Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34510 )
Change subject: security/vboot: Add Support for Intel PTT ......................................................................
Patch Set 6: Code-Review-1
VBOOT_MOCK_SECDATA is actually used if you want to do VBOOT without a TPM. We just stub every function (except the NVRAM read) and go with it. When Intel PTT is used, we do not have access to NVRAM, but we can e.g. extend PCRs. So we can do a verified and measured boot with PTT, if we do not use the NVRAM for antirollback. So in my opinion it's a different functionality and should not be merged with VBOOT_MOCK_SECDATA.
Well, in that case we'll need to add clean new options to model this difference, though. I don't want if (TPM_VENDOR_DETAILS) splattered all over vboot code. "secdata" specifically refers to NVRAM spaces, so keeping that name for things that ignore NVRAM spaces makes sense. We only used it to guard some other things because we never had a case where those things were available but NVRAM is not. Maybe it's as simple as switching those to check (CONFIG(TPM1) || CONFIG(TPM2)) instead? (It would probably be a good idea to split the non-secdata TPM stuff into a separate file, then.)