Attention is currently required from: Christian Walter, Jeremy Soller, Philipp Deppenwiese, Tim Crawford.
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/73297?usp=email )
Change subject: security/tpm/tspi/log: Respect CBMEM TPM log size when copying preram entries
......................................................................
Patch Set 5:
(1 comment)
Patchset:
PS1:
The sanity check is fine but the dealing with S3 resume needs to be fixed differently.
TPM is reset on S3 resume. The log should be cleared. coreboot measured boot was targetting server at first which don't do s3 resume, which is why the code lacks dealing with that codepath.
This is wrong.
To quote docs:
This transition is a resume from an S3 suspend state. Host Platform Reset and TPM_INIT are asserted. The SRTM
issues the TPM2_Startup(STATE) command, loading the previously saved state, without re-measuring Pre-OS
components. The SRTM passes control to the OS. If there are any changes to the Host Platform’s components or
configuration, measuring these changes is the responsibility of the OS.
So on S3 resume measurement should just be skipped.
--
To view, visit
https://review.coreboot.org/c/coreboot/+/73297?usp=email
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If76299e68eb5ed2ed20c947be35cea46c51fcdec
Gerrit-Change-Number: 73297
Gerrit-PatchSet: 5
Gerrit-Owner: Tim Crawford
tcrawford@system76.com
Gerrit-Reviewer: Christian Walter
christian.walter@9elements.com
Gerrit-Reviewer: Jeremy Soller
jeremy@system76.com
Gerrit-Reviewer: Matt DeVillier
matt.devillier@gmail.com
Gerrit-Reviewer: Philipp Deppenwiese
zaolin.daisuki@gmail.com
Gerrit-Reviewer: Sean Rhodes
sean@starlabs.systems
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Arthur Heymans
arthur@aheymans.xyz
Gerrit-CC: Paul Menzel
paulepanter@mailbox.org
Gerrit-CC: Sergii Dmytruk
sergii.dmytruk@3mdeb.com
Gerrit-Attention: Philipp Deppenwiese
zaolin.daisuki@gmail.com
Gerrit-Attention: Tim Crawford
tcrawford@system76.com
Gerrit-Attention: Jeremy Soller
jeremy@system76.com
Gerrit-Attention: Christian Walter
christian.walter@9elements.com
Gerrit-Comment-Date: Wed, 21 Jun 2023 14:36:43 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Arthur Heymans
arthur@aheymans.xyz
Gerrit-MessageType: comment