What is the time penalty when enabling this?
9 comments:
File src/security/lockdown/Kconfig:
Patch Set #3, Line 2: config SECURITY_BOOTMEDIA_LOCKDOWN
SECURITY_HAVE_BOOTMEDIA_LOCKDOWN
Patch Set #3, Line 6: support
supports
Patch Set #3, Line 22: media
medium?
Patch Set #3, Line 26: NOTE: If you trigger the chipset lockdown unconditionally,
I wouldn’t indent the note. `NOTE:` is enough “markup”.
Patch Set #3, Line 30: NO_ACCESS
RW to be consistent with RO?
Patch Set #3, Line 36: The locking will take place during the chipset lockdown, which is
Add a blank line above?
File src/security/lockdown/bootmedia.c:
Patch Set #3, Line 40: "whole bootmedia\n");
Won’t this be printed several time?
Add an else branch to inform the user about an error?
Patch Set #3, Line 53: Didn't
Didn’t or couldn’t …
I think there should be a separate error message for users explicitly wanting to lock the device, but it did not work.
To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.