Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/52753 )
Change subject: security/tpm/crtm: Measure FMAP into TPM
......................................................................
Patch Set 4:
(1 comment)
File src/security/tpm/tspi/crtm.c:
https://review.coreboot.org/c/coreboot/+/52753/comment/0f4dd72b_40bd9bb3
PS2, Line 64: TPM_CRTM_PCR
Done
So why is it runtime? (Sorry, I expected someone else would answer this and it wouldn't go in so quickly...) Isn't "runtime" for data that is somewhat variable and can change between units or boots or something, whereas "CRTM" is for the core code and data components that are fundamental to the security of the system? If so I would definitely expect the FMAP layout to count to CRTM just like all the code stages in CBFS. CBFS is anchored in the FMAP, after all.
--
To view, visit
https://review.coreboot.org/c/coreboot/+/52753
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b
Gerrit-Change-Number: 52753
Gerrit-PatchSet: 4
Gerrit-Owner: Arthur Heymans
arthur@aheymans.xyz
Gerrit-Reviewer: Angel Pons
th3fanbus@gmail.com
Gerrit-Reviewer: Arthur Heymans
arthur@aheymans.xyz
Gerrit-Reviewer: Christian Walter
christian.walter@9elements.com
Gerrit-Reviewer: Julius Werner
jwerner@chromium.org
Gerrit-Reviewer: Patrick Rudolph
siro@das-labor.org
Gerrit-Reviewer: Philipp Deppenwiese
zaolin.daisuki@gmail.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: 9elements QA
hardwaretestrobot@gmail.com
Gerrit-CC: Patrick Rudolph
patrick.rudolph@9elements.com
Gerrit-CC: Paul Menzel
paulepanter@mailbox.org
Gerrit-Comment-Date: Wed, 05 May 2021 21:35:59 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Patrick Rudolph
patrick.rudolph@9elements.com
Comment-In-Reply-To: Arthur Heymans
arthur@aheymans.xyz
Gerrit-MessageType: comment
Julius Werner (Code Review)