Hello Philipp Deppenwiese, build bot (Jenkins), Nico Huber, Patrick Georgi, Martin Roth, Frans Hendriks, Christian Walter, Julius Werner, Arthur Heymans, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/32704
to look at the new patch set (#9).
Change subject: security: Add common boot media write protection ......................................................................
security: Add common boot media write protection
Introduce boot media protection settings and use the existing boot_device_wp_region() function to apply settings on all platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete.
Tested on Lenovo T520. The whole flash is protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M src/include/boot_device.h M src/security/Kconfig M src/security/Makefile.inc A src/security/lockdown/Kconfig A src/security/lockdown/Makefile.inc A src/security/lockdown/lockdown.c M src/southbridge/intel/common/Kconfig M src/southbridge/intel/common/finalize.c 8 files changed, 108 insertions(+), 49 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/32704/9