the following patch was just integrated into master: commit 463a8587844cb9efd236c4e7b3bb52e94756d0c8 Author: Stefan Reinauer reinauer@chromium.org Date: Thu Oct 6 16:47:51 2011 -0700
Don't run any Option ROMs stored outside of the system flash
Right now coreboot only executes VGA Option ROMs. However, this is not good enough. For security reasons we want to execute only Option ROMs stored in our r/o CBFS.
This patch adds a new option to disable execution of arbitrary Option ROMs.
Also fix the capitalization of Option ROM in src/devices/Kconfig
Change-Id: I485291c06ec5cd1f875357401831fe32ccfc5f2f Signed-off-by: Stefan Reinauer reinauer@google.com
Build-Tested: build bot (Jenkins) at Fri Mar 9 17:25:23 2012, giving +1 Reviewed-By: Ronald G. Minnich rminnich@gmail.com at Fri Mar 9 18:33:10 2012, giving +2 Reviewed-By: Mathias Krause minipli@googlemail.com at Fri Mar 9 20:01:31 2012, giving +2 See http://review.coreboot.org/730 for details.
-gerrit