Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/41100 )
Change subject: security: tcg-2.0: Improve error response handling, fix Cr50 boot mode ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... File src/security/tpm/tss/tcg-2.0/tss_marshaling.c:
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... PS1, Line 556: ibuf_nr_read(ib) == resp->hdr.tpm_size
but calling unmarshal_vendor_command() is a separate case in the calling routine - I think it is per […]
So the basic policy should be: whenever there's an error code, no matter what the command (vendor or standard), just accept any size but don't unmarshal anything?
Not sure I really like this "the TPM is allowed to return anything, anywhere" policy... but okay. For now as far as I can tell we never need to access any fields on errors, so we can do that.