On Sat, May 17, 2008 at 01:51:32PM +0200, Stefan Reinauer wrote:
Peter Stuge wrote:
I don't think any other part of flashrom bit
twiddling does restore,
Yes. They all leave it open, as they do with the board enable and the
chipset enable. This is a very high security risk.
Why do you think so?
If flashrom was able to unlock something, then another process with
sufficient credentials will also be able to unlock that something.
sure it actually matters anywhere?
Well, "It's broken everywhere else"...
Yes, if not locking == broken, but I'm not sure about that.
I figured it matters to some extend, as you put the
locking back in
place. If you were inspired by the other chips, you would have let
the protection open ;-)
I didn't do much, this patch was written by Nikolay and Reinder, I
just reformatted it to HEAD and added the test flags.
I guess our
policy is to leave bits unlocked.
Not a policy. If we want a policy, it can not be anything but
"We leave the same way as we came"
I seem to recall that there was discussion about restoring the board
enable/chipset enable signals too. Someone mentioned that it wasn't
always possible or safe to restore signals. I am not sure what the
technical motivation for that was. I guess this is what has left the
code in limbo..