Attention is currently required from: Christian Walter, Arthur Heymans, Werner Zeh. Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/64418 )
Change subject: security/tpm/crtm.c: Fix !CONFIG_BOOTBLOCK_IN_CBFS measuring ......................................................................
Patch Set 1:
(1 comment)
File src/security/tpm/tspi/crtm.c:
https://review.coreboot.org/c/coreboot/+/64418/comment/6b88a32a_00ab566c PS1, Line 74: } /* else: TODO: Add SoC specific measurement methods. */
Well, self-measuring makes sense when there is a different root of trust which ensures that the firs […]
Well, it doesn't make sense when the loaded and the measured pieces come from different places, i.e. what was measured here may or may not have been what was verified as trustworthy. Arthur's change just made a very severe bug visible, AFAICT.
So this is not about keeping functionality. For APL, it would have to be imple- mented first.
What is your BtG setup btw.? Can't it measure the bootblock for you? I never looked into it closely.