Attention is currently required from: Raul Rangel, Julius Werner.

View Change

1 comment:

• File src/include/cbfs.h:

  • Patch Set #2, Line 58:

    * ..._unverified_area_...: Will look for the CBFS file in the named FMAP area, rather than
     *	any of the default (RO or RW) CBFSs. Files accessed this way are *not* verified in any
     *	way (even if CONFIG(CBFS_VERIFICATION) is enabled) and should always be treated as
     *	untrusted (potentially malicious) data. Mutually exclusive with the ..._ro_... variant.
     *
    

    If one will pass "COREBOOT" as area name, they will be able to bypass verification. Should it be possible?

To view, visit change 59678. To unsubscribe, or for help writing mail filters, visit settings.