Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34510 )
Change subject: security/vboot: Add Support for Intel PTT ......................................................................
Patch Set 12:
(2 comments)
https://review.coreboot.org/c/coreboot/+/34510/12/src/security/vboot/Kconfig File src/security/vboot/Kconfig:
https://review.coreboot.org/c/coreboot/+/34510/12/src/security/vboot/Kconfig... PS12, Line 22: select VBOOT_MOCK_SECDATA if HAVE_INTEL_PTT Can we move this select (and the comment below) in the INTEL_PTT Kconfig instead? (Or if you want to leave the comment here, just tie it to MOCK_SECDATA instead.)
https://review.coreboot.org/c/coreboot/+/34510/12/src/security/vboot/secdata... File src/security/vboot/secdata_mock.c:
https://review.coreboot.org/c/coreboot/+/34510/12/src/security/vboot/secdata... PS12, Line 72: #if CONFIG(TPM2) Please don't just hack this in here, make it clean. There should be a separate file for the things that don't depend on MOCK_SECDATA -- don't copy&paste whole functions. The vboot_setup_tpm() call should be moved directly into verstage_main() so you don't need to create another fake version antirollback_read_space_firmware().