Attention is currently required from: Arthur Heymans, Felix Held, Martin L Roth, Patrick Rudolph, Sergii Dmytruk.

Hello Arthur Heymans, Benjamin Doron, Felix Held, Krystian Hebel, Martin L Roth, Patrick Rudolph, build bot (Jenkins),

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/83424?usp=email

to look at the new patch set (#16).

The following approvals got outdated and were removed: Verified+1 by build bot (Jenkins)

Change subject: drivers/smmstore: allow full flash access for capsule updates ......................................................................

drivers/smmstore: allow full flash access for capsule updates

With DRIVERS_EFI_UPDATE_CAPSULES enabled and when at least one capsule was found, SMMSTORE SMI handler can use commands with the highest bit (0x80) set to access the whole flash instead of just the SMMSTORE region. The rest of the interface is identical to regular SMMSTORE v2 except for a new call to control full flash access.

The added call saves information about the availability of capsules in SMM memory. The call is ignored when run more than once, meaning there should be no way of enabling full flash handling after it was disabled and vice versa. The call should always be made by the firmware to lock further calls, so that an OS could not gain full flash access. This is done on entry to BS_POST_DEVICE after capsules are obtained in BS_DEV_INIT.

Change-Id: I7f3dbfa965b9dcbade8b2f06a5bd2ac1345c7972 Signed-off-by: Krystian Hebel krystian.hebel@3mdeb.com Signed-off-by: Sergii Dmytruk sergii.dmytruk@3mdeb.com --- M Documentation/drivers/smmstorev2.md M src/drivers/efi/capsules.c M src/drivers/smmstore/smi.c M src/drivers/smmstore/store.c M src/include/smmstore.h 5 files changed, 104 insertions(+), 1 deletion(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/24/83424/16