[coreboot-gerrit] Change in coreboot[master]: soc/intel/icelake: Add option to enable display over PCI external GFX

Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33739 )

Change subject: soc/intel/icelake: Add option to enable display over PCI external GFX ......................................................................

Patch Set 10:

(1 comment)

I don't like to pick sides, but I agree to Patrick in every point.

https://review.coreboot.org/c/coreboot/+/33739/9/src/soc/intel/icelake/Kconf... File src/soc/intel/icelake/Kconfig:

https://review.coreboot.org/c/coreboot/+/33739/9/src/soc/intel/icelake/Kconf... PS9, Line 211: config HAVE_EXT_GFX

2. This is not any valid point, we have proper protection in CB code and FSP to run opRom. its not a new things. Many such device has oprom and BIOS has to launch that. SOC/platform owner has to take protection before launching OpRom thats been cover already

There is protection and protection. What you call "proper protection" is the bare minimum for security minded people. Have you noticed the Yabel code? that would come closer to proper protection. But real protection is simply to not run unknown code from some ROM on an extension card.