Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/40579 )
Change subject: vboot: Add permission check for kernel space ......................................................................
Patch Set 3:
(2 comments)
https://review.coreboot.org/c/coreboot/+/40579/3/src/security/vboot/secdata_... File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/c/coreboot/+/40579/3/src/security/vboot/secdata_... PS3, Line 72: #if !CONFIG(TPM2) Please write this in C instead (i.e. 'if (CONFIG(TPM2)) {...}').
https://review.coreboot.org/c/coreboot/+/40579/3/src/security/vboot/secdata_... PS3, Line 82: TlclGetPermissions Hmm, crap, it looks like TlclGetPermissions() was never ported to coreboot, so you'll have to do that first. It's probably better to copy the older pre-2016 version (https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_referen...) rather than the current, more complicated one in vboot today using TlclGetSpaceInfo(). This should go in src/security/tpm/tss/tcg-1.2/tss.c (following coreboot code style there). Looks like we already have tpm_getpermissions_cmd in tss_commands.h.