Attention is currently required from: Tarun Tuli, Kangheui Won, Paul Menzel, Reka Norman, Rizwan Qureshi, Sridhar Siricilla.

Michał Żygowski has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/69324 )

Change subject: soc/intel/alderlake: Check MANUF_LOCK when logging manufacturing mode ......................................................................

Patch Set 1:

(1 comment)

File src/soc/intel/alderlake/me.c:

https://review.coreboot.org/c/coreboot/+/69324/comment/4d59d5c3_c05fb661 PS1, Line 141: hfsts1.fields.mfg_mode

Originally, the bit is named as spi_protection since it indicates writability to flash descriptor. […]

What I am trying to say is that when somebody reflashes the descriptor externally or do not decide to lock the descriptor during EOM, the coreboot logs will indicate that ME is still in Manufacturing Mode, but in fact it already will not be. FPFs will be committed and manufacturing variables will be locked however. To me it would look confusing. Also older ME BIOS specifications had a superscript near the Manufacturing Mode bit definition saying:

"This bit only reflects if Intel ME data in the flash is in manufacturing mode or not. It does not reflect whether Field Programmable Fuses (iFPs) are in manufacturing mode or not."

So the question is, what Manufacturing Mode we want to report here? Manufacturing Mode of ME firmware in flash or FPF manufacturing mode?