Hello build bot (Jenkins), Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/39925
to look at the new patch set (#4).
Change subject: boot_device: Add boot_device_lockdown ......................................................................
boot_device: Add boot_device_lockdown
Add a new method to lock the SPI protected range registers.
This allows to lock the SPI controller early, which can be used to write-protect the WP_RO region in bootblock before handing of control to the later stages not protected by WP_RO.
In conjunction with VBOOT and BOOTMEDIA_LOCK_CONTROLLER_RO_VBOOT_RO this enables a secure boot mechanism on non CHROMEOS enabled devices.
Change-Id: I9d3a80a2e278c77212e1fba5236ea639ea018837 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M src/drivers/spi/boot_device_rw_nommap.c M src/drivers/spi/spi_flash.c M src/include/boot_device.h M src/include/spi-generic.h M src/include/spi_flash.h M src/lib/boot_device.c M src/security/lockdown/lockdown.c M src/soc/intel/common/block/fast_spi/fast_spi_flash.c M src/soc/intel/common/pch/lockdown/lockdown.c M src/southbridge/intel/bd82x6x/lpc.c M src/southbridge/intel/common/finalize.c M src/southbridge/intel/common/spi.c M src/southbridge/intel/ibexpeak/lpc.c M src/southbridge/intel/lynxpoint/lpc.c 14 files changed, 82 insertions(+), 11 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/39925/4