Keith Short has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31260 )
Change subject: coreboot: check TPM mode on normal boot ......................................................................
Patch Set 1:
(1 comment)
Patch Set 1:
(2 comments)
as a general comment: adding any tpm communication to the main boot flow adds something like 8 ms to the boot time, it should be avoided unless absolutely necessary.
The VENDOR_CC_TURN_UPDATE_ON command could be modified on the Cr50 side to also automatically check the key-ladder state and reboot itself. This would eliminate the extra TPM command. But this change can't be made until 4.14, and Wilco devices will need this support before then.
https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... File src/vendorcode/google/chromeos/cr50_enable_update.c:
https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... PS1, Line 96: tlcl_cr50_enable_update
isn't this command goiong to timeout if tpm is disabled?
Before launching the alternate OS, TPM is disabled. However the AP reboot causes the Cr50 to re-enable TPM, but leave the key ladder disabled. So this command does complete normally.