Attention is currently required from: Nico Huber, Angel Pons, Patrick Rudolph. Michael Niewöhner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/52096 )
Change subject: soc/intel/skylake: Always use `CHIPSET_LOCKDOWN_COREBOOT` ......................................................................
Patch Set 1:
(1 comment)
Patchset:
PS1:
Kconfig sounds like a good idea. Unrelated to that decision: I have […]
btw. additional to deciding FSP/CB lockdown via Kconfig, we might also add a choice to lock nothing at all and configs for each lock bit/upd, so stuff can set to unlocked for testing purpose easily without having to hack the code each time. That could look like this:
``` menu "Locking"
choice prompt "Lock" default LOCKING_COREBOOT
config LOCKING_DISABLED bool "Don't lock anything / unlock everything"
config LOCKING_FSP bool "Let fsp lock stuff"
config LOCKING_COREBOOT bool "Let coreboot lock stuff"
endchoice
config LOCKING_LOCK_XYZ_SUPPORTED bool help selected by fsp / platforms that support locking this
... #if !LOCKING_DISABLED
config LOCKING_LOCK_ALL bool "Lock everything" select LOCKING_LOCK_XYZ select ... default y if !
config LOCKING_LOCK_XYZ bool "Lock XYZ" if LOCKING_LOCK_XYZ_SUPPORTED default y
...
#endif
endmenu # Locking ```