Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35077 )
Change subject: security/vboot: Decouple measured boot from verified boot ......................................................................
Patch Set 70:
Okay Philipp, this doesn't work. You can't just keep -2ing this patch with a one-liner justification but completely refuse to discuss any of the technical details. I have now repeatedly asked you to clarify how this is any worse than the existing implementation (because it isn't) both in this CL and through other channels but there's just nothing but silence from you. Please remember our official Gerrit Guidelines which state:
- If you give a patch a -2, you are responsible for giving concrete
recommendations for what could be changed to resolve the issue the patch addresses. If you feel strongly that a patch should NEVER be merged, you are responsible for defending your position and listening to other points of view. Giving a -2 and walking away is not acceptable
Please re-read my comment from Feb 25 above and respond to it. This patch *changes absolutely nothing* about when hashes get extended to the TPM for your existing use case! It is just rewriting logic to do essentially exactly the same thing in a cleaner way, with better coverage for edge cases (e.g. other files loaded from the bootblock) and supporting a new operation mode that you don't need to use if you're concerned about it's security guarantees. If you still have concerns despite that, please describe them concretely in a response with more than one sentence.