1# Using coreboot's verified boot on Lenovo devices 2 3By default a single instance of coreboot is present in the firmware flash, 4no verification is done and the flash is not write-protected, so as to allow 5firmware updates from the OS. 6The verified boot mechanism also called [vboot] allows secure firmware 7updates using an A/B partitioning scheme once enabled. 8 9## Enabling vboot 10You can enable [vboot] in Kconfig's *Security* section. Besides a verified 11boot you can also enable a measured boot by setting 12`CONFIG_TPM_MEASURED_BOOT`. Both options need a working TPM, which is 13present on all recent Lenovo devices. 14 15## Updating and recovery 16As the A/B partition is writeable you can still update them from the OS. 17By using the [vboot] mechanism you store a copy of coreboot in the `RO` 18partition that acts as failsafe in case the regular firmware update, that 19goes to the `A` or `B` partition fails. 20 21**Note:** The `RO` partition isn't write-protected by default, therefore you 22have to enable the protection in the security Kconfig menu by yourself. 23 24On *Lenovo* devices you can enable the *Fn* key as recovery mode switch, by 25enabling `CONFIG_H8_FN_KEY_AS_VBOOT_RECOVERY_SW`. 26Holding the *Fn* at boot will then switch to the recovery image, allowing 27to boot and flash a working image to the A/B partition. 28 29## 8 MiB ROM limitation 30*Lenovo* devices with 8 MiB ROM only have a `RO`+`A` partition enabled in the 31default FMAP. They are missing the `B` partition, due to size constraints. 32You can still provide your own FMAP if you need `RO`+`A`+`B` partitions. 33 34## CMOS 35[vboot] on *Lenovo* devices uses the CMOS to store configuration data, like 36boot failures and the last successfully booted partition. 37 38[vboot]: ../../security/vboot/index.md 39