Attention is currently required from: Christian Walter, Julius Werner, Jérémy Compostella, Krystian Hebel, Martin L Roth, Michał Żygowski.
Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/69159?usp=email )
Change subject: security/tpm: make tis_probe() return tpm_family ......................................................................
Patch Set 23:
(2 comments)
File src/drivers/i2c/tpm/tpm.c:
https://review.coreboot.org/c/coreboot/+/69159/comment/43343d31_17eb552b : PS1, Line 461: *tpm_family = 1;
if (TPM_INTF_CAPABILITY.InterfaceVersion == 0) […]
To revive this thread: even if this driver (`tpm.c`) can work with TPM2, we're not sure how to test for it and the driver doesn't seem to ever be used with TPM2 in the codebase. I grepped for `I2C_TPM` and it always enabled with either TPM1 or CR50/TI50 TPM2 which use `cr50.c` in the same directory instead of `tpm.c`.
In case this (potentially) breaks some boards, it should be safe to return version of `2` if only TPM2 is enabled and `1` otherwise. Case when both are enabled is the hard one, but nobody might actually need it.
File src/security/tpm/tss/tcg-2.0/tss.c:
https://review.coreboot.org/c/coreboot/+/69159/comment/873da879_863de3f8 : PS16, Line 225: if (family != TPM_2) {
Maybe only include this if both TPM1 & 2 are both enabled?
Same as above in `tcg-1.2/tss.c`:
I think it's good to have even when only one TPM version is supported to validate that found driver reports correct version.
By the way, note that these checks are moved into combined probe function in `tss/tss.c` in the next commit (CB:69160).