Patrick Rudolph uploaded patch set #2 to this change.
boot_device: Add boot_device_lockdown
Add a new method to lock the SPI protected range registers.
This allows to lock the SPI controller early, which can be used to
write-protect the WP_RO region in bootblock before handing of control
to the later stages not protected by WP_RO.
In conjunction with VBOOT and BOOTMEDIA_LOCK_CONTROLLER_RO_VBOOT_RO this
enables a secure boot mechanism on non CHROMEOS enabled devices.
Change-Id: I9d3a80a2e278c77212e1fba5236ea639ea018837
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
M src/drivers/spi/boot_device_rw_nommap.c
M src/drivers/spi/spi_flash.c
M src/include/boot_device.h
M src/include/spi-generic.h
M src/include/spi_flash.h
M src/lib/boot_device.c
M src/security/lockdown/lockdown.c
M src/soc/intel/common/block/fast_spi/fast_spi_flash.c
M src/soc/intel/common/pch/lockdown/lockdown.c
M src/southbridge/intel/bd82x6x/lpc.c
M src/southbridge/intel/common/finalize.c
M src/southbridge/intel/common/spi.c
M src/southbridge/intel/ibexpeak/lpc.c
M src/southbridge/intel/lynxpoint/lpc.c
14 files changed, 82 insertions(+), 11 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/39925/2
To view, visit change 39925. To unsubscribe, or for help writing mail filters, visit settings.