Christian Walter has uploaded a new patch set (#2) to the change originally created by Patrick Rudolph. ( https://review.coreboot.org/c/coreboot/+/32704 )
Change subject: security: Add common boot media write protection ......................................................................
security: Add common boot media write protection
Introduce boot media protection settings and use the existing boot_device_wp_region() function to apply settings on all platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete.
Tested on Lenovo T520. The whole flash is protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M src/security/Kconfig M src/security/Makefile.inc A src/security/lockdown/Kconfig A src/security/lockdown/Makefile.inc A src/security/lockdown/bootmedia.c M src/soc/intel/common/block/fast_spi/Kconfig M src/southbridge/intel/common/Kconfig M src/southbridge/intel/common/finalize.c 8 files changed, 124 insertions(+), 49 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/32704/2