Attention is currently required from: Andrey Pronin, Julius Werner, Aaron Durbin. Aseda Aboagye has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/52919 )

Change subject: chromeos/Kconfig: Add TPM20_CREATE_FWMP ......................................................................

Patch Set 4:

(2 comments)

File src/security/vboot/secdata_tpm.c:

https://review.coreboot.org/c/coreboot/+/52919/comment/d16033ca_c21a7348 PS1, Line 243: rv = tlcl_define_space(FWMP_NV_INDEX, VB2_SECDATA_FWMP_MAX_SIZE,

vboot will be unhappy (later, in depthcharge) when it tries to read a FWMP space that exists but isn […]

My understanding was that it simply considers the space as missing since the read would be returning `TPM_E_BADINDEX`. But now going back, I think I might have been looking at the wrong tlcl code. (in coreboot vs depthcharge). Another option is to port that same behaviour to the tlcl code in depthchage.

File src/vendorcode/google/chromeos/Kconfig:

https://review.coreboot.org/c/coreboot/+/52919/comment/39d11d5b_9d2ca49e PS1, Line 95: config TPM20_CREATE_FWMP

Not sure why this should be a Kconfig? Don't we just want to do this unconditionally on all future d […]

(sorry, missed this comment earlier) I had the same question myself. :) I think it could work the same on Cr50 devices. I simply chose this way to minimize the changes to the other boards.