Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31662 )
Change subject: security/vboot: Do not check for RW partitions if not part of the image ......................................................................
Patch Set 1:
(3 comments)
https://review.coreboot.org/#/c/31662/1//COMMIT_MSG Commit Message:
https://review.coreboot.org/#/c/31662/1//COMMIT_MSG@9 PS1, Line 9: In the setup where measured boot is used with read-only partition only : there is no RW_A or RW_B partition in the flash. That sentence seems incomplete.
https://review.coreboot.org/#/c/31662/1//COMMIT_MSG@15 PS1, Line 15: suitable to have a : pure measured boot scheme enabled … suitable for an enabled measured boot scheme.
https://review.coreboot.org/#/c/31662/1//COMMIT_MSG@9 PS1, Line 9: In the setup where measured boot is used with read-only partition only : there is no RW_A or RW_B partition in the flash. In this case it makes : no sense to let VBOOT check for these partitions just to fail and then : fall back to recovery mode. : Instead set the flag VB2_CONTEXT_RECOVERY_MODE right away so that VBOOT : starts in recovery mode any time. : This kind of bypasses VBOOT logic but is still suitable to have a : pure measured boot scheme enabled. In addition it avoids the first two : reboots due to missing RW_A and RW_B. Please add a blank line between paragraphs.