Bill XIE has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35077 )
Change subject: security/vboot: Decouple measured boot from verified boot ......................................................................
Patch Set 70:
Patch Set 69:
What should I do to make this patchset acceptable for YOU? The current COUPLED measurement also starts extending in bootblock, verstage, or romstage, since "verstage" could be a part of bootblock on platforms with enough space for it.
I really want a clear explanation for and discussion on why the patch set 63 approach does not work from the people who -2ed it. I have now asked for this *multiple* times (both here and on other channels) and there's nothing but silence coming back. Just crapping all over a CL with vague concerns but completely refusing to discuss it in detail is not a proper way to collaborate on an open-source project.
The other approach is just plain *better*. It is a lot cleaner, keeps dependencies from spreading all over the place, covers edge cases that even the current implementation doesn't and *does not change anything about when stuff is measured for the current use cases!* If you want to make progress on this CL, please revert to that patch set and I will +2 it. If we then see -2s again without willingness to discuss on a technical level I will escalate the matter as necessary.
Done. If only doing so would make progress on it. I just do not want to be squeezed in between.