Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/36544 )
Change subject: security/vboot: Add rw_region_only support to vboot ......................................................................
security/vboot: Add rw_region_only support to vboot
In some case where the flash space is limited or when a large payload such as LinuxBoot is used, the RO region may not be large enough to contain all components that would normally be added.
This patch adds the possibility to add specific components to the RW regions only in the same way as the RO_ONLY_SUPPORT does for the RO region.
Please note: this applies only to the items that would normally be added to all regions. If the payload is directed to the RW region only, a recovery payload needs to be added to the RO region manually.
BUG=N/A TEST=build
Change-Id: Ie0df9b5dfc6df4f24efc5582a1aec9ecfb48c44d Signed-off-by: Wim Vervoorn wvervoorn@eltan.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/36544 Reviewed-by: Arthur Heymans arthur@aheymans.xyz Reviewed-by: Frans Hendriks fhendriks@eltan.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc 2 files changed, 17 insertions(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Arthur Heymans: Looks good to me, but someone else must approve Frans Hendriks: Looks good to me, approved
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 87bb80a..70180c7 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -220,6 +220,13 @@ Add a space delimited list of filenames that should only be in the RO section.
+config RW_REGION_ONLY + string + default "" + depends on VBOOT_SLOTS_RW_A + help + Add a space delimited list of filenames that should only be in the + RW sections.
config VBOOT_ENABLE_CBFS_FALLBACK bool diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 31c0f5d..3e5956c 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -170,13 +170,17 @@ # Check for RW_A partition ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y) VBOOT_PARTITIONS += FW_MAIN_A +RW_PARTITIONS := FW_MAIN_A endif # Check for RW_B partition ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y) VBOOT_PARTITIONS += FW_MAIN_B +RW_PARTITIONS += FW_MAIN_B endif
-# Define a list of files that need to be in RO only. +# Return the regions a specific file should be placed in. The files listed below and the ones +# that are specified in CONFIG_RO_REGION_ONLY are only specified in the RO region. The files +# specified in the CONFIG_RW_REGION_ONLY are only placed in the RW regions. # All other files will be installed into RO and RW regions # Use $(sort) to cut down on extra spaces that would be translated to commas regions-for-file = $(subst $(spc),$(comma),$(sort \ @@ -193,7 +197,11 @@ cmos_layout.bin \ cmos.default \ $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \ - ,$(1)),COREBOOT,$(VBOOT_PARTITIONS)))) + ,$(1)),COREBOOT,\ + $(if $(filter \ + $(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \ + ,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \ + )))
CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))