[XS] Change in coreboot[main]: fmap: Die immediately on verification failure - coreboot-gerrit

3 Nov 2023


      Attention is currently required from: Jakub Czapiga, Julius Werner.
Yu-Ping Wu has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/78903?usp=email )
Change subject: fmap: Die immediately on verification failure
......................................................................
Patch Set 1: Code-Review+1
(2 comments)
File src/lib/fmap.c:
https://review.coreboot.org/c/coreboot/+/78903/comment/ffbb35be_b775c039 :
PS1, Line 42: 	   filled with a tampered FMAP but the later fallback path is fed a valid one. */
Also explain why we want to die even if `!CONFIG(TOCTOU_SAFETY)`?
BTW there's a TODO comment which I think now can be fixed.
```
config TOCTOU_SAFETY
    depends on !VBOOT # TODO: can only allow this once vboot fully integrated
```
https://review.coreboot.org/c/coreboot/+/78903/comment/d36ac012_ae2dcb85 :
PS1, Line 127: sizeof(struct fmap)
Not related to this patch, but this is supposed to be `FMAP_SIZE`, right? (at least for `CONFIG(CBFS_VERIFICATION) && ENV_INITIAL_STAGE`)
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/78903?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: I59ec91c3e5a59fdd960b0ba54ae5f15ddb850480
Gerrit-Change-Number: 78903
Gerrit-PatchSet: 1
Gerrit-Owner: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Jakub Czapiga czapiga@google.com
Gerrit-Reviewer: Yu-Ping Wu yupingso@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-Attention: Jakub Czapiga czapiga@google.com
Gerrit-Attention: Julius Werner jwerner@chromium.org
Gerrit-Comment-Date: Fri, 03 Nov 2023 06:19:37 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment