Attention is currently required from: Christian Walter, Julius Werner, Michał Żygowski.
Filip Lewiński has posted comments on this change by Filip Lewiński. ( https://review.coreboot.org/c/coreboot/+/82695?usp=email )
Change subject: security: Allow vboot when INTEL_TXT enabled ......................................................................
Patch Set 15:
(4 comments)
File src/lib/bootblock.c:
https://review.coreboot.org/c/coreboot/+/82695/comment/a07d2e47_ee35a1e3?usp... : PS12, Line 65: */
nit: not sure this comment explains anything that isn't obvious here tbh, and since this function is […]
Removed the comment
File src/security/intel/txt/Kconfig:
https://review.coreboot.org/c/coreboot/+/82695/comment/5d069ddd_48898533?usp... : PS12, Line 19: select TPM_STARTUP_IGNORE_POSTINIT
Sorry, I don't understand why we need these changes here now. […]
Removed, leaving the file as is
File src/security/vboot/tpm_common.c:
https://review.coreboot.org/c/coreboot/+/82695/comment/2d4cedb7_4fcf1495?usp... : PS12, Line 20: probe for TPM.
This doesn't probe for TPM, `tpm_setup()` does. […]
[Removed](https://review.coreboot.org/c/coreboot/+/82695/15/src/security/vboot/tpm_com...) information about probing from the comment
https://review.coreboot.org/c/coreboot/+/82695/comment/10ecd55b_8c04a065?usp... : PS12, Line 27: printk(BIOS_ERR, "TPM Error (%#x): Can't initialize.\n", rc);
nit: this seems a bit redundant here since we know `tpm_setup()` was already called and would've alr […]
[Shortened](https://review.coreboot.org/c/coreboot/+/82695/15/src/security/vboot/tpm_com...) to just the return