Hi coreboot folks,
I have recently stumbled upon an issue that non-ChromeOS platforms, once entered into recovery mode, cannot leave this state, despite the RW partition being updated with correctly signed firmware copy. I.e. imagine situation where RW A (and B) is not valid, vboot logic causes to boot into recovery. Flash is updated with valid RW A (and B) but the vboot logic does not try to verify the RW partition, instead is stuck in recovery mode due to VBOOT NVRAM content.
For ChromeOS platform the recovery reason is cleared in vb2api_kernel_phase2 but vb2api_kernel_phase2 is probably not used anywhere except depthcharge (or whatever is loading the ChromeOS kernel). So non-ChromeOS platform using vboot have no option to get out of recovery. Unless I am missing something, then please correct me.
My suggestion would be to add vb2_clear_recovery to vb2api exposed to the coreboot and let the platform code decide when the recovery request should be cleared. Also coreboot can attempt to verify RW partition despite recovery reason, but it would probably be inefficient and lead to situations where recovery mode should be entered, but wasn't entered.
Dear ChromeOS firmware experts, your opinion is highly appreciated.
Best regards,