Attention is currently required from: Arthur Heymans, Felix Held, Krystian Hebel, Patrick Rudolph, Sergii Dmytruk.

Martin L Roth has posted comments on this change by Sergii Dmytruk. ( https://review.coreboot.org/c/coreboot/+/83424?usp=email )

Change subject: drivers/smmstore: add ability to write to whole flash ......................................................................

Patch Set 5:

(2 comments)

File src/drivers/smmstore/store.c:

https://review.coreboot.org/c/coreboot/+/83424/comment/021441be_1bb24d3a?usp... : PS5, Line 44: use_full_flash Nit: smstore_use_full_flash?

https://review.coreboot.org/c/coreboot/+/83424/comment/8876f273_1770b2ec?usp... : PS5, Line 49: if (*cmd & SMMSTORE_CMD_USE_FULL_FLASH) { Can we add a check to make sure that we're actually doing a capsule update before enabling this instead of just that the capsule update code is built in?

Can we disable the bit again after the capsule update is completed?

This seems like it could be a security gap otherwise. I could be mistaken about this, but it just seems like we don't need to leave this enabled all the time either way.