Wim Vervoorn has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36544 )
Change subject: security/vboot: Add rw_region_only support to vboot ......................................................................
Patch Set 4:
(2 comments)
https://review.coreboot.org/c/coreboot/+/36544/3//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/36544/3//COMMIT_MSG@9 PS3, Line 9: In some case where the flash space is limited or when a large payload : such as LinuxBoot is used it is required to make sure some components : are only added to the RW_REGION. : : This patch adds this possibility in the same way as the RO_ONLY_SUPPORT.
How does this work? The RO region ends up without a payload?
You are right. Typically the RO and RW payloads will be different. The idea is that the RO payload is added manually. During development it makes sense to add a smaller payload and remove the payload from this option so it will be in both RO and RW regions.
At this point in time coreboot doesn't provide the possibility to specify 2 payloads, add one to the RO and one to the RW regions and I don't have the time to implement that. I think this is a pragmatic replacement for that.
https://review.coreboot.org/c/coreboot/+/36544/3/src/security/vboot/Kconfig File src/security/vboot/Kconfig:
https://review.coreboot.org/c/coreboot/+/36544/3/src/security/vboot/Kconfig@... PS3, Line 227: RW_REGION_ONLY
This should be properly guarded. It needs to depend on on having at least one region.
You are right. Added the dependancy.