Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38424 )
Change subject: cbfs: Enable CBFS mcache on most boards ......................................................................
Patch Set 10:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38424/10/src/arch/x86/car.ld File src/arch/x86/car.ld:
https://review.coreboot.org/c/coreboot/+/38424/10/src/arch/x86/car.ld@50 PS10, Line 50: #if !CONFIG(NO_CBFS_MCACHE) : CBFS_MCACHE(., CONFIG_CBFS_MCACHE_SIZE) : #endif
On x86 the RO-flash is typically cached. […]
I definitely want it to work, because it will be required for the verification stuff I want to implement later. When you need full TOCTOU protection you don't want to depend on if and how long the hardware might cache things behind your back, you need to be 100% sure the bytes you're looking at now are still the bytes you verified earlier.
If you want I can change the default on x86 for now. But as long as there's enough CAR space (and it seems there is plenty on recent platforms), leaving it on shouldn't hurt?