Wim Vervoorn has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36822 )

Change subject: vendorcode/security/eltan: Allocate memory from bootmem to speed verify ......................................................................

Patch Set 7:

(2 comments)

https://review.coreboot.org/c/coreboot/+/36822/6/src/vendorcode/eltan/securi... File src/vendorcode/eltan/security/verified_boot/vboot_check.c:

https://review.coreboot.org/c/coreboot/+/36822/6/src/vendorcode/eltan/securi... PS6, Line 188: (uint32_t) start > (uint32_t)(~(CONFIG_CBFS_SIZE-1))))

This checks if it's coming from SPI (because that's where the speedup is desirable), but the next cl […]

That not what is happening here unfortunately. Basically the type that is passed in here has a custom attributed added to the type that requests the check to copy the file before hashing. Indeed to speed things up for large chunks of data that need to come from the spi flash.

Basically what this does is either use a buffer that is allocated by the caller. If this isn't the case the routine will try to allocate from bootmem and use that as a temporary buffer.

So the entry in the verify_list controls (using the VERIFIED_BOOT_COPY_BLOCK attribute) if the file needs to be copied before hashing or not and the assumption is made that the handling of the file will always be the same.

https://review.coreboot.org/c/coreboot/+/36822/6/src/vendorcode/eltan/securi... PS6, Line 201:

extraneous space

Done