Werner Zeh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31662 )
Change subject: security/vboot: Do not check for RW partitions if not part of the image
......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/#/c/31662/1/src/security/vboot/vboot_logic.c
File src/security/vboot/vboot_logic.c:
https://review.coreboot.org/#/c/31662/1/src/security/vboot/vboot_logic.c@330
PS1, Line 330: if (!IS_ENABLED(CONFIG_VBOOT_SLOTS_RW_A))
I agree, this doesn't make sense. […]
What I actually would like to have is a RW_A only (no RW_B due to flash space constraints and even no RO) setup. Then all the checks vboot does are meaningfull. But VBOOT was not designed that way asit counts on RW_A and at least RO.
Is there a way to go that path in VBOOT? And then have measured boot enabled?
--
To view, visit
https://review.coreboot.org/c/coreboot/+/31662
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I07b8ec97be7db63b7ccddb3f33e0f741bed8acd8
Gerrit-Change-Number: 31662
Gerrit-PatchSet: 1
Gerrit-Owner: Werner Zeh
werner.zeh@siemens.com
Gerrit-Reviewer: Aaron Durbin
adurbin@chromium.org
Gerrit-Reviewer: Joel Kitching
kitching@google.com
Gerrit-Reviewer: Philipp Deppenwiese
zaolin.daisuki@gmail.com
Gerrit-Reviewer: Werner Zeh
werner.zeh@siemens.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Julius Werner
jwerner@chromium.org
Gerrit-CC: Paul Menzel
paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Fri, 01 Mar 2019 05:57:39 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Aaron Durbin
adurbin@chromium.org
Comment-In-Reply-To: Julius Werner
jwerner@chromium.org
Gerrit-MessageType: comment
