On 22.08.24 11:17, Nico Huber via coreboot wrote:
There seems to be one exception where we can't just disabled it, I will write about that in a separate mail.
What we also discussed yesterday was one particularly painful case where the hardware only accepts a psp-verstage (which we need to boot coreboot) that is vendor signed. Please correct me if I'm wrong, I'm not familiar with the platform.
This seems to be a very special case because the verstage runs in a different environment, and at least in my theory has less compatibility issues than the general bootblock/romstage case. So I suggest to treat this case separately from other compati- bility efforts. This might be a case where we could consider a a special vboot submodule pointer just for this platform / the affected boards.
And we could also evaluate other options, e.g. dropping vboot support upstream for these particular boards. If that's doable? e.g. does this psp-verstage live in RO? if it does, can we get one signed that doesn't do vboot?
Also, when such partially tivoized hardware is hard to support upstream, shouldn't we make owners aware of it? Suggest to buy or even switch to something else? and consequently drop support?
Nico