Okay Philipp, this doesn't work. You can't just keep -2ing this patch with a one-liner justification but completely refuse to discuss any of the technical details. I have now repeatedly asked you to clarify how this is any worse than the existing implementation (because it isn't) both in this CL and through other channels but there's just nothing but silence from you. Please remember our official Gerrit Guidelines which state:

• If you give a patch a -2, you are responsible for giving concrete
• recommendations for what could be changed to resolve the issue the patch
• addresses. If you feel strongly that a patch should NEVER be merged, you
• are responsible for defending your position and listening to other points
• of view. Giving a -2 and walking away is not acceptable

Please re-read my comment from Feb 25 above and respond to it. This patch *changes absolutely nothing* about when hashes get extended to the TPM for your existing use case! It is just rewriting logic to do essentially exactly the same thing in a cleaner way, with better coverage for edge cases (e.g. other files loaded from the bootblock) and supporting a new operation mode that you don't need to use if you're concerned about it's security guarantees. If you still have concerns despite that, please describe them concretely in a response with more than one sentence.

View Change

To view, visit change 35077. To unsubscribe, or for help writing mail filters, visit settings.