11 May
2019
11 May
'19
1:07 p.m.
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32705 )
Change subject: security/lockdown: Write-protect WP_RO ......................................................................
Patch Set 1:
Patch Set 1:
The mrc cache has nothing to do with WP_RO AFAIK it is its own FMAP partition.
You could set FPR in verstage, but it doesn't improve security as the SPIBAR is still locked at end of ramstage. Locking the SPIBAR earlier is not possible as said MRC cache needs to be protected at end of ramstage as well.
--
To view, visit https://review.coreboot.org/c/coreboot/+/32705
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I72c3e1a0720514b9b85b0433944ab5fb7109b2a2
Gerrit-Change-Number: 32705
Gerrit-PatchSet: 1
Gerrit-Owner: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Nico Huber nico.h@gmx.de
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Patrick Rudolph siro@das-labor.org
Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Comment-Date: Sat, 11 May 2019 11:07:58 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
Gerrit-MessageType: comment