Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35377 )
Change subject: lib/fmap: Cache FMAP in cbmem ......................................................................
Patch Set 7:
(3 comments)
https://review.coreboot.org/c/coreboot/+/35377/4//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/35377/4//COMMIT_MSG@14 PS4, Line 14: TODO: Is it secure to store FMAP in DRAM?
Don't we resume into DRAM (relocatable ramstage) anyway? Or am I confusing things there?
Generally, for the OS and lower, there's no point in worrying about a DRAM compromise between suspend/resume. I don't know if there is for coreboot.
Chrome OS devices that employed S3 resume would put ramstage in an area of memory off limits from the OS. It would then be copied to execution place. That said, cbmem is not protected from the OS so there's an assumption there about its integrity being maintained.
https://review.coreboot.org/c/coreboot/+/35377/6/src/lib/fmap.c File src/lib/fmap.c:
https://review.coreboot.org/c/coreboot/+/35377/6/src/lib/fmap.c@159 PS6, Line 159: }
Done
Well, there is logic around when to utilize and/or seed the cache.
https://review.coreboot.org/c/coreboot/+/35377/6/src/lib/fmap.c@223 PS6, Line 223: if (!e) {
Done
I don't understand the loading from flash 3 times each boot. Julius were you thinking I was suggesting to unconditionally read it in from flash on every cbmem recovery? I wasn't, and I expected we'd have the necessary guards.