Patrick Rudolph uploaded patch set #13 to this change.
security: Add common boot media write protection
Introduce boot media protection settings and use the existing
boot_device_wp_region() function to apply settings on all
platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete.
Every platform locks the SPIBAR in a different stage.
For align up with the common mrc cache driver and lock after it has been
written to.
Tested on Supermicro X11SSH-TF. The whole address space is write-protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
M src/include/boot_device.h
M src/security/Kconfig
M src/security/Makefile.inc
A src/security/lockdown/Kconfig
A src/security/lockdown/Makefile.inc
A src/security/lockdown/lockdown.c
M src/southbridge/intel/common/Kconfig
M src/southbridge/intel/common/finalize.c
8 files changed, 135 insertions(+), 49 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/32704/13
To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.