We need documentation about the platform lockdown mechanism used (PRR?)
Patch set 1:Code-Review -1
4 comments:
File src/security/lockdown/Kconfig:
Patch Set #1, Line 13: default BOOTMEDIA_LOCK_NONE
vboot isn't covered correctly
Patch Set #1, Line 22: media. The locking will take place during the chipset lockdown, which
too imprecise
Patch Set #1, Line 35: boot media the corresponding region is still readable.
too imprecise
File src/security/lockdown/bootmedia.c:
Patch Set #1, Line 57: BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, security_lockdown_bootmedia,
Can we move this into the core root of trust vboot_logic.c if vboot is enabled?
To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.