Attention is currently required from: Andrey Pronin, Raul Rangel, Paul Menzel, Yu-Ping Wu, Karthik Ramasubramanian. Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/59476 )

Change subject: src/security/vboot: Set up secure counter space in TPM NVRAM ......................................................................

Patch Set 3:

(4 comments)

File src/security/vboot/antirollback.h:

https://review.coreboot.org/c/coreboot/+/59476/comment/1703ab59_9eeb0039 PS3, Line 32: 0x100f What about moving this a bit away from the other indices so it can grow on its own when necessary? Maybe use (0x3000 + (n)) or something like that? (AFAIK any number works here and it makes no difference, but would be good for Andrey to confirm.)

File src/security/vboot/antirollback.h:

https://review.coreboot.org/c/coreboot/+/59476/comment/b8ab5f6d_7413ab05 PS2, Line 42: #define SECURE_COUNTER4_NV_INDEX 0x1012

I have made references to use-case here(Widevine) so that it is more clear.

Not really sure what you mean by cr50 specific. They are specific to this code here which creates them (and the userspace code which will use them). We could pick any index (in the available space) we want, and you could have these on a non-cr50 TPM as well.

File src/security/vboot/secdata_tpm.c:

https://review.coreboot.org/c/coreboot/+/59476/comment/10d9af09_4c626f6d PS3, Line 345: space better: spaces (plural)

https://review.coreboot.org/c/coreboot/+/59476/comment/ce97ec20_f97c1fc7 PS3, Line 349: <= I think you want < here or you'll end up with 5 counters.