[coreboot-gerrit] Change in coreboot[master]: security/tpm: Set up generic TSPI
Philipp Deppenwiese (Code Review)
gerrit at coreboot.org
Mon Feb 19 14:16:45 CET 2018
Philipp Deppenwiese has posted comments on this change. ( https://review.coreboot.org/22106 )
Change subject: security/tpm: Set up generic TSPI
......................................................................
Patch Set 44:
(10 comments)
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c
File src/security/tpm/tspi/tspi.c:
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c@62
PS44, Line 62: return TPM_E_MUST_REBOOT;
> This is changing behavior... the old code just fell through to SUCCESS here. […]
Ack
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c@124
PS44, Line 124: if (IS_ENABLED(CONFIG_TPM_DEACTIVATE))
> This should probably go above the enable/activate part below and then directly goto out, otherwise y […]
Ack
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c@148
PS44, Line 148: #if IS_ENABLED(CONFIG_TPM1)
> Please use […]
Ack
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tspi/tspi.c@167
PS44, Line 167: uint32_t tpm_extend_pcr(int pcr, uint8_t *digest, uint8_t *out_digest)
> I'm still really not sure what this function does. […]
Normally by extending a PCR, a TCPA log is generated as well. I will add more code here in later patches
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss.c
File src/security/tpm/tss/tcg-2.0/tss.c:
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss.c@309
PS44, Line 309: uint32_t tlcl_define_space(uint32_t space_index, size_t space_size, const TPMA_NV nv_attributes, const uint8_t *nv_policy)
> 80 character limit
Done
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss.c@330
PS44, Line 330: nvds_cmd.publicInfo.attributes = nv_attributes;
> It is weird that one of the arguments of the function only applies if the other one is not NULL, and […]
Done
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss_structures.h
File src/security/tpm/tss/tcg-2.0/tss_structures.h:
https://review.coreboot.org/#/c/22106/44/src/security/tpm/tss/tcg-2.0/tss_structures.h@133
PS44, Line 133: #define KERNEL_NV_INDEX 0x1008
> Why are these duplicated here? With your changes you shouldn't need them in the TSS code anymore, ri […]
yes, just a leftover. The changes are a way too complex.
https://review.coreboot.org/#/c/22106/44/src/security/vboot/antirollback.h
File src/security/vboot/antirollback.h:
https://review.coreboot.org/#/c/22106/44/src/security/vboot/antirollback.h@29
PS44, Line 29: #define REC_HASH_NV_INDEX 0x100b
> Bad merge? You're just duplicating lines here...
Ack
https://review.coreboot.org/#/c/22106/44/src/security/vboot/secdata_tpm.c
File src/security/vboot/secdata_tpm.c:
https://review.coreboot.org/#/c/22106/44/src/security/vboot/secdata_tpm.c@196
PS44, Line 196: VB2_SECDATA_SIZE, ro_space_attributes, pcr0_unchanged_policy));
> 80 character limit
Done
https://review.coreboot.org/#/c/22106/44/src/security/vboot/secdata_tpm.c@439
PS44, Line 439: return TPM_SUCCESS;
> This will return success on other errors. Just do […]
Done
--
To view, visit https://review.coreboot.org/22106
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I883c489801fce88e13952fe24b67315ab6bb1afb
Gerrit-Change-Number: 22106
Gerrit-PatchSet: 44
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Gerrit-Reviewer: Aaron Durbin <adurbin at chromium.org>
Gerrit-Reviewer: Andrey Pronin <apronin at google.com>
Gerrit-Reviewer: Julius Werner <jwerner at chromium.org>
Gerrit-Reviewer: Kyösti Mälkki <kyosti.malkki at gmail.com>
Gerrit-Reviewer: Patrick Rudolph <siro at das-labor.org>
Gerrit-Reviewer: Paul Menzel <paulepanter at users.sourceforge.net>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Gerrit-Reviewer: Randall Spangler <randall at spanglers.com>
Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer at coreboot.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply at coreboot.org>
Gerrit-Comment-Date: Mon, 19 Feb 2018 13:16:45 +0000
Gerrit-HasComments: Yes
Gerrit-HasLabels: No
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180219/9fd5eb46/attachment.html>
More information about the coreboot-gerrit
mailing list