Patrick Rudolph uploaded patch set #10 to this change.
security: Add common boot media write protection
Introduce boot media protection settings and use the existing
boot_device_wp_region() function to apply settings on all
platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete.
As every platform locks the SPIBAR in a different stage, directly call it from
the corresponding functions. Until now it's hooked up for x86 Intel boards only.
Tested on Supermicro X11SSH-TF. The whole address space is write-protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
M src/include/boot_device.h
M src/security/Kconfig
M src/security/Makefile.inc
A src/security/lockdown/Kconfig
A src/security/lockdown/Makefile.inc
A src/security/lockdown/lockdown.c
M src/soc/intel/common/pch/lockdown/lockdown.c
M src/southbridge/intel/common/Kconfig
M src/southbridge/intel/common/finalize.c
M src/southbridge/intel/common/spi.c
10 files changed, 108 insertions(+), 49 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/32704/10
To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.