Attention is currently required from: Dinesh Gehlot, Julius Werner, Yu-Ping Wu.
Subrata Banik has posted comments on this change by Dinesh Gehlot. ( https://review.coreboot.org/c/coreboot/+/83685?usp=email )
Change subject: src: Include new gbb flag to enforce cse sync ......................................................................
Patch Set 1:
(2 comments)
Commit Message:
https://review.coreboot.org/c/coreboot/+/83685/comment/0bc31794_01dcc3a7?usp... : PS1, Line 12:
to make sure this is test only GBB
I think all the GBB flags are for testing or development purposes. Real users should not be able to modify GBB flags without unlocking RO. Therefore maybe no need to highlight that in this particular flag?
I am a little hesitant to proceed because FAFT GBB has been used by users to implement various workarounds in coreboot, depthcharge, and other areas. As a result, I want to be sure that we clearly state that this is only for testing the CSE sync feature and should not be used to implement any other workarounds.
File src/security/vboot/Kconfig:
https://review.coreboot.org/c/coreboot/+/83685/comment/7d4d09ee_24d12b91?usp... : PS1, Line 454: CSME
I actually don't know the difference between CSE and CSME (and ME). I remember Reka said in somewhere that they are the same thing. Is that not correct?
CS (converged security) + ME (manageability engine) = CSME
We often use the CSE part alone because ME part is dependent of the use case like enterprise etc.