Hello build bot (Jenkins), Patrick Rudolph, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/39925 to look at the new patch set (#6). Change subject: boot_device: Add boot_device_lockdown ...................................................................... boot_device: Add boot_device_lockdown Add a new method to lock the SPI protected range registers. This allows to lock the SPI controller early, which can be used to write-protect the WP_RO region in bootblock before handing of control to the later stages not protected by WP_RO. In conjunction with VBOOT and BOOTMEDIA_LOCK_CONTROLLER_RO_VBOOT_RO this enables a secure boot mechanism on non CHROMEOS enabled devices. Also move the SPIBAR locking on older Intel platforms into ring0, keeping the current locking logic the same. Only the dependency to SMI_HANDLER is dropped. Change-Id: I9d3a80a2e278c77212e1fba5236ea639ea018837 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> --- M src/drivers/spi/boot_device_rw_nommap.c M src/drivers/spi/spi_flash.c M src/include/boot_device.h M src/include/spi-generic.h M src/include/spi_flash.h M src/lib/boot_device.c M src/security/lockdown/lockdown.c M src/soc/intel/braswell/southcluster.c M src/soc/intel/broadwell/finalize.c M src/soc/intel/common/block/fast_spi/fast_spi_flash.c M src/soc/intel/common/pch/lockdown/lockdown.c M src/southbridge/intel/common/finalize.c M src/southbridge/intel/common/spi.c M src/southbridge/intel/i82801gx/lpc.c 14 files changed, 71 insertions(+), 15 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/39925/6 -- To view, visit https://review.coreboot.org/c/coreboot/+/39925 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I9d3a80a2e278c77212e1fba5236ea639ea018837 Gerrit-Change-Number: 39925 Gerrit-PatchSet: 6 Gerrit-Owner: Patrick Rudolph <patrick.rudolph@9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org> Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org> Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net> Gerrit-MessageType: newpatchset