Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36208 )
Change subject: security/vboot: Add vboot callbacks to support EC software sync ......................................................................
Patch Set 22:
(2 comments)
https://review.coreboot.org/c/coreboot/+/36208/20/src/security/vboot/ec_sync... File src/security/vboot/ec_sync.c:
https://review.coreboot.org/c/coreboot/+/36208/20/src/security/vboot/ec_sync... PS20, Line 61: vbnv_init(ctx->nvdata);
Because it's already done in verstage, correct?
Right.
https://review.coreboot.org/c/coreboot/+/36208/22/src/security/vboot/vboot_c... File src/security/vboot/vboot_common.h:
https://review.coreboot.org/c/coreboot/+/36208/22/src/security/vboot/vboot_c... PS22, Line 90: void save_secdata_if_needed(struct vb2_context *ctx); These need to be namespaced properly (e.g. vboot_save_nvdata()). I'd maybe consider making them vboot_save_nvdata_only() and vboot_save_data(), since we'd normally want to either save everything or only save nvdata when we're confident that secdata cannot change at that point (since saving nvdata is cheap and doesn't pull in much extra code anyway). Then you could also move that assert that secdata didn't change into vboot_save_nvdata_only().