On Fri, Feb 13, 2015 at 02:09:05PM -0600, Timothy Pearson wrote:
On 02/13/2015 02:05 PM, Kevin O'Connor wrote:
In general, I prefer for these types of options to be set at runtime (by making a new CBFS file such as "etc/run-option-roms" and using the romfile_loadint() mechanism) instead of at compile time.
That said, it should already possible to prevent a particular option rom from running by creating a dummy option rom for that device in CBFS. That is, it should be possible to create a dummy cbfs file "pci1234,5678.rom" to prevent the option rom on PCI device 1234:5678 from running. Not sure if this fixes the issue you were seeing, but if so maybe the best fix is to just update the documentation.
This patch in particular guarantees that no matter what devices are plugged in (e.g. long after the BIOS has been flashed) they will not have their option ROMs executed. Its primary use is for those who want a blob-free system, e.g. for high-security applications.
That makes sense, but I think it needs to be a runtime setting. I'll see if I can put together a quick patch to better show what I mean.
The documentation for SeaBIOS CBFS files currently lives in the coreboot wiki. I'll also see if I can move that into the SeaBIOS docs/ directory so that future changes like this can update both docs and code at the same time.
In any case, SeaBIOS is in a feature freeze for the next few days as we prepare for the next release.
-Kevin