futility: updater: always do partial verify (-N/--noverify-all)
The updater should always only update the whole image when write
protection is disabled, or partial (RW) when write protection is
enabled. As a result, it should be better to always turn on -N
(--noverify-all) for two reasons: (1) faster partial write, and
(2) prevent failure due to other processors accessing the flash
in parallel.
- Faster partial write:
On recent x86 Chromebooks the flash size is getting bigger and bigger
(for example 32M on Brya) and the RW section size is much smaller
(8M on Brya). So we wasted a lot of time reading and verifying
sections that we don't care (64M versus 16M) if we don't turn on -N.
- Concurrent access:
On recent x86 devices the system flash is shared by two processors -
the CPU and the CSME. Before the ME is locked, CPU can see and access
all regions - including those managed by ME/CSME. As a result, when
the updater is changing the RW_SECTION, the CSME may be updating
CSE_RO or CSE_RW on its own. So if we don't turn on -N, the
verification will fail in CSE regions.
Also revised to only set FLASHROM_FLAG_VERIFY_AFTER_WRITE one time.
BUG=None
TEST=make; build and run tests.
BRANCH=None
Change-Id: I1ebff2d7f00b85037464eff4fa5d4573f867ce44
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3505290
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
1 file changed
