1 comment:
File src/security/lockdown/Kconfig:
Patch Set #4, Line 2: config SECURITY_BOOTMEDIA_LOCKDOWN
What's the point of this option? boot_device_wp_region() is already available everywhere (because there's a default weak implementation). So I'd either just always run this code (accepting that it doesn't do anything on some platforms... maybe add another print to the weak stub for boot_device_wp_region() for that), or rearrange all of that so that this option is directly tied to the availability of that function. The way you have it here is too disconnected.
(Also, there's really no reason the implementation of boot_device_wp_region() is in boot_device_rw_nommap.c right now. It should work just as well on systems with COMMON_CBFS_SPI_WRAPPER. In fact, there's a bunch of unnecessary duplication between boot_device_rw_nommap.c and cbfs_spi.c that should probably be cleaned up.)
To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.