diff options
| author | Wim Vervoorn <wvervoorn@eltan.com> | 2019-11-05 14:09:16 +0100 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2019-11-07 14:12:00 +0000 |
| commit | 114e2e88305a6e1fc972a58a03b89a23685e5a48 (patch) | |
| tree | 8abdf9fd5f495312b207c569e237a91be5f22787 /Documentation/security | |
| parent | 32c8de10b03d0f7fccd4e4dc10a20f97e57cc428 (diff) | |
lib/cbfs: Add fallback to RO region to cbfs_boot_locate
With this change cbfs_boot_locate will check the RO (COREBOOT) region if
a file can not be found in the active RW region. By doing so it is not
required to duplicate static files that are not intended to be updated
to the RW regions.
The coreboot image can still be updated by adding the file to the RW
region.
This change is intended to support VBOOT on systems with a small flash
device.
BUG=N/A
TEST=tested on facebook fbg1701
Change-Id: I81ceaf927280cef9a3f09621c796c451e9115211
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36545
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'Documentation/security')
| -rw-r--r-- | Documentation/security/vboot/index.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/Documentation/security/vboot/index.md b/Documentation/security/vboot/index.md index 97420893e5..400c2b5149 100644 --- a/Documentation/security/vboot/index.md +++ b/Documentation/security/vboot/index.md @@ -186,6 +186,26 @@ In addition to adding the coreboot files into the read-only region, enabling vboot causes the build script to add the read/write files into coreboot file systems in *FW_MAIN_A* and *FW_MAIN_B*. +**RO_REGION_ONLY** + +The files added to this list will only be placed in the read-only region and +not into the read/write coreboot file systems in *FW_MAIN_A* and *FW_MAIN_B*. + +**VBOOT_ENABLE_CBFS_FALLBACK** + +Normally coreboot will use the active read/write coreboot file system for all +of it's file access when VBOOT is active and is not in recovery mode. + +When the `VBOOT_ENABLE_CBFS_FALLBACK` option is enabled the cbfs file system will +first try to locate a file in the active read/write file system. If the file +doesn't exist here the file system will try to locate the file in the read-only +file system. + +This option can be used to prevent duplication of static data. Files can be +removed from the read/write partitions by adding them to the `RO_REGION_ONLY` +config. If a file needs to be changed in a later stage simply remove it from +this list. + *** ## Signing the coreboot Image |