Attention is currently required from: Daniel P. Smith, Maciej Pijanowski, Krystian Hebel, Sergii Dmytruk.

Michał Żygowski has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68751 )

Change subject: Documentation/measured_boot.md: fix SRTM/DRTM explanations ......................................................................

Patch Set 8:

(3 comments)

File Documentation/security/vboot/measured_boot.md:

https://review.coreboot.org/c/coreboot/+/68751/comment/a704dd91_30cf414e PS8, Line 8: Later, as part of TPM setup, the cached events are applied onto TPM device. There is an exception to that behavior when TPM_MEASURED_BOOT_INIT_BOOTBLOCK is used. It is worth documenting that (if not present elsewhere, then a reference would be good).

https://review.coreboot.org/c/coreboot/+/68751/comment/4866f156_ddccd210 PS8, Line 36: AMD's Hardware Validated : Boot AMD's Hardware Validated Boot (also known as Platform Secure Boot)

https://review.coreboot.org/c/coreboot/+/68751/comment/e81105a5_e95509fc PS8, Line 46: The result is that the IBB as an S-CRTM continues to be : self-referential and rooted in software, with its exposure being the gap between : the return from the ACM and when the IBB measures itself AFAIK when IBB starts execution from the reset vector or the entry point passed in the manifests, the IBB measurements are already inside the TPM, so IBB does NOT measure itself. Unless I missed some research proving the exact opposite.