diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index ad5b61e267..ee8d36ae7b 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -218,6 +218,22 @@ config RW_REGION_ONLY Add a space delimited list of filenames that should only be in the RW sections. +config RWA_REGION_ONLY + string + default "" + depends on VBOOT_SLOTS_RW_AB + help + Add a space-delimited list of filenames that should only be in the + RW-A section. + +config RWB_REGION_ONLY + string + default "" + depends on VBOOT_SLOTS_RW_AB + help + Add a space-delimited list of filenames that should only be in the + RW-B section. + config VBOOT_ENABLE_CBFS_FALLBACK bool default n diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 1e0166ef37..90b275660e 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -165,8 +165,9 @@ RW_PARTITIONS += FW_MAIN_B endif # Return the regions a specific file should be placed in. The files listed below and the ones -# that are specified in CONFIG_RO_REGION_ONLY are only specified in the RO region. The files -# specified in the CONFIG_RW_REGION_ONLY are only placed in the RW regions. +# that are specified in CONFIG_RO_REGION_ONLY, are only specified in the RO region. The files +# specified in the CONFIG_RW_REGION_ONLY are placed in all RW regions. Files specified +# in CONFIG_RWA_REGION_ONLY or CONFIG_RWB_REGION_ONLY get placed only in those sections. # All other files will be installed into RO and RW regions # Use $(sort) to cut down on extra spaces that would be translated to commas regions-for-file = $(subst $(spc),$(comma),$(sort \ @@ -184,10 +185,16 @@ regions-for-file = $(subst $(spc),$(comma),$(sort \ cmos.default \ $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \ ,$(1)),COREBOOT,\ + $(if $(filter \ + $(call strip_quotes,$(CONFIG_RWA_REGION_ONLY)) \ + ,$(1)), FW_MAIN_A, \ + $(if $(filter \ + $(call strip_quotes,$(CONFIG_RWB_REGION_ONLY)) \ + ,$(1)), FW_MAIN_B, \ $(if $(filter \ $(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \ ,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \ - ))) + ))))) CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))