[coreboot-gerrit] Change in coreboot[master]: lib/cbfs: Add fallback to RO region to cbfs_boot_locate

Wim Vervoorn has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36545 )

Change subject: lib/cbfs: Add fallback to RO region to cbfs_boot_locate ......................................................................

Patch Set 1:

Patch Set 1: Code-Review-2

It needs at least proper documentation. I'm not sure if a fallback in this place is the correct way.

I agree with you that the documentation is limited at this moment. To make sure I am doing the right things. I am planning to add inline documentation in the source. Is this sufficient or is there another place where a description should be added.

I think that this is the correct location for a file-based fallback. I can imagine that a fall back is not a valid option in other scenarios so I am considering to add a config option that is normally disabled so this feature can be enabled when desired.

I don't see a security issue with the solution. The cbfs_locate first tries to find the file in the selected region. If it can not find the file there it tries to use the RO region which is trusted. There no option to try the other (non trusted) RW region.