Keith Short has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31260 )

Change subject: coreboot: check Cr50 PM mode on normal boot ......................................................................

Patch Set 4:

(7 comments)

https://review.coreboot.org/#/c/31260/3/src/security/tpm/tss_errors.h File src/security/tpm/tss_errors.h:

https://review.coreboot.org/#/c/31260/3/src/security/tpm/tss_errors.h@45 PS3, Line 45: #define TPM_E_NO_SUCH_COMMAND ((uint32_t)0x00005010)

nit: I think the train for keeping this in sync with the vboot version has long since left the stati […]

Done

https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... File src/vendorcode/google/chromeos/cr50_enable_update.c:

https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... PS1, Line 84: if (vboot_recovery_mode_enabled())

Oh, okay. So I guess then we have the options: […]

Filed bug http://b/124303781 and assigned to me.

https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... PS1, Line 96: tlcl_cr50_enable_update

Before launching the alternate OS, TPM is disabled. […]

Done

https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... PS1, Line 123: elog_add_event(ELOG_TYPE_CR50_NEED_RESET);

I have a separate CL that adds the ELOG_TYPE_CR50_NEED_RESET event type into mosys.

Done: https://chromium-review.googlesource.com/c/chromiumos/platform/mosys/+/14650...

https://review.coreboot.org/#/c/31260/3/src/vendorcode/google/chromeos/cr50_... File src/vendorcode/google/chromeos/cr50_enable_update.c:

https://review.coreboot.org/#/c/31260/3/src/vendorcode/google/chromeos/cr50_... PS3, Line 69: cr50_must_reset = 1;

If this is never supposed to happen under normal circumstances, you should print a warning here.

Done

https://review.coreboot.org/#/c/31260/3/src/vendorcode/google/chromeos/cr50_... PS3, Line 96: if (vboot_recovery_mode_enabled())

I don't think the problem here is solved yet? We want to make sure we don't boot in recovery mode in […]

Filed bug http://b/124303781 and assigned to me.

https://review.coreboot.org/#/c/31260/3/src/vendorcode/google/chromeos/cr50_... PS3, Line 127: * to the FW version check.

nit: Can you please file a bug for this and assign it to someone to make sure we won't forget it?

Opened bug http://b/124304447, and assigned to me.