Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31662 )
Change subject: security/vboot: Do not check for RW partitions if not part of the image ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/#/c/31662/1/src/security/vboot/vboot_logic.c File src/security/vboot/vboot_logic.c:
https://review.coreboot.org/#/c/31662/1/src/security/vboot/vboot_logic.c@330 PS1, Line 330: if (!IS_ENABLED(CONFIG_VBOOT_SLOTS_RW_A))
Can we have a Kconfig which is more explicit? […]
I agree, this doesn't make sense. If this is the behavior you want, you should probably rather disentangle measured boot from vboot and make it work as a standalone feature. (Note that you can still call vboot functions -- we should change the Makefile so that the vboot library is built and linked even if CONFIG_VBOOT is not enabled -- you just wouldn't be running the main vb2api_fw_phaseX() verification code then.)
My understanding from CB:27714 was that the "RO only" mode meant that you only have a single FMAP partition, it is updateable (so it would've really been more appropriate to call it "RW only"), but it still gets verified during boot (and you just get bricked if that fails). This patch is now changing that to a scheme that doesn't make sense anymore. If you never want to verify anything, you shouldn't be executing this function.