[coreboot-gerrit] Change in coreboot[master]: security/lockdown: Write-protect WP_RO

Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32705 )

Change subject: security/lockdown: Write-protect WP_RO ......................................................................

Patch Set 15:

(9 comments)

https://review.coreboot.org/c/coreboot/+/32705/5/src/include/boot_device.h File src/include/boot_device.h:

https://review.coreboot.org/c/coreboot/+/32705/5/src/include/boot_device.h@7... PS5, Line 78: Looks

Done

Done

https://review.coreboot.org/c/coreboot/+/32705/5/src/security/lockdown/Kconf... File src/security/lockdown/Kconfig:

https://review.coreboot.org/c/coreboot/+/32705/5/src/security/lockdown/Kconf... PS5, Line 61: chip

Done

Done

https://review.coreboot.org/c/coreboot/+/32705/6/src/security/lockdown/Kconf... File src/security/lockdown/Kconfig:

https://review.coreboot.org/c/coreboot/+/32705/6/src/security/lockdown/Kconf... PS6, Line 26: programmer

Done

Done

https://review.coreboot.org/c/coreboot/+/32705/6/src/security/lockdown/Kconf... PS6, Line 27: chipset lockdown

Done

Done

https://review.coreboot.org/c/coreboot/+/32705/4/src/security/lockdown/lockd... File src/security/lockdown/lockdown.c:

https://review.coreboot.org/c/coreboot/+/32705/4/src/security/lockdown/lockd... PS4, Line 59: printk(BIOS_DEBUG, "BM-LOCKDOWN: Trying write-protection "

format strings don't need to be broken up.

Done

https://review.coreboot.org/c/coreboot/+/32705/5/src/security/lockdown/lockd... File src/security/lockdown/lockdown.c:

https://review.coreboot.org/c/coreboot/+/32705/5/src/security/lockdown/lockd... PS5, Line 76: security_lockdown_bootmedia

Done

Done

https://review.coreboot.org/c/coreboot/+/32705/6/src/security/lockdown/lockd... File src/security/lockdown/lockdown.c:

https://review.coreboot.org/c/coreboot/+/32705/6/src/security/lockdown/lockd... PS6, Line 56: for (size_t i = 0; i < ARRAY_SIZE(wp_prot); i++) {

Done

Simplified the code.

https://review.coreboot.org/c/coreboot/+/32705/6/src/security/lockdown/lockd... PS6, Line 75: security_lockdown_bootmedia

Done

Done

https://review.coreboot.org/c/coreboot/+/32705/5/src/security/vboot/verstage... File src/security/vboot/verstage.c:

https://review.coreboot.org/c/coreboot/+/32705/5/src/security/vboot/verstage... PS5, Line 35: boot_device_security_lockdown(NULL);

Note that this code is only executed in CONFIG_SEPARATE_VERSTAGE builds. […]

Done