Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32704 )
Change subject: security: Add common boot media write protection ......................................................................
Patch Set 6:
(6 comments)
https://review.coreboot.org/c/coreboot/+/32704/5/src/drivers/spi/Kconfig File src/drivers/spi/Kconfig:
https://review.coreboot.org/c/coreboot/+/32704/5/src/drivers/spi/Kconfig@64 PS5, Line 64: config SPI_FLASH_CTRL_PROTECT
Technically coreboot supports multiple SPI flashes on multiple SPI controllers, so you can't really […]
removed
https://review.coreboot.org/c/coreboot/+/32704/4/src/security/lockdown/Kconf... File src/security/lockdown/Kconfig:
https://review.coreboot.org/c/coreboot/+/32704/4/src/security/lockdown/Kconf... PS4, Line 2: config SECURITY_BOOTMEDIA_LOCKDOWN
What's the point of this option? boot_device_wp_region() is already available everywhere (because th […]
removed
https://review.coreboot.org/c/coreboot/+/32704/5/src/security/lockdown/Kconf... File src/security/lockdown/Kconfig:
https://review.coreboot.org/c/coreboot/+/32704/5/src/security/lockdown/Kconf... PS5, Line 2: config SECURITY_BOOTMEDIA_LOCKDOWN
Again, I'm not really sure what this option is for, I would just display the 'choice' menu below dir […]
removed
https://review.coreboot.org/c/coreboot/+/32704/5/src/security/lockdown/Kconf... PS5, Line 19: config BOOTMEDIA_LOCK_RO
It feels a bit odd that you force both media and controller lockdown into a single option. […]
Done
https://review.coreboot.org/c/coreboot/+/32704/5/src/security/lockdown/bootm... File src/security/lockdown/bootmedia.c:
https://review.coreboot.org/c/coreboot/+/32704/5/src/security/lockdown/bootm... PS5, Line 26:
nit: one space too many?
removed
https://review.coreboot.org/c/coreboot/+/32704/5/src/security/lockdown/bootm... PS5, Line 35: #%zu
nit: can we use meaningful strings here?
done