David Hendricks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32153 )
Change subject: src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region.
......................................................................
Patch Set 2:
This seems like a pretty huge change to the way vboot operates that is incompatible with most (all?) implementations on the last several generations of platforms. From a practical standpoint it also means that you won't be able to update core silicon init modules (e.g. MRC), which is a pretty huge change.
Judging by the test case, this seems to have something to do with graphics. What is the requirement here? If there is some sort of graphics/display ACM, then you might want to look into some of the measured launch support that Philipp (cc'd) has added for TXT.
--
To view, visit
https://review.coreboot.org/c/coreboot/+/32153
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a
Gerrit-Change-Number: 32153
Gerrit-PatchSet: 2
Gerrit-Owner: Amol N Sukerkar
amol.n.sukerkar@intel.com
Gerrit-Reviewer: Aaron Durbin
adurbin@chromium.org
Gerrit-Reviewer: Amol N Sukerkar
amol.n.sukerkar@intel.com
Gerrit-Reviewer: Martin Roth
martinroth@google.com
Gerrit-Reviewer: Patrick Georgi
pgeorgi@google.com
Gerrit-Reviewer: Philipp Deppenwiese
zaolin.daisuki@gmail.com
Gerrit-Reviewer: Subrata Banik
subrata.banik@intel.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: David Hendricks
david.hendricks@gmail.com
Gerrit-Comment-Date: Wed, 03 Apr 2019 01:40:52 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
