Attention is currently required from: Tim Wawrzynczak, Julius Werner, Patrick Rudolph.
Raul Rangel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/59679 )
Change subject: intel: cse_lite: Use cbfs_unverified_area API
......................................................................
Patch Set 2:
(1 comment)
File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/59679/comment/848ef97c_2f5a3d99
PS2, Line 676: cbfs_unverified_area_map
I wonder if anyone even noticed this was insecure when it was first written. […]
Ah, I think you wanted to avoid the vboot penalty on always hashing the firmware? It looks like the hash is stored in FW_MAIN_X, then the firmware is mapped and the hash is manually calculated.
Will CBFS_VERIFICATION allow moving this file into FW_MAIN_X?
--
To view, visit
https://review.coreboot.org/c/coreboot/+/59679
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If4855280d6d06cf1aa646fded916fd830b287b30
Gerrit-Change-Number: 59679
Gerrit-PatchSet: 2
Gerrit-Owner: Julius Werner
jwerner@chromium.org
Gerrit-Reviewer: Patrick Rudolph
siro@das-labor.org
Gerrit-Reviewer: Tim Wawrzynczak
twawrzynczak@chromium.org
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Paul Menzel
paulepanter@mailbox.org
Gerrit-CC: Raul Rangel
rrangel@chromium.org
Gerrit-Attention: Tim Wawrzynczak
twawrzynczak@chromium.org
Gerrit-Attention: Julius Werner
jwerner@chromium.org
Gerrit-Attention: Patrick Rudolph
siro@das-labor.org
Gerrit-Comment-Date: Mon, 29 Nov 2021 19:38:45 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Raul Rangel
rrangel@chromium.org
Gerrit-MessageType: comment