Patrick Rudolph uploaded patch set #6 to the change originally created by Patrick Rudolph.
security/lockdown: Write-protect WP_RO
Add a wrapper function boot_device_security_lockdown which wraps
boot_device_wp_region to either lock (read/write) the WP_RO region
or the complete boot device depending on the Kconfig. One can either
lock the boot device in VERSTAGE if VBOOT is enabled, or in RAMSTAGE.
Tested on Lenovo T520:
The WP_RO region is write-protected.
Tested on Up Sqaured:
THe WP_RO region is write-protected in the verstage/ramstage.
Change-Id: I72c3e1a0720514b9b85b0433944ab5fb7109b2a2
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
---
M src/include/boot_device.h
M src/security/lockdown/Kconfig
M src/security/lockdown/Makefile.inc
R src/security/lockdown/lockdown.c
M src/security/vboot/vboot_logic.c
5 files changed, 69 insertions(+), 7 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/05/32705/6
To view, visit change 32705. To unsubscribe, or for help writing mail filters, visit settings.