Attention is currently required from: Arthur Heymans, Felix Held, Patrick Rudolph.

Hello Arthur Heymans, Felix Held, Krystian Hebel, Patrick Rudolph, build bot (Jenkins),

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/83425?usp=email

to look at the new patch set (#4).

The following approvals got outdated and were removed: Verified+1 by build bot (Jenkins)

Change subject: drivers/smmstore: add logic to disable capsule update handling code ......................................................................

drivers/smmstore: add logic to disable capsule update handling code

This adds a call to SMMSTORE that saves information about availability of capsules in SMM memory. This new call is ignored when run more than once, which means that there should be no way of enabling full flash handling after it was disabled and vice versa.

The call should be always made by the firmware to lock further calls, otherwise OS could gain full flash access. This is done on entry to BS_POST_DEVICE, after capsules are obtained in BS_DEV_INIT.

Change-Id: I3dc175ea313aae1edae304520595b82db7206cbb Signed-off-by: Krystian Hebel krystian.hebel@3mdeb.com Signed-off-by: Sergii Dmytruk sergii.dmytruk@3mdeb.com --- M src/drivers/efi/capsules.c M src/drivers/smmstore/smi.c M src/drivers/smmstore/store.c M src/include/smmstore.h 4 files changed, 28 insertions(+), 5 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/83425/4