Wim Vervoorn has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36544 )
Change subject: security/vboot: Add rw_region_only support to vboot ......................................................................
Patch Set 4:
(1 comment)
Patch Set 4:
Patch Set 4:
Patch Set 4:
(1 comment)
The idea behind this is that the update image needs to be created more often than the "factory image" containing the correct RO partition. So this should be as easy as possible so it would even be acceptable to have an update-image without the payload (as the RO part won't be used anyway). During development of the initial image we can simply start out by adding the small payload to both the RO and RW regions. So the number of manual actions required will be limited.
I think with chromeos new 'factory' images are always created regardless if the RO partition is already locked.
For my understanding why do you think it is easier to add the larger payload later? Now I can build the large payload with the coreboot tree and generate the image with the correct payload in one go. How would that work in your case?
I just think that handling payloads outside of the coreboot build system makes more sense when shipping images, especially if you want different things in RO vs RW.
Please note that this config is not intended for ChromeOS systems, the intention is to allow some deviation from that behavior for embedded systems. In our case, the system will be delivered with the default image loaded and the RO region of the flash device locked so this can't be altered. So after that, the content of the RO region is irrelevant as this will never be flashed.
What we want to achieve for the customer is an easy way to generate update images. After setup the customer will be able to run make menuconfig and make (or just generate a new payload is this is a bzImage or elf) and generate a new coreboot image.
For some very specific customers we also have the requirement that the system should not boot at all if the verified boot check fails. In this case it doesn't make sense to waste space on a payload inside the RO region.
I know these are non standard situations but they still happen.
https://review.coreboot.org/c/coreboot/+/36544/3//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/36544/3//COMMIT_MSG@9 PS3, Line 9: In some case where the flash space is limited or when a large payload : such as LinuxBoot is used it is required to make sure some components : are only added to the RW_REGION. : : This patch adds this possibility in the same way as the RO_ONLY_SUPPORT.
You are right. Typically the RO and RW payloads will be different. […]
Done