Christian Walter uploaded patch set #2 to the change originally created by Patrick Rudolph.
security/lockdown: Write-protect WP_RO
Add another choice to boot media protection and write-protect WP_RO
in case VBOOT is enabled. Also add ability to choose when to lock
bootmedia, either in VERSTAGE if VBOOT is enabled - otherwise in
RAMSTAGE.
Tested on Lenovo T520:
The WP_RO region is write-protected.
Tested on Up Sqaured:
THe WP_RO region is write-protected in the verstage/ramstage.
Change-Id: I72c3e1a0720514b9b85b0433944ab5fb7109b2a2
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
---
M src/security/lockdown/Kconfig
M src/security/lockdown/Makefile.inc
M src/security/lockdown/bootmedia.c
A src/security/lockdown/bootmedia.h
M src/security/vboot/verstage.c
5 files changed, 80 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/05/32705/2
To view, visit change 32705. To unsubscribe, or for help writing mail filters, visit settings.