Werner Zeh has uploaded this change for review.
security/vboot: Do not check for RW partitions if not part of the image
In the setup where measured boot is used with read-only partition only
there is no RW_A or RW_B partition in the flash. In this case it makes
no sense to let VBOOT check for these partitions just to fail and then
fall back to recovery mode.
Instead set the flag VB2_CONTEXT_RECOVERY_MODE right away so that VBOOT
starts in recovery mode any time.
This kind of bypasses VBOOT logic but is still suitable to have a
pure measured boot scheme enabled. In addition it avoids the first two
reboots due to missing RW_A and RW_B.
Change-Id: I07b8ec97be7db63b7ccddb3f33e0f741bed8acd8
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
---
M src/security/vboot/vboot_logic.c
1 file changed, 6 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/62/31662/1
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 8c3ba80..89934b9 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -324,6 +324,12 @@
die("Initializing measured boot mode failed!");
}
+ /* Skip checking for RW_A and RW_B if these partitions are not included
+ in the image. Instead proceed with recovery mode which uses RO
+ partition only. */
+ if (!IS_ENABLED(CONFIG_VBOOT_SLOTS_RW_A))
+ ctx.flags |= VB2_CONTEXT_RECOVERY_MODE;
+
if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) &&
get_developer_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
To view, visit change 31662. To unsubscribe, or for help writing mail filters, visit settings.