3 comments:
File src/security/lockdown/Kconfig:
Patch Set #10, Line 6: default BOOTMEDIA_LOCK_CONTROLLER_RO_VBOOT_RO if VBOOT && !CHROMEOS
Since controller locks are not supported on all platforms, I don't think we want to set a default here. I think this decision is too complicated and too dependent on the specific board layout to really make a general recommendation for everyone, so I'd leave it at NONE.
write the regions
FW_MAIN_A/FW_MAIN_B, which are not write-protected using the internal
controller.
nit: well, technically you may write everything that's outside WP_RO which usually also contains some common shared data outside of the RW A/B sections.
File src/security/lockdown/Makefile.inc:
Patch Set #10, Line 12: bootblock-$(VBOOT_STARTS_IN_BOOTBLOCK) += lockdown.c
You should not need this. We already merge verstage-srcs into the appropriate stage when SEPARATE_VERSTAGE=n. You should only need
verstage-$(CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE) += lockdown.c
To view, visit change 32705. To unsubscribe, or for help writing mail filters, visit settings.