<blockquote style="border-left: 1px solid #aaa; margin: 10px 0; padding: 0 10px;"><p style="white-space: pre-wrap; word-wrap: break-word;">Outside the scope of this patchset but could we make finalizing in<br>SMM optional?</p></blockquote><p style="white-space: pre-wrap; word-wrap: break-word;">Partially, yes. We already have the Kconfig (INTEL_CHIPSET_LOCKDOWN)<br>to decide. IIRC, locking SMM can only be done from SMM, though, so<br>that would have to be split out.</p><p style="white-space: pre-wrap; word-wrap: break-word;">We could also always let coreboot trigger the finalization, and<br>instead make the SPILOCK configurable (for payloads that still need<br>access). I guess there's also something in depthcharge for these<br>platforms that didn't want things locked earlier.</p><p><a href="https://review.coreboot.org/c/coreboot/+/29977">View Change</a></p><ul style="list-style: none; padding: 0;"></ul><p>To view, visit <a href="https://review.coreboot.org/c/coreboot/+/29977">change 29977</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/c/coreboot/+/29977"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I781082b1ed507b00815d1e85aec3e56ae5a4bef2 </div>
<div style="display:none"> Gerrit-Change-Number: 29977 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: Tristan Corrick <tristan@corrick.kiwi> </div>
<div style="display:none"> Gerrit-Reviewer: Alexander Couzens <lynxis@fe80.eu> </div>
<div style="display:none"> Gerrit-Reviewer: Arthur Heymans <arthur@aheymans.xyz> </div>
<div style="display:none"> Gerrit-Reviewer: Martin Roth <martinroth@google.com> </div>
<div style="display:none"> Gerrit-Reviewer: Nico Huber <nico.h@gmx.de> </div>
<div style="display:none"> Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com> </div>
<div style="display:none"> Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org> </div>
<div style="display:none"> Gerrit-Reviewer: Tristan Corrick <tristan@corrick.kiwi> </div>
<div style="display:none"> Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org> </div>
<div style="display:none"> Gerrit-Comment-Date: Sat, 01 Dec 2018 13:36:11 +0000 </div>
<div style="display:none"> Gerrit-HasComments: No </div>
<div style="display:none"> Gerrit-Has-Labels: No </div>
<div style="display:none"> Gerrit-MessageType: comment </div>