Attention is currently required from: Christian Walter, Arthur Heymans. Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/64418 )

Change subject: security/tpm/crtm.c: Fix !CONFIG_BOOTBLOCK_IN_CBFS measuring ......................................................................

Patch Set 1:

(1 comment)

File src/security/tpm/tspi/crtm.c:

https://review.coreboot.org/c/coreboot/+/64418/comment/f0f3416b_3a8479a1 PS1, Line 74: } /* else: TODO: Add SoC specific measurement methods. */

...

Shouldn't we still return an error? or is this merely a best-effort measuring? IOW, should people know that the measuring is incomplete?

I think nothing else ever gets measured if this fails.

How about a warning/error on the console?

...

(TBH, I don't understand self-measuring generally. It wouldn't make a difference if we'd use a pre-computed hash, would it?)

I think this codes dates from when this was not done in bootblock. Self-measuring might be useful if the binary you build != binary loaded, e.g. with APL TXE fixing up FIT. Not sure though...

Reminds me that on APL one can have the TXE measure the bootblock. At least, AFAIR.