Patch Set 1: Code-Review-1
(4 comments)
We need documentation about the platform lockdown mechanism used (PRR?)
Agree, I'll add documentation.
4 comments:
File src/security/lockdown/Kconfig:
Patch Set #1, Line 13: default BOOTMEDIA_LOCK_NONE
vboot isn't covered correctly
It's not covered at all
Patch Set #1, Line 22: media. The locking will take place during the chipset lockdown, which
too imprecise
How to be more precise? This is platform specific?
Patch Set #1, Line 35: boot media the corresponding region is still readable.
too imprecise
It's platform specific, but I don't see how to be more precise
File src/security/lockdown/bootmedia.c:
Patch Set #1, Line 57: BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, security_lockdown_bootmedia,
Can we move this into the core root of trust vboot_logic. […]
No. It's unrelated to vboot.
To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.