From cb2561d2765f637dd4d11a1e57f43dd0a21d06e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 25 May 2023 11:20:14 +0200 Subject: security/vboot: Update vboot context with slot B absence MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit coreboot offers two vboot schemes VBOOT_SLOTS_RW_A and VBOOT_SLOTS_RW_AB. When VBOOT_SLOTS_RW_AB is not selected then the resulting image is rather not expected to have the FW_MAIN_B FMAP region. When only RW_A region is used, vboot does additional full_reset cycles to try RW_B, even though it does not exist / the build was not configured for two RW partitions. To avoid it, a new vboot context flag has been introduced, VB2_CONTEXT_SLOT_A_ONLY, which can be set right after context initialization to inform vboot about absence of slot B. This will result in less full_reset cycles when vboot runs out of available slots and cause vboot to switch to recovery mode faster. Signed-off-by: Michał Żygowski Change-Id: Ie123881a2f9f766ae65e4ac7c36bc2a8fce8d100 Reviewed-on: https://review.coreboot.org/c/coreboot/+/75462 Reviewed-by: Yu-Ping Wu Reviewed-by: Eric Lai Tested-by: build bot (Jenkins) --- src/security/vboot/vboot_logic.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 491615a4db..9a8a9657e4 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -259,6 +259,9 @@ void verstage_main(void) platform_is_resuming()) ctx->flags |= VB2_CONTEXT_S3_RESUME; + if (!CONFIG(VBOOT_SLOTS_RW_AB)) + ctx->flags |= VB2_CONTEXT_SLOT_A_ONLY; + /* Read secdata from TPM. Initialize TPM if secdata not found. We don't * check the return value here because vb2api_fw_phase1 will catch * invalid secdata and tell us what to do (=reboot). */ -- cgit v1.2.3