On Sat, May 17, 2008 at 01:51:32PM +0200, Stefan Reinauer wrote:
Peter Stuge wrote:
I don't think any other part of flashrom bit twiddling does restore,
Yes. They all leave it open, as they do with the board enable and the chipset enable. This is a very high security risk.
Why do you think so?
If flashrom was able to unlock something, then another process with sufficient credentials will also be able to unlock that something.
I'm not sure it actually matters anywhere?
Well, "It's broken everywhere else"...
Yes, if not locking == broken, but I'm not sure about that.
I figured it matters to some extend, as you put the locking back in place. If you were inspired by the other chips, you would have let the protection open ;-)
I didn't do much, this patch was written by Nikolay and Reinder, I just reformatted it to HEAD and added the test flags.
I guess our policy is to leave bits unlocked.
Not a policy. If we want a policy, it can not be anything but "We leave the same way as we came"
I seem to recall that there was discussion about restoring the board enable/chipset enable signals too. Someone mentioned that it wasn't always possible or safe to restore signals. I am not sure what the technical motivation for that was. I guess this is what has left the code in limbo..
//Peter