diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index 87bb80a561..70180c719a 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -220,6 +220,13 @@ config RO_REGION_ONLY
 	  Add a space delimited list of filenames that should only be in the
 	  RO section.
 
+config RW_REGION_ONLY
+	string
+	default ""
+	depends on VBOOT_SLOTS_RW_A
+	help
+	  Add a space delimited list of filenames that should only be in the
+	  RW sections.
 
 config VBOOT_ENABLE_CBFS_FALLBACK
 	bool
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index 31c0f5de26..3e5956cb10 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -170,13 +170,17 @@ VBOOT_PARTITIONS := COREBOOT
 # Check for RW_A partition
 ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)
 VBOOT_PARTITIONS += FW_MAIN_A
+RW_PARTITIONS := FW_MAIN_A
 endif
 # Check for RW_B partition
 ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)
 VBOOT_PARTITIONS += FW_MAIN_B
+RW_PARTITIONS += FW_MAIN_B
 endif
 
-# Define a list of files that need to be in RO only.
+# Return the regions a specific file should be placed in. The files listed below and the ones
+# that are specified in CONFIG_RO_REGION_ONLY are only specified in the RO region. The files
+# specified in the CONFIG_RW_REGION_ONLY are only placed in the RW regions.
 # All other files will be installed into RO and RW regions
 # Use $(sort) to cut down on extra spaces that would be translated to commas
 regions-for-file = $(subst $(spc),$(comma),$(sort \
@@ -193,7 +197,11 @@ regions-for-file = $(subst $(spc),$(comma),$(sort \
 		cmos_layout.bin \
 		cmos.default \
 		$(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \
-		,$(1)),COREBOOT,$(VBOOT_PARTITIONS))))
+		,$(1)),COREBOOT,\
+		$(if $(filter \
+			$(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \
+			,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \
+		)))
 
 CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
 CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))