11 comments:
File src/security/lockdown/Kconfig:
Patch Set #3, Line 2: config SECURITY_BOOTMEDIA_LOCKDOWN
SECURITY_HAVE_BOOTMEDIA_LOCKDOWN
removed
Patch Set #3, Line 6: support
supports
removed
Patch Set #3, Line 18: LOCK_RO
Can we name this option with 'whole' in it so it reads straight forward in the code?
Done
Patch Set #3, Line 22: media
medium?
Done
Patch Set #3, Line 26: NOTE: If you trigger the chipset lockdown unconditionally,
I wouldn’t indent the note. `NOTE:` is enough “markup”.
Done
Patch Set #3, Line 30: LOCK_NO_ACCESS
same as my comment above.
Done
Patch Set #3, Line 30: NO_ACCESS
RW to be consistent with RO?
it's not read-writeable
Patch Set #3, Line 36: The locking will take place during the chipset lockdown, which is
Add a blank line above?
I don't understand
File src/security/lockdown/bootmedia.c:
Patch Set #3, Line 40: "whole bootmedia\n");
Won’t this be printed several time?
removed the loop
Add an else branch to inform the user about an error?
Unified the error handling
Patch Set #3, Line 53: Didn't
Didn’t or couldn’t … […]
Isn't printed any more if no bootmedia protection is selected
To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.