Bill XIE has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35077 )
Change subject: security/vboot: Decouple measured boot from verified boot ......................................................................
Patch Set 63:
Let me summarize the history of this patch:
After most platform switched to C_ENVIRONMENT_BOOTBLOCK, I have been improving this patch following the ORIGINAL way: Initialize the TPM in bootblock, and measure components of CRTM right after it, but on some platform the bootblock is too small to link with vboot library and TPM-Initialization code (recorded in patchset 27~33). These platforms usually needs a verstage if VBOOT is enabled. I managed to handle this by letting these platforms initialize the TPM and CRTM on romstage, like how it is done in patchset 7. The last revision working in this way is patchset 41.
On the other hand, Julius Werner started to propose his scheme, in which digests are "cached" in TCPA log and "replayed" to PCR after TPM is Initialized, since patchset 6, and he advised me again, in patchset 40, after I met the obstacle described above, to follow his scheme, as done in revisions after patchset 41.
If Julius' scheme breaks the standard, I can revert to patchset 41 or even much earlier revision as the base for further development, but now the key problem is, what is the most proper stage in which TPM is initialized, and CRTM is settled? At least I have no idea of this.