Hello build bot (Jenkins), Patrick Rudolph, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/39925 to look at the new patch set (#5). Change subject: boot_device: Add boot_device_lockdown ...................................................................... boot_device: Add boot_device_lockdown Add a new method to lock the SPI protected range registers. This allows to lock the SPI controller early, which can be used to write-protect the WP_RO region in bootblock before handing of control to the later stages not protected by WP_RO. In conjunction with VBOOT and BOOTMEDIA_LOCK_CONTROLLER_RO_VBOOT_RO this enables a secure boot mechanism on non CHROMEOS enabled devices. Change-Id: I9d3a80a2e278c77212e1fba5236ea639ea018837 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> --- M src/drivers/spi/boot_device_rw_nommap.c M src/drivers/spi/spi_flash.c M src/include/boot_device.h M src/include/spi-generic.h M src/include/spi_flash.h M src/lib/boot_device.c M src/security/lockdown/lockdown.c M src/soc/intel/common/block/fast_spi/fast_spi_flash.c M src/soc/intel/common/pch/lockdown/lockdown.c M src/southbridge/intel/bd82x6x/lpc.c M src/southbridge/intel/common/finalize.c M src/southbridge/intel/common/spi.c M src/southbridge/intel/ibexpeak/lpc.c M src/southbridge/intel/lynxpoint/lpc.c 14 files changed, 82 insertions(+), 11 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/39925/5 -- To view, visit https://review.coreboot.org/c/coreboot/+/39925 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I9d3a80a2e278c77212e1fba5236ea639ea018837 Gerrit-Change-Number: 39925 Gerrit-PatchSet: 5 Gerrit-Owner: Patrick Rudolph <patrick.rudolph@9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org> Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org> Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net> Gerrit-MessageType: newpatchset