Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32153 )
Change subject: src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region. ......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/#/c/32153/1//COMMIT_MSG Commit Message:
https://review.coreboot.org/#/c/32153/1//COMMIT_MSG@13 PS1, Line 13: RAMSTAGE. RAMSTAGE authenticates PAYLOAD.
Once the switch CONFIG_VBOOT_STAGE_VERIFICATION is enabled, ROMSTAGE and POSTCAR will be only in RO. […]
Where is that assumption coming from? Why would you be making that assumption on behalf of other users?
Similarly, STAGE_VERIFICATION is extremely generic. I have no idea what the semantics are -- especially because vboot inherently verifies things.
That said, there needs to be a broader discussion and coordination aside from posting CLs. Did you bring the plan and intention up on the mailing list?