Attention is currently required from: Arthur Heymans, Paul Menzel, Sven Anderson.

Martin L Roth has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/77356?usp=email )

Change subject: security/tpm/crtm: Add measure additional CBFS files ......................................................................

Patch Set 8:

(1 comment)

File src/security/tpm/tspi/crtm.c:

https://review.coreboot.org/c/coreboot/+/77356/comment/7ba67e44_ae028c80 : PS8, Line 236:

But @paulepanter@mailbox.org suggested to not use an ifdef at all. […]

You don't need to worry about it - just write the function as if CONFIG_TPM_MEASURED_BOOT_ADDITIONAL_FILES were always enabled, because to this function it is. If the config isn't enabled, this function won't be called since the boot state init entry won't be added. The linker will just optimize this function out completely.

``` static void tspi_measure_additional_files(void *unused) { char files[] = CONFIG_TPM_MEASURED_BOOT_ADDITIONAL_FILES; const char *delim = " "; char *file, *pos;

printk(BIOS_INFO, "TPM: Measure additional files: %s\n", files);

for (file = strtok_r(files, delim, &pos); file; file = strtok_r(NULL, delim, &pos)) { cbfs_unmap(cbfs_map(file, NULL)); } } ```

Let me know if you'd like any help with getting the patch merged.