4 files changed, 9 insertions, 2 deletions

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index a2af5d2564..2d5b20f50d 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -90,6 +90,7 @@ config VBOOT_STARTS_BEFORE_BOOTBLOCK
 config VBOOT_STARTS_IN_BOOTBLOCK
 	bool
 	default n
+	depends on SEPARATE_ROMSTAGE
 	help
 	  Firmware verification happens during the end of or right after the
 	  bootblock. This implies that a static VBOOT2_WORK() buffer must be
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index f152444044..1b3568a1ec 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -43,7 +43,9 @@ $(1)-srcs += $$(VBOOT_LIB_$(1))
 endef # vboot-for-stage
 
 $(eval $(call vboot-for-stage,bootblock))
+ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y)
 $(eval $(call vboot-for-stage,romstage))
+endif
 $(eval $(call vboot-for-stage,ramstage))
 $(eval $(call vboot-for-stage,postcar))
 
@@ -157,7 +159,11 @@ else # CONFIG_VBOOT_SEPARATE_VERSTAGE
 ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
 postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
 else
+ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y)
 postinclude-hooks += $$(eval romstage-srcs += $$(verstage-srcs))
+else
+postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
+endif
 endif
 endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
 
diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h
index 8310647760..a7069f38fe 100644
--- a/src/security/vboot/misc.h
+++ b/src/security/vboot/misc.h
@@ -48,7 +48,7 @@ static inline int verification_should_run(void)
 	if (CONFIG(VBOOT_SEPARATE_VERSTAGE))
 		return ENV_SEPARATE_VERSTAGE;
 	else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
-		return ENV_ROMSTAGE;
+		return ENV_RAMINIT;
 	else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
 		return ENV_BOOTBLOCK;
 	else
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
index f9080c585a..68df1406a7 100644
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -29,7 +29,7 @@ static void save_secdata(struct vb2_context *ctx)
 
 void vboot_save_data(struct vb2_context *ctx)
 {
-	if (!verification_should_run() && !(ENV_ROMSTAGE && CONFIG(VBOOT_EARLY_EC_SYNC))) {
+	if (!verification_should_run() && !(ENV_RAMINIT && CONFIG(VBOOT_EARLY_EC_SYNC))) {
 		if (ctx->flags
 		    & (VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED
 		       | VB2_CONTEXT_SECDATA_KERNEL_CHANGED))