Werner Zeh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39971 )
Change subject: security/vboot: Provide stub functions for TPM in bootblock ......................................................................
Patch Set 1:
Patch Set 1: Code-Review+1
It seems your 'TPM_IN_BOOTBLOCK' has similar requirement with (VBOOT_STARTS_IN_BOOTBLOCK && !VBOOT_SEPARATE_VERSTAGE). Is it possible to unify these flags?
The issue here is that it really depends on the platform the code is compiled for if the bootblock is big enough to host the full tpm driver or not. Even if VBOOT_STARTS_IN_BOOTBLOCK has worked out so far after the decouple patch it does not fit anymore on Apollo Lake. The Ide with the separate switch was to be able to decide it per platform. So if there is enough space then it can be enabled. If one platform suffers with bootblock size constraints one can just use the empty stubs.
An alternative would be to add __weak functions and get rid of the TPM driver layer completely.