Attention is currently required from: Philipp Deppenwiese, Martin Roth, Paul Menzel, Christian Walter, Julius Werner. Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/51923 )

Change subject: security/tpm: Add option to init TPM in bootblock ......................................................................

Patch Set 2:

(6 comments)

File src/drivers/tpm/tpm.c:

https://review.coreboot.org/c/coreboot/+/51923/comment/c4911455_698602a3 PS2, Line 9: if (CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK))

Why not just make compilation of this whole file dependent on that in the Makefile? Then you don't n […]

Done

File src/lib/bootblock.c:

https://review.coreboot.org/c/coreboot/+/51923/comment/b9268a58_fed10ba0 PS2, Line 64:

I would suggest to put this here, since the goal of the init() functions above is to turn on basic p […]

Done

File src/security/tpm/Kconfig:

https://review.coreboot.org/c/coreboot/+/51923/comment/45d8dbfe_9dfec209 PS2, Line 113: Initialize tpm inside the bootblock instead of ramstage.

… for hardware assisted root of trust measurement.

Done

https://review.coreboot.org/c/coreboot/+/51923/comment/be90d2fa_6a03a8c8 PS2, Line 113: tpm

TPM

Done

File src/security/tpm/tspi/tspi.c:

https://review.coreboot.org/c/coreboot/+/51923/comment/e23debb6_cad3e721 PS2, Line 112: return 1;

Use ternary operator? […]

Done

https://review.coreboot.org/c/coreboot/+/51923/comment/dd43547c_9abc9b6a PS2, Line 191: if (CONFIG(TPM_MEASURED_BOOT) && !CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK)) {

braces {} are not necessary for single statement blocks

Done