Attention is currently required from: Michał Żygowski.

Hello Michał Żygowski,

I'd like you to do a code review. Please visit

https://review.coreboot.org/c/coreboot/+/82695?usp=email

to review the following change.

Change subject: security/intel/txt: Handle TPM properly when vboot enabled ......................................................................

security/intel/txt: Handle TPM properly when vboot enabled

Change-Id: I19dc3d910c23fcfd8732465c488f47dd86a96781 Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com --- M src/security/intel/txt/Kconfig M src/security/tpm/Kconfig 2 files changed, 2 insertions(+), 1 deletion(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/95/82695/1

diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig index 637a6a7..69ba95a 100644 --- a/src/security/intel/txt/Kconfig +++ b/src/security/intel/txt/Kconfig @@ -16,6 +16,7 @@ select ENABLE_VMX if CPU_INTEL_COMMON select AP_IN_SIPI_WAIT select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT + select TPM_STARTUP_IGNORE_POSTINIT depends on TPM depends on PLATFORM_HAS_DRAM_CLEAR depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET) diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index ea13fa4..22e37ff 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -131,7 +131,7 @@

config TPM_MEASURED_BOOT_INIT_BOOTBLOCK bool - depends on TPM_MEASURED_BOOT && !VBOOT + depends on TPM_MEASURED_BOOT help Initialize TPM inside the bootblock instead of ramstage. This is useful with some form of hardware assisted root of trust