Patch Set 5:

(1 comment)

I think the change to ‘choice’ has two hocks.
The first is that if someone did not activate the ME/TXE lock until now and assumes that the regions are all unlocked, they will now come to the default branch – ‘don’t touch’. If now an already been edited descriptor region is used, these protect settings are applied.

You are right, it's probably too late to change the default
as people are used to the current behaviour. I don't care
much about the default (IMHO, it's odd to do anything with
the descriptor at all). Also see inline comment.

And the second issue we are getting with switching to ‘choice’ is a conflict with the lynxpoint Kconfig file. This also contains an option with the name ‘LOCK_MANAGEMENT_ENGINE’.

Yeah, that lynxpoint entry is a no-op and could be dropped.

Well thanks, I corrected the adjustments once again.

View Change

To view, visit change 31639. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I46ec6339008edcc78fe76682eed5714f85354937
Gerrit-Change-Number: 31639
Gerrit-PatchSet: 6
Gerrit-Owner: Mario Scheithauer <mario.scheithauer@siemens.com>
Gerrit-Reviewer: Mario Scheithauer <mario.scheithauer@siemens.com>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Nico Huber <nico.h@gmx.de>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Angel Pons <th3fanbus@gmail.com>
Gerrit-CC: Furquan Shaikh <furquan@google.com>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-Comment-Date: Fri, 01 Mar 2019 10:32:19 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
Gerrit-MessageType: comment