security/vboot: Add selection for firmware slots used by VBOOT

Make the firmware slot configuration in VBOOT selectable. The following
three modes are available:
  -RO only
  -RO + RW_A
  -RO + RW_A + RW_B

The mode "RO only" is the lowest mode with no safety during update.
You can select either RW_A or RW_AB via Kconfig which will add the
selected parttions to the final image.

Change-Id: I278fc060522b13048b00090b8e5261c14496f56e
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/27714
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
This commit is contained in:
Philipp Deppenwiese
2018-07-28 23:30:49 +02:00
committed by Philipp Deppenwiese
parent de462804e1
commit a558ca9aae
3 changed files with 42 additions and 1 deletions

View File

@@ -1,6 +1,7 @@
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
## Copyright (C) 2018 Siemens AG
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
@@ -25,6 +26,18 @@ config VBOOT
if VBOOT
config VBOOT_SLOTS_RW_A
bool "Firmware RO + RW_A"
help
Have one update partition beside the RO partition.
config VBOOT_SLOTS_RW_AB
bool "Firmware RO + RW_A + RW_B"
select VBOOT_SLOTS_RW_A
help
Have two update partitions beside the RO partition.
config VBOOT_VBNV_CMOS
bool
default n