1 comment:
File src/security/vboot/vboot_logic.c:
Patch Set #1, Line 330: if (!IS_ENABLED(CONFIG_VBOOT_SLOTS_RW_A))
Can we have a Kconfig which is more explicit?
config VBOOT_NO_RW_SLOTS
bool
default y if !VBOOT_SLOTS_RW_A
Then is the code we can explicitly test for CONFIG_VBOOT_NO_RW_SLOTS?
This will work but you are using recovery mode as a proxy (with implicit semantics) for your desired behavior. You can't really count on the behavior not changing in the future.
But I believe you're going down this path to only do measured boot? Do we need verified boot and verstage to do that? vboot seems like a big hammer for measured boot.
To view, visit change 31662. To unsubscribe, or for help writing mail filters, visit settings.