security/vboot: Add rw_region_only support to vboot

In some case where the flash space is limited or when a large payload such as LinuxBoot
is used, the RO region may not be large enough to contain all components that would
normally be added.

This patch adds the possibility to add specific components to the RW regions only in
the same way as the RO_ONLY_SUPPORT does for the RO region.

Please note: this applies only to the items that would normally be added to all regions.
If the payload is directed to the RW region only, a recovery payload needs to be added
to the RO region manually.

BUG=N/A
TEST=build

Change-Id: Ie0df9b5dfc6df4f24efc5582a1aec9ecfb48c44d
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36544
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Wim Vervoorn 2019-11-01 10:47:01 +01:00 committed by Patrick Georgi
parent 02a4a0d471
commit a1c259beef
2 changed files with 17 additions and 2 deletions

View File

@ -220,6 +220,13 @@ config RO_REGION_ONLY
Add a space delimited list of filenames that should only be in the Add a space delimited list of filenames that should only be in the
RO section. RO section.
config RW_REGION_ONLY
string
default ""
depends on VBOOT_SLOTS_RW_A
help
Add a space delimited list of filenames that should only be in the
RW sections.
config VBOOT_ENABLE_CBFS_FALLBACK config VBOOT_ENABLE_CBFS_FALLBACK
bool bool

View File

@ -170,13 +170,17 @@ VBOOT_PARTITIONS := COREBOOT
# Check for RW_A partition # Check for RW_A partition
ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y) ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)
VBOOT_PARTITIONS += FW_MAIN_A VBOOT_PARTITIONS += FW_MAIN_A
RW_PARTITIONS := FW_MAIN_A
endif endif
# Check for RW_B partition # Check for RW_B partition
ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y) ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)
VBOOT_PARTITIONS += FW_MAIN_B VBOOT_PARTITIONS += FW_MAIN_B
RW_PARTITIONS += FW_MAIN_B
endif endif
# Define a list of files that need to be in RO only. # Return the regions a specific file should be placed in. The files listed below and the ones
# that are specified in CONFIG_RO_REGION_ONLY are only specified in the RO region. The files
# specified in the CONFIG_RW_REGION_ONLY are only placed in the RW regions.
# All other files will be installed into RO and RW regions # All other files will be installed into RO and RW regions
# Use $(sort) to cut down on extra spaces that would be translated to commas # Use $(sort) to cut down on extra spaces that would be translated to commas
regions-for-file = $(subst $(spc),$(comma),$(sort \ regions-for-file = $(subst $(spc),$(comma),$(sort \
@ -193,7 +197,11 @@ regions-for-file = $(subst $(spc),$(comma),$(sort \
cmos_layout.bin \ cmos_layout.bin \
cmos.default \ cmos.default \
$(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \ $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \
,$(1)),COREBOOT,$(VBOOT_PARTITIONS)))) ,$(1)),COREBOOT,\
$(if $(filter \
$(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \
,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \
)))
CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE)) CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))