And if so, NV storage seems not required any more under schemes without
RW slot.
Best regards,
Persmule
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, August 19, 2019 7:57 AM, Persmule <persm...@hardenedlinux.org> wrote:
> Thanks. Though I would rather push a change (
> https://review.coreboot.org/c/coreboot/+/34977 ) to make vboot step into
> "recovery mode" directly when no RW slots is present, since I believe letting
> vboot "verify" a non-existing RW slot is mostly pointless.
>
> Is it convenient for me to bother you to review my change mentioned above?
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Sunday, August 18, 2019 4:43 PM, Michal Zygowski
> <michal.zygow...@3mdeb.com> wrote:
>
>> Yes, vboot requires NV storage to keep its context across boots, it is
>> typically done in CMOS or SPI or EC memory. One of these 3 options must be
>> selected.
>>
>> For example, in your mainboard Kconfig you should have something like this:
>>
>> config VBOOT
>> bool
>> default y
>> select VBOOT_VBNV_CMOS
>> select VBOOT_NO_BOARD_SUPPORT
>> select GBB_FLAG_DISABLE_LID_SHUTDOWN
>> select GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
>> select GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
>> select GBB_FLAG_DISABLE_FWMP
>> select RTC
>>
>> config VBOOT_VBNV_OFFSET
>> hex
>> default 0x2D8 if VBOOT
>>
>> The options you have to select highly depend on the hardware you are trying
>> to run vboot on. For example vboot can start in bootblock or in romstage
>> (depends on C_ENVIRONMENT_BOOTBLOCK support for the microarchitecture). The
>> example shows sample configuration for CMOS stored vboot flags, however
>> following options for vboot storage are also available (and have their own
>> dependencies as well):
>> - VBOOT_VBNV_EC
>> - VBOOT_VBNV_FLASH
>>
>> I advise to look at src/security/vboot/Kconfig, help sections for the
>> options might be helpful for you.
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
