Hello Philipp Deppenwiese, build bot (Jenkins), Nico Huber, Patrick Georgi, Martin Roth, Frans Hendriks, Christian Walter, Julius Werner, Arthur Heymans, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/32704
to look at the new patch set (#12).
Change subject: security: Add common boot media write protection ......................................................................
security: Add common boot media write protection
Introduce boot media protection settings and use the existing boot_device_wp_region() function to apply settings on all platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete. Every platform locks the SPIBAR in a different stage. For align up with the common mrc cache driver and lock after it has been written to.
Tested on Supermicro X11SSH-TF. The whole address space is write-protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M src/include/boot_device.h M src/security/Kconfig M src/security/Makefile.inc A src/security/lockdown/Kconfig A src/security/lockdown/Makefile.inc A src/security/lockdown/lockdown.c M src/southbridge/intel/common/Kconfig M src/southbridge/intel/common/finalize.c 8 files changed, 132 insertions(+), 49 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/32704/12