1 comment:
File src/security/lockdown/Kconfig:
Patch Set #13, Line 65: BOOTMEDIA_LOCK_IN_VERSTAGE
It depends on BOOTMEDIA_LOCK_CONTROLLER_RO_VBOOT_RO. So it can't be in the list as separate option.
FWIW I think this would be a bit cleaner by moving even more options out of the choice block, because it's a bit overloaded. The choice really just needs to be about the basic locking mechanism (NONE, CHIP or CONTROLLER). Then you can have a separate choice about what to lock (ALL or VBOOT_RO, depends on mechanism != NONE), the LOCK_IN_VERSTAGE option here like it is (depends on lock area VBOOT_RO) and another boolean LOCK_BOTH_READ_AND_WRITE option (depends on lock type CONTROLLER) to cover the NO_ACCESS case (which you could combine with VBOOT_RO if you wanted, after all).
To view, visit change 32705. To unsubscribe, or for help writing mail filters, visit settings.