Is there an easy way for a running payload to extract additional files from its CBFS image in ROM? I'd like to have a reproducible kernel and initrd as the primary payload, with user data (and keys) stored in a separate payload section of the CBFS.
On the build host I can use cbfstool to add/extract them from the file, but I'm not seeing an easy way to do it on the running machine short of 'dd if=/dev/mem' at the correct address.
If you were talking about a "normal" payload (linking libpayload) that would be easy... there's plenty of CBFS APIs in libpayload (cbfs_find_file() would be the simplest for this case).
But it sounds like you're using a Linux kernel as payload? Then I'm afraid you're restricted to the normal ways that Linux can use to access the firmware flash... flashrom it out and use cbfstool extract (which should work on a real system, not so sure about qemu). Depending on what exactly you're trying to do, it may be easier to just include your data in an initramfs instead.