Attention is currently required from: Jakub Czapiga.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/66909 )
Change subject: vboot: Add VBOOT_CBFS_INTEGRATION support ......................................................................
Patch Set 11:
(3 comments)
File src/security/vboot/common.c:
https://review.coreboot.org/c/coreboot/+/66909/comment/bb713022_89fd983e PS9, Line 72: if (!CONFIG(VBOOT_CBFS_INTEGRATION)) {
Sorry, I don't follow what happened here... […]
Yeah, sorry, I meant `VB2_DIE()`. The underlying callback function is called `vb2ex_abort()`. I got a bit mixed up.
I don't really feel this code adds anything here by checking for a condition that shouldn't happen anyway. I generally think it's better (for binary size, etc.) to have those kinds of things caught right away with an assertion in the leaf function, rather than needing lots of code to catch and handle it further up the stack. So I'd prefer to keep this simple and just make sure `vb2api_get_firmware_size()` can't return 0 in the first place (with `VB2_DIE()`).
File src/security/vboot/vboot_common.h:
https://review.coreboot.org/c/coreboot/+/66909/comment/3c8473bc_f4299e2e PS11, Line 33: void vboot_fail_and_reboot(uint8_t reason, uint8_t subcode); src/soc/amd/common/psp_verstage/psp_verstage.c:reboot_into_recovery() could also use this, I think
File src/security/vboot/vboot_logic.c:
https://review.coreboot.org/c/coreboot/+/66909/comment/bf57ebde_3aa93cb6 PS11, Line 375: vboot_save_and_reboot(ctx, rv); fail_and_reboot()?
-
Julius Werner (Code Review)