12 comments:
Patch Set #5, Line 64: config SPI_FLASH_CTRL_PROTECT
removed
Done
File src/security/lockdown/Kconfig:
Patch Set #1, Line 13: default BOOTMEDIA_LOCK_NONE
It's not covered at all
Done
Patch Set #1, Line 22: media. The locking will take place during the chipset lockdown, which
How to be more precise? This is platform specific?
No reply within a year, marking as resolved
Patch Set #1, Line 35: boot media the corresponding region is still readable.
It's platform specific, but I don't see how to be more precise
Done
File src/security/lockdown/Kconfig:
Patch Set #3, Line 18: LOCK_RO
Done
Done
Patch Set #3, Line 22: media
Done
Done
Patch Set #3, Line 26: NOTE: If you trigger the chipset lockdown unconditionally,
Done
Done
Patch Set #3, Line 30: LOCK_NO_ACCESS
Done
Done
File src/security/lockdown/Kconfig:
Patch Set #4, Line 2: config SECURITY_BOOTMEDIA_LOCKDOWN
removed
Done
File src/security/lockdown/Kconfig:
Patch Set #5, Line 2: config SECURITY_BOOTMEDIA_LOCKDOWN
removed
Done
Patch Set #5, Line 19: config BOOTMEDIA_LOCK_RO
Done
Done
File src/security/lockdown/bootmedia.c:
Patch Set #1, Line 57: BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, security_lockdown_bootmedia,
No. It's unrelated to vboot.
Done
To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.