And, if it is a problem, isn't the proper solution to push tpm init earlier - which, in the replay case, seems to automatically solve any issues because any further measurement is done at the time the stage is loaded?

Pushing TPM init into the bootblock causes practical issues on many platforms with bootblock size restrictions, and the benefit is questionable. We'd still have to measure the bootblock itself retroactively after all, so I don't think doing the same for the verstage really makes a big difference. Like you mentioned this is what the existing solution already does too, so I don't think anyone really has a concern with that (the concern rather seems to be between verstage and ramstage, but as mentioned when CONFIG_VBOOT is on we still start extending hashes in verstage with this patch). There's also always CONFIG_SEPARATE_VERSTAGE=n to close this gap if desired.

Since it already seems to be hard enough to get consensus on this patch as is, I'd like to keep the discussions focused on what this patch does vs. the previous implementation (hopefully we can come to agree that it doesn't reduce any security guarantees, and merge it). Let's leave concerns that the currently implementation doesn't solve either for another time.

View Change

To view, visit change 35077. To unsubscribe, or for help writing mail filters, visit settings.