Michael Niewöhner has submitted this change. ( https://review.coreboot.org/c/coreboot/+/47409 )
Change subject: doc/relnotes/4.13: Add note about PCI bus mastering Kconfig options ......................................................................
doc/relnotes/4.13: Add note about PCI bus mastering Kconfig options
Change-Id: I66a636f554d18e08a209a7cfd6a59cf13a88f2e1 Signed-off-by: Felix Singer felixsinger@posteo.net Reviewed-on: https://review.coreboot.org/c/coreboot/+/47409 Reviewed-by: Michael Niewöhner foss@mniewoehner.de Reviewed-by: Angel Pons th3fanbus@gmail.com Reviewed-by: Nico Huber nico.h@gmx.de Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M Documentation/releases/coreboot-4.13-relnotes.md 1 file changed, 31 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Nico Huber: Looks good to me, approved Angel Pons: Looks good to me, approved Michael Niewöhner: Looks good to me, approved
diff --git a/Documentation/releases/coreboot-4.13-relnotes.md b/Documentation/releases/coreboot-4.13-relnotes.md index 139fa20..c9447a3 100644 --- a/Documentation/releases/coreboot-4.13-relnotes.md +++ b/Documentation/releases/coreboot-4.13-relnotes.md @@ -88,4 +88,35 @@ It still needs changes in assembly, fixed integer to pointer conversions in C, wrappers for blobs, support for running Option ROMs, among other things.
+### Preparations to minimize enabling PCI bus mastering + +For security reasons, bus mastering should be enabled as late as possible. In +coreboot, it's usually not necessary and payloads should only enable it for +devices they use. Since not all payloads enable bus mastering properly yet, +some Kconfig options were added as an intermediate step to give some sort of +"backwards compatibility", which allow enabling or disabling bus mastering by +groups. + +Currently available groups are: + +* PCI bridges +* Any devices + +For now, "Any devices" is enabled by default to keep the traditional behaviour, +which also includes all other options. This is currently necessary, for instance, +for libpayload-based payloads as the drivers don't enable bus mastering for PCI +bridges. + +Exceptional cases, that may still need early bus master enabling in the future, +should get their own per-reason Kconfig option. Ideally before the next release. + ### Add significant changes here + +Deprecations +------------ + +### PCI bus master configuration options + +In order to minimize the usage of PCI bus mastering, the options we introduced in +this release will be dropped in a future release again. For more details, please +see [Preparations to minimize enabling PCI bus mastering](#preparations-to-minimize-enabling-pci-bus-mastering-in-coreboot).