2 files changed, 25 insertions, 0 deletions

diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index 9ac1bc084b..13b5afb6ea 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -62,6 +62,22 @@ int cbfs_boot_locate(struct cbfsf *fh, const char *name, uint32_t *type)
 	}
 
 	int ret = cbfs_locate(fh, &rdev, name, type);
+
+	if (CONFIG(VBOOT_ENABLE_CBFS_FALLBACK) && ret) {
+
+		/*
+		 * When VBOOT_ENABLE_CBFS_FALLBACK is enabled and a file is not available in the
+		 * active RW region, the RO (COREBOOT) region will be used to locate the file.
+		 *
+		 * This functionality makes it possible to avoid duplicate files in the RO
+		 * and RW partitions while maintaining updateability.
+		 *
+		 * Files can be added to the RO_REGION_ONLY config option to use this feature.
+		 */
+		printk(BIOS_DEBUG, "Fall back to RO region for %s\n", name);
+		ret = cbfs_locate_file_in_region(fh, "COREBOOT", name, type);
+	}
+
 	if (!ret)
 		if (vboot_measure_cbfs_hook(fh, name))
 			return -1;
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index e3b8aa68e2..87bb80a561 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -220,6 +220,15 @@ config RO_REGION_ONLY
 	  Add a space delimited list of filenames that should only be in the
 	  RO section.
 
+
+config VBOOT_ENABLE_CBFS_FALLBACK
+	bool
+	default n
+	depends on VBOOT_SLOTS_RW_A
+	help
+	  When this option is enabled cbfs_boot_locate will look for a file in the RO
+	  (COREBOOT) region if it isn't available in the active RW region.
+
 menu "GBB configuration"
 
 config GBB_HWID