Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36027 )
Change subject: [WIP]nb/intel/nehalem: Add a VBOOT TPM init workaround ......................................................................
Patch Set 6:
Patrick also stated a somewhat similar use case where TXT already initializes the TPM before VBOOT. How unreasonable is it to provide a hook in the TPM init to deal tlcl_startup() failure if one knows the TPM has already been initialized? This is quite similar to what is done on the S3 path in tpm_setup_s3_helper(). This could be unified to deal with other situations where the TPM is known to be initialized prior to VBOOT?
I guess if you tried to sell it as a TPM library option rather than a vboot hack, that makes it look more reasonable. But then are we just going to skip the tlcl_startup() entirely, or are we going to send it but ignore errors? The former seems cleaner for the TXT case but wouldn't work for you. If they're okay doing the latter for TXT, I guess we can do that (and add an option like TPM_STARTUP_IGNORE_POSTINIT).
Another really hacky option might be to make sure vboot_platform_is_resuming() returns true for the second boot, and pretend it's an S3 resume. That's not any better than this patch, but at least it would contain those hacks within the platform.
Your last suggestion seems to work but if one request recovery version checking should be disabled but this is not the case anymore, so this is actually worse than with the quirk handling.
I don't really understand what you're saying here, but it sounds like it's not worth trying that direction.