security/vboot: Update vboot context with slot B absence

coreboot offers two vboot schemes VBOOT_SLOTS_RW_A and
VBOOT_SLOTS_RW_AB. When VBOOT_SLOTS_RW_AB is not selected then the
resulting image is rather not expected to have the FW_MAIN_B FMAP
region. When only RW_A region is used, vboot does additional full_reset
cycles to try RW_B, even though it does not exist / the build was not
configured for two RW partitions. To avoid it, a new vboot context
flag has been introduced, VB2_CONTEXT_SLOT_A_ONLY, which can be set
right after context initialization to inform vboot about absence of
slot B. This will result in less full_reset cycles when vboot runs
out of available slots and cause vboot to switch to recovery mode
faster.

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ie123881a2f9f766ae65e4ac7c36bc2a8fce8d100
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75462
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

1 files changed, 3 insertions, 0 deletions

diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 491615a4db83..9a8a9657e460 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -259,6 +259,9 @@ void verstage_main(void)
 		platform_is_resuming())
 		ctx->flags |= VB2_CONTEXT_S3_RESUME;
 
+	if (!CONFIG(VBOOT_SLOTS_RW_AB))
+		ctx->flags |= VB2_CONTEXT_SLOT_A_ONLY;
+
 	/* Read secdata from TPM. Initialize TPM if secdata not found. We don't
 	 * check the return value here because vb2api_fw_phase1 will catch
 	 * invalid secdata and tell us what to do (=reboot). */