Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Krystian Hebel, Sergii Dmytruk.
Daniel P. Smith has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68752 )
Change subject: [WIP] Documentation/measured_boot.md: document new TPM options ......................................................................
Patch Set 2:
(4 comments)
Patchset:
PS2: A few minor comments.
File Documentation/security/vboot/measured_boot.md:
https://review.coreboot.org/c/coreboot/+/68752/comment/389ec610_70e668ea PS2, Line 51: ### TCPA eventlog TCPA is an older term and tends to be considered as referring to the older log format for TPM1.2 days before TPM2 and UEFI TPM log format was standardized. I would recommend renaming section to "TPM Eventlog"
https://review.coreboot.org/c/coreboot/+/68752/comment/21b1c51d_189afdeb PS2, Line 181: ## Platform Configuration Register In my comments in the other changeset, I mentioned PCRs 17-22 are DRTM PCRs, but in this section it might be useful to take a moment to communicate that PCRs 0-15 are SRTM PCRs, PCR 16 is debug PCR, PCRs 17-22 are DRTM PCRs, and PCR 23 is the application/user PCR. And also mention that PCRs 16, and 23 are resetable from locality 0 and PCR 22 is resetable from locality 1.
https://review.coreboot.org/c/coreboot/+/68752/comment/c401e34e_cd60fe94 PS2, Line 184: Do you really mean that "3 or 4" PCR banks are used? Typically a PCR bank is a TPM2 term to refer to a set of 23 PCRs for a specific hash algo. Do you mean "coreboot uses first three to four PCRs with the remainder, PCRs 4 - 7, left empty."
It might also be useful to explain what the measurement and PCR bank usage strategy is, eg. 1) does the firmware directly do the hash or is it left to the TPM and 2) which PCR banks are used and when are they used. Point 2 comes from trying to discern the reasoning behind the measurement structure below, specifically why is only the SHA1 of Google vboot GBB flags is ever measured in either scheme?