Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31260 )
Change subject: coreboot: check TPM mode on normal boot ......................................................................
Patch Set 1:
(2 comments)
https://review.coreboot.org/#/c/31260/1/src/security/tpm/tss/vendor/cr50/cr5... File src/security/tpm/tss/vendor/cr50/cr50.h:
https://review.coreboot.org/#/c/31260/1/src/security/tpm/tss/vendor/cr50/cr5... PS1, Line 44: TPM_MODE_LOCKED_ENABLED
This still doesn't really seem to match what you said in CL:1446146? If the key ladder is still disa […]
I'm still rooting for something like:
0 = I2C_ENABLED_KEY_LADDER_ENABLED 2 = I2C_ENABLED_KEY_LADDER_DISABLED If we change the Cr50 code to return I2C_ENABLED_KEY_LADDER_DISABLED after an AP reset, it describes the state a bit better than returning an internal error, or just DISABLED.
I suppose Cr50 can still use 1 = I2C_DISABLED_KEY_LADDER_DISABLED internally, but there would never be any way for it to communicate this state to the outside world.
https://review.coreboot.org/#/c/31260/1/src/security/tpm/tss/vendor/cr50/cr5... File src/security/tpm/tss/vendor/cr50/cr50.c:
https://review.coreboot.org/#/c/31260/1/src/security/tpm/tss/vendor/cr50/cr5... PS1, Line 93: response->hdr.tpm_code
Agreed. […]
I had originally used TPM_E_NO_SUCH_COMMAND = 0x500d to keep the wording consistent.