Attention is currently required from: Andrey Pronin, Julius Werner, Aaron Durbin. Aseda Aboagye has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/52919 )

Change subject: chromeos/Kconfig: Add TPM20_CREATE_FWMP ......................................................................

Patch Set 5:

(6 comments)

Patchset:

PS5: I added a new API in vboot_reference. How do I ensure that upstream coreboot will pick that up?

File src/security/vboot/secdata_tpm.c:

https://review.coreboot.org/c/coreboot/+/52919/comment/c78a0d59_9d6e12f6 PS1, Line 111:

Ack

Done

https://review.coreboot.org/c/coreboot/+/52919/comment/005d18e1_12eed8ca PS1, Line 237: .TPMA_NV_OWNERWRITE = 1,

I recall reading a comment in a doc that we should consider FWMP as frozen. […]

Done

https://review.coreboot.org/c/coreboot/+/52919/comment/658ea1d1_93ad4263 PS1, Line 243: rv = tlcl_define_space(FWMP_NV_INDEX, VB2_SECDATA_FWMP_MAX_SIZE,

My understanding was that it simply considers the space as missing since the read would be returning […]

I'm initializing the space now.

https://review.coreboot.org/c/coreboot/+/52919/comment/ae70762d_dead8f3f PS1, Line 244: pcr0_allowed_policy,

Ack

Done

https://review.coreboot.org/c/coreboot/+/52919/comment/657a85b5_c2be69c0 PS1, Line 246: if (rv == TPM_E_NV_DEFINED) {

Ah, I see what you mean now. Yes, sorry, we want to continue if we're successful.

Done