Attention is currently required from: Matt DeVillier, Christian Walter.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74856 )
Change subject: security/tpm: Add Kconfig to allow payload control of TPM1 ......................................................................
Patch Set 2:
(1 comment)
Patchset:
PS2:
ok, I tested with CONFIG_NO_TPM selected, and the TPM was no longer manageable from the payload (no […]
Well, did you rewrite your payload to actually send the TPM_Startup command, then? I'm not saying that NO_TPM is an exact drop-in replacement for what your patch does here, but I'm saying that the payload should be written to expect and work with the NO_TPM state instead.
If there are other consequences (e.g. ACPI table setup) of this that make that a problem for your payload, can you track down explicitly where that happens and how it is controlled? In general, the coreboot Kconfig tries to maintain a difference between "there's a TPM chip physically on the board" (CONFIG_MAINBOARD_HAS_TPMx) and "coreboot is communicating with the TPM" (CONFIG_TPMx). Maybe whatever ACPI table info you need should be keyed off a separate Kconfig that only depends on the former but not the latter.