11 May
2019
11 May
'19
6:12 p.m.
Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32705 )
Change subject: security/lockdown: Write-protect WP_RO ......................................................................
Patch Set 1: Code-Review-1
I think the concepts clashing here are too different to be easily aligned: One idea is to write-protect the whole flash *after* coreboot is done. The other is the vboot idea of a readonly, trusted partition. The latter has to be read-only *before* we jump to an untrusted RW partition.
So while these two concepts can share the underlying infrastructure to commit the write protection, IMO, their setup and hookup should stay independent.
--
To view, visit https://review.coreboot.org/c/coreboot/+/32705
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I72c3e1a0720514b9b85b0433944ab5fb7109b2a2
Gerrit-Change-Number: 32705
Gerrit-PatchSet: 1
Gerrit-Owner: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Nico Huber nico.h@gmx.de
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Patrick Rudolph siro@das-labor.org
Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Comment-Date: Sat, 11 May 2019 16:12:15 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment