Attention is currently required from: Joel Kitching, Daisuke Nojiri, Aaron Durbin. Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/54099 )

Change subject: vboot: Add VB2_CONTEXT_TRUSTED ......................................................................

Patch Set 3:

(1 comment)

File src/security/vboot/vboot_logic.c:

https://review.coreboot.org/c/coreboot/+/54099/comment/b94fe517_8cfdef95 PS3, Line 216: EC_EFS_BOOT_MODE_NO_BOOT In my opinion, we should update the name of the boot modes to:

``` EC_EFS_BOOT_MODE_TRUSTED_RO EC_EFS_BOOT_MODE_UNTRUSTED_RO EC_EFS_BOOT_MODE_RW ```

With this, it is clear that the EC is basically communicating its current boot mode to GSC. What policies are implemented doesn't really matter to EC or even the GSC. AP can use the information about the current boot mode from the GSC and then apply policies like: VB2_CONTEXT_NO_BOOT(if currently in untrusted RO) or VB2_CONTEXT_TRUSTED (if in trusted RO).

From EC's standpoint, RO can set boot mode to UNTRUSTED_RO if it is enabling PD or for any other reason in the future that is considered as making the EC-RO untrusted.