Attention is currently required from: Jakub Czapiga. Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/59678 )
Change subject: cbfs: Add unverified_area APIs ......................................................................
Patch Set 2:
(1 comment)
File src/include/cbfs.h:
https://review.coreboot.org/c/coreboot/+/59678/comment/0c3a8cfa_8f5de516 PS2, Line 58: * ..._unverified_area_...: Will look for the CBFS file in the named FMAP area, rather than : * any of the default (RO or RW) CBFSs. Files accessed this way are *not* verified in any : * way (even if CONFIG(CBFS_VERIFICATION) is enabled) and should always be treated as : * untrusted (potentially malicious) data. Mutually exclusive with the ..._ro_... variant. : *
If one will pass "COREBOOT" as area name, they will be able to bypass verification. […]
I don't see a reason to explicitly have the code check against it, although I doubt there'll ever be a good reason to do that. The point is not to forcefully prevent people from doing insecure things (you can't do that anyway), just to try to make it as hard as possible to accidentally do something unsafe without realizing it. I hope calling a function with "unverified" in the name should be pretty obvious.