Attention is currently required from: Christian Walter, Nick Vaccaro, Paul Menzel, Paz Zcharya, Subrata Banik, Tim Van Patten.

Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/79736?usp=email )

The change is no longer submittable: All-Comments-Resolved is unsatisfied now.

Change subject: security/tpm: Retrieve factory configuration for device w/ Google TPM ......................................................................

Patch Set 5:

(3 comments)

File src/security/tpm/tss/tcg-2.0/tss_structures.h:

https://review.coreboot.org/c/coreboot/+/79736/comment/ea1848a9_13873b68 : PS5, Line 361: uint64_t factory_config; Why are you doing it like this? Unless I'm missing something here I think you should just put it inside the union, next to the others. You also shouldn't need to add explicit padding in this structures, this is not a serialized structure, it's just for internal data passing within the TPM API.

File src/security/tpm/tss/vendor/cr50/cr50.c:

https://review.coreboot.org/c/coreboot/+/79736/comment/b7f03002_9423cc33 : PS5, Line 186: printk(BIOS_INFO, "Reading factory config\n"); nit: I'd maybe consider putting this at the end of the function and then printing the received value while you're at it? (We might also want to consider caching the value in a static variable like board_id(), although we can also wait with that until we have multiple callers.)

https://review.coreboot.org/c/coreboot/+/79736/comment/1947f6fb_7264504a : PS5, Line 196: * ladder. Is this actually relevant to this command and its use case? Why would the key ladder be disabled here? This looks like it was just copied from `tlcl_cr50_get_tpm_mode()` but doesn't apply here.