Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Julius Werner, Krystian Hebel, Yu-Ping Wu.

Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68750 )

Change subject: security/tpm: make usage of PCRs configurable via Kconfig ......................................................................

Patch Set 5:

(2 comments)

File src/security/tpm/Kconfig:

https://review.coreboot.org/c/coreboot/+/68750/comment/ec4df38d_e8f917ba PS4, Line 171: NEED_VBOOT_COMPATIBILITY

As mentioned in the earlier patch I don't think we need the NEED_VBOOT_COMPATIBILITY option (and I t […]

Done

https://review.coreboot.org/c/coreboot/+/68750/comment/a5236794_c3e08a76 PS4, Line 172: default 1 PCR-1 is for "Host Platform Configuration". Boot mode seems to fit here. HWID is maybe a bit less fitting, but it sort of part of PC Motherboard configuration while spec says:

Information about the configuration of the PC Motherboard including hardware components and how they are configured is measured to PCR[1].

Although for TPM2.0:

In general, the platform firmware measures into PCR[1] the configuration data that is associated with the code that measured into PCR[0].

Using "non-stanard use" seems like avoiding using the standards.