Attention is currently required from: Tarun Tuli, Michał Żygowski, Maciej Pijanowski, Jason Nien, Subrata Banik, Christian Walter, Kapil Porwal, Tim Wawrzynczak, Nick Vaccaro, Krystian Hebel, Martin Roth, Sergii Dmytruk.

Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68746 )

Change subject: security/tpm: make log format configurable via Kconfig ......................................................................

Patch Set 5:

(3 comments)

Commit Message:

https://review.coreboot.org/c/coreboot/+/68746/comment/dc691897_61a3bb6a PS5, Line 15: format as they are likely to depend on it. No, Google boards actually don't use measured boot and TCPA log at all (we just care about the values written directly to PCR 0 and 1 by the vboot code). The original TCPA log code was written by the 9elements guys (Philipp), I don't know who else has also been using it since (I think Werner from Siemens was also interested at some point?).

If we can determine that nobody actually cares about retaining the old log format anymore (Google doesn't, at least), I'm also fine with removing support for it completely.

File src/mainboard/google/asurada/Kconfig:

https://review.coreboot.org/c/coreboot/+/68746/comment/82caa3cb_dfe603d2 PS5, Line 29: select NEED_VBOOT_COMPATIBILITY So since we don't use it you don't need to add this to every Google board.

In general, only hardware properties should be `select`ed directly from the mainboard Kconfig, and user decisions (like which log format to use) should be left up to menuconfig anyway.

File src/security/tpm/Kconfig:

https://review.coreboot.org/c/coreboot/+/68746/comment/50111184_4afb895b PS3, Line 102: config USE_TPM_LOG_CB

Yes, it's required. Options defined in `choice` can't be selected directly.

But I think you still shouldn't need an extra option, you could have written it like this: ``` choice prompt "TPM event log format" default TPM_LOG_CB if NEED_VBOOT_COMPATIBILITY default <something else otherwise> ``` (But we don't need it at all since as I mentioned Google boards and vboot don't care about this.)