Wim Vervoorn has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36545 )
Change subject: lib/cbfs: Add fallback to RO region to cbfs_boot_locate ......................................................................
Patch Set 1:
Patch Set 1:
If you don't want to lock RO (make it read-only), you can achieve the same by simply not having a RW partitions at all. All components would reside in RO, you can still use the measured boot, have enough space for payloads and don't need to duplicate stages. The good thing is that is already supported by coreboot.
I would expect a minimum amount of items in the RO partition and all of them in RW to have them updated.
While technically correct I fear that without proper documentation (maybe even with proper documentation) it will be hard for the customer to figure out a reliable update scheme, as files are scattered all over the firmware image.
The issue is that we do want the RO region to be locked so your suggestion is not an option. We are using a single RO with a single RW in this case.
I agree with you that using a scheme like this will require additional attention. But the good thing is that it doesn't need to be complicated at all once there is sufficient space to fit the coreboot component alongside the payload.
Once this is the case all files can be located in the RW region and there won't be a difference with the "standard" situation at all. All this does is provide the option to use components that are present in the RO partition by simply removing them from the RW.
Regarding the documentation. I can provide documentation for this but at the moment it is not clear to me what to provide. Is this just documentation inside the code or should I provide documentation in the Documents directory as well?