Michael Niewöhner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/43405 )
Change subject: Documentation/security/intel: add Boot Guard related documentation ......................................................................
Patch Set 1:
(6 comments)
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... File Documentation/security/intel/bootguard.md:
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 22: Mode is disabled the FPFs are blown and it is impossible : to change the Boot Guard status (either enabled with keys you do not have : access to or permanently disabled maybe document somewhere that bootguard can be tested without blowing the fuses. add a warning, this should be done before EOM gets activated; also document the different ways of applying EOM (automatic commit when the acls are set accordingly vs. using MEManuf vs. IFPT)
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 158: Kay Key
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 163: its Security its own
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 180: Kay Key
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 180: SVN number number number ;)
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 184: Boot Guard *Boot Guard*