security/vboot: Update vboot context with slot B absence

coreboot offers two vboot schemes VBOOT_SLOTS_RW_A and VBOOT_SLOTS_RW_AB. When VBOOT_SLOTS_RW_AB is not selected then the resulting image is rather not expected to have the FW_MAIN_B FMAP region. When only RW_A region is used, vboot does additional full_reset cycles to try RW_B, even though it does not exist / the build was not configured for two RW partitions. To avoid it, a new vboot context flag has been introduced, VB2_CONTEXT_SLOT_A_ONLY, which can be set right after context initialization to inform vboot about absence of slot B. This will result in less full_reset cycles when vboot runs out of available slots and cause vboot to switch to recovery mode faster. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ie123881a2f9f766ae65e4ac7c36bc2a8fce8d100 Reviewed-on: https://review.coreboot.org/c/coreboot/+/75462 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-05-25 11:20:14 +02:00 · 2023-05-25 11:20:14 +02:00 · cb2561d276
commit cb2561d276
parent 1c3b6b3230
1 changed files with 3 additions and 0 deletions
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@ -259,6 +259,9 @@ void verstage_main(void)
 		platform_is_resuming())
 		ctx->flags |= VB2_CONTEXT_S3_RESUME;

+	if (!CONFIG(VBOOT_SLOTS_RW_AB))
+		ctx->flags |= VB2_CONTEXT_SLOT_A_ONLY;
+
 	/* Read secdata from TPM. Initialize TPM if secdata not found. We don't
 	 * check the return value here because vb2api_fw_phase1 will catch
 	 * invalid secdata and tell us what to do (=reboot). */