Attention is currently required from: Yu-Ping Wu.

Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/78808?usp=email )

Change subject: security/vboot: Avoid using invalid vb2_context pointer ......................................................................

Patch Set 1:

(1 comment)

Patchset:

PS1: Do you have an explicit bug you're trying to fix here? In general, `assert()` is the check you're supposed to use when you "know" that something must be true (because of the way the rest of the code is written) and just want to add an extra sanity check that will warn people in case e.g. future refactoring breaks your assumptions. I think(?) that's true for all the cases here, so I think asserts are the right kind of check. We shouldn't start aggressively replacing all asserts in coreboot with die()-ifs just because we're worried that something might slip through... those should be reserved for the kinds of checks where you can't 100% guarantee from the code alone that something will always be true (e.g. checks that depend on the behavior of external peripherals).

(FATAL_ASSERTS is a separate topic. Personally, I wouldn't mind turning it on for our production builds, I don't think there's a point in leaving it off for ChromeOS. In practice, since we have it on for serial builds and we run that a lot anyway, we can usually be pretty certain that by the time we start making production builds all the situations that could force assertion errors are shaken out anyway.)