Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36544 )
Change subject: security/vboot: Add rw_region_only support to vboot ......................................................................
Patch Set 4:
(1 comment)
https://review.coreboot.org/c/coreboot/+/36544/3//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/36544/3//COMMIT_MSG@9 PS3, Line 9: In some case where the flash space is limited or when a large payload : such as LinuxBoot is used it is required to make sure some components : are only added to the RW_REGION. : : This patch adds this possibility in the same way as the RO_ONLY_SUPPORT.
You are right. Typically the RO and RW payloads will be different. The idea is that the RO payload is added manually. During development it makes sense to add a smaller payload and remove the payload from this option so it will be in both RO and RW regions.
At this point in time coreboot doesn't provide the possibility to specify 2 payloads, add one to the RO and one to the RW regions and I don't have the time to implement that. I think this is a pragmatic replacement for that.
If you end up adding things manually to fmap regions, why bothering at all with this? You can build regularly with your smaller payload and replace the larger RW one? That just requires recreating the VBLOCK.