Wim Vervoorn has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38403 )
Change subject: security/vboot: Allow UDC regardless of vboot state ......................................................................
Patch Set 4:
(2 comments)
https://review.coreboot.org/c/coreboot/+/38403/3/src/mainboard/facebook/mono... File src/mainboard/facebook/monolith/Kconfig:
PS3:
Can you please add mainboard changes in a separate CL?
Done
https://review.coreboot.org/c/coreboot/+/38403/3/src/soc/intel/common/block/... File src/soc/intel/common/block/xdci/Kconfig:
https://review.coreboot.org/c/coreboot/+/38403/3/src/soc/intel/common/block/... PS3, Line 6: XDCI_VBOOT_FORCE_ENABLE
How about adding a config to src/security/vboot/Kconfig "VBOOT_ALWAYS_ALLOW_XDCI" which can be check […]
Good suggestion. Just updated the patch. This is indeed much more generic. I have defaulted the option to N to make sure I don't break expected behavior on other systems. The option can be selected on board level like I did for the monolith system.
The user can only set the option when CHROMEOS is not enabled. This is done to make sure the CHROMEOS expectations for the UDC enabled can't be corrupted by a configuration mistake.