Christian Walter uploaded patch set #2 to the change originally created by Patrick Rudolph.

View Change

security: Add common boot media write protection

Introduce boot media protection settings and use the existing
boot_device_wp_region() function to apply settings on all
platforms that supports it yet.

Also remove the Intel southbridge code, which is now obsolete.

Tested on Lenovo T520. The whole flash is protected.

Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
M src/security/Kconfig
M src/security/Makefile.inc
A src/security/lockdown/Kconfig
A src/security/lockdown/Makefile.inc
A src/security/lockdown/bootmedia.c
M src/soc/intel/common/block/fast_spi/Kconfig
M src/southbridge/intel/common/Kconfig
M src/southbridge/intel/common/finalize.c
8 files changed, 124 insertions(+), 49 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/32704/2

To view, visit change 32704. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Gerrit-Change-Number: 32704
Gerrit-PatchSet: 2
Gerrit-Owner: Patrick Rudolph <patrick.rudolph@9elements.com>
Gerrit-Reviewer: Arthur Heymans <arthur@aheymans.xyz>
Gerrit-Reviewer: Christian Walter <christian.walter@9elements.com>
Gerrit-Reviewer: Frans Hendriks <fhendriks@eltan.com>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Nico Huber <nico.h@gmx.de>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph@9elements.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-MessageType: newpatchset