Attention is currently required from: Julius Werner, Nick Vaccaro, Yu-Ping Wu.

Vladimir Serbinenko has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/81508?usp=email )

Change subject: Support for creating hybrid vboot images ......................................................................

Patch Set 5:

(1 comment)

Patchset:

PS5:

Okay, so you want to dual-boot, and you want ChromeOS to keep updating at the same time? That is ind […]

I disagree about lack of value of using updates. Even though this config is not fully supported it will share most of security vulnerabilities and relevant fixes with normal ChromeOS firmware. I don't believe that possibility of skipping firmware update will be better than having "dual-coreboot" setup but could be useful for someone else. I think part of the problem is because bootblock has increased its scope beyond a simple switch, otherwise it would be way simpler. I see following places to do dual-boot: 1) Boot Block, 16-bit part. Would mean having 2 bootblocks 2) Boot Block, before CAR. Again, 2 bootblocks 3) Boot Block, right after CAR init. 2 bb as well 4) Between bootblock and romstage. This is what this patch proposes. Exact placement of the code is subject to the debate 5) A special payload which loads either depth charge from RW or alternative payload from RO 6) bootloader (payload or otherwise) loading ChromeOS kernel from disk

Options 1-3 require patching inside existing bootblock or a way to relocate it. Both are feasible but feels ugly Option 6 requires a whole other bootloader to understand ChromeOS layout. I actually planned to do it at some point in GRUB. I believe it's a good option for ChromeOS Flex but it adds a heavy amount of security-relevant code outside of ChromeOS review This leaves options 4 and 5. I heavily prefer 4 for its better compatibility and security with ChromeOS as it makes minimum modifications in ChromeOS boot path