On Mon, Aug 15, 2016 at 03:54:49PM -0700, Julius Werner wrote: > I think the answer is that CONFIG_TPM doesn't do anything by itself > (it just compiles extra libraries that offer functions to access > TPMs), so there's no point in selecting it directly from menuconfig. > Any feature that uses the TPM (like CONFIG_VBOOT) should have its own > Kconfig option that you select through menuconfig and which just has a > 'select TPM' clause to pull in those libraries.
Ah, I see. That makes more sense. > [...] > So if you're adding anything new that wants to use tlcl functions, you > should give it its own Kconfig option that does 'select TPM'. That's what I'll do. Thanks for the insight. On a related topic, is there a reason to wait to enable the TPM? Looking at src/northbridge/intel/sandybridge/romstage.c, it isn't enabled until after the MRC cache has been read from the read-write portions of the flash chip, which could potentially compromise the root of trust. -- Trammell -- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
