security/vboot: Check RW_NVRAM at buildtime

This avoids runtime failures of lacking a RW_NVRAM section in fmap or
one having a size too small.

Change-Id: I3415bd719428a23b21210eb2176dbe15fa44eb9c
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71868
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>

src/security/vboot/Makefile.inc

@@ -71,6 +71,11 @@ romstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
 ramstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
 postcar-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
 
+$(call src-to-obj,bootblock,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
+$(call src-to-obj,verstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
+$(call src-to-obj,romstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
+$(call src-to-obj,ramstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
+$(call src-to-obj,postcar,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
 bootblock-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
 verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
 romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c

src/security/vboot/vbnv_flash.c

@@ -3,6 +3,7 @@
 #include <commonlib/region.h>
 #include <console/console.h>
 #include <fmap.h>
+#include <fmap_config.h>
 #include <string.h>
 #include <vb2_api.h>
 #include <security/vboot/vboot_common.h>
@@ -44,6 +45,9 @@ static inline int can_overwrite(uint8_t current, uint8_t new)
 	return (current & new) == new;
 }
 
+_Static_assert(FMAP_SECTION_RW_NVRAM_SIZE >= BLOB_SIZE,
+	       "RW_NVRAM FMAP section not present or too small");
+
 static int init_vbnv(void)
 {
 	struct vbnv_flash_ctx *ctx = &vbnv_flash;