[coreboot-gerrit] Change in coreboot[master]: Makefile.inc: Add bootblock to CBFS before others

Attention is currently required from: Yu-Ping Wu. Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/64547 )

Change subject: Makefile.inc: Add bootblock to CBFS before others ......................................................................

Patch Set 4:

(1 comment)

Commit Message:

https://review.coreboot.org/c/coreboot/+/64547/comment/c068e757_9cbc2190 PS2, Line 9: cbfstool

The problem is that it still needs to be updated again every time a new CBFS file is added. We want images where even after the coreboot build system is done with them, you can still run `cbfstool add` to put more files in them (e.g. an out-of-tree payload) without breaking the verification chain. I think the only way that can work is if cbfstool knows how to find and update the bootblock in place, wherever it is on each platform.

Any thoughts on how to solve this? cbfstool would need to detect whether the bootblock is inside IFWI (Intel) or PSP firmware (AMD) and have capabilities to extract it.