[coreboot-gerrit] New patch to review for coreboot: f065733 Add CONFIG_LOCK_MANAGEMENT_ENGINE entry to Kconfig
Matt DeVillier (matt.devillier@gmail.com)
gerrit at coreboot.org
Fri Jun 13 19:31:33 CEST 2014
Matt DeVillier (matt.devillier at gmail.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6012
-gerrit
commit f06573309745b430aa3c504bd3741ccf6f50f252
Author: Duncan Laurie <dlaurie at chromium.org>
Date: Thu Aug 22 09:56:42 2013 -0700
Add CONFIG_LOCK_MANAGEMENT_ENGINE entry to Kconfig
This was missing from lynxpoint.
BUG=chrome-os-partner:21796
BRANCH=falco,peppy
TEST=emerge-falco chromeos-coreboot-falco
Change-Id: Id1b261a5310ce1482f11c8c032c13f49046742fc
Signed-off-by: Matt DeVillier <matt.devillier at gmail.com>
Signed-off-by: Duncan Laurie <dlaurie at chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66669
Reviewed-by: Aaron Durbin <adurbin at chromium.org>
---
src/southbridge/intel/lynxpoint/Kconfig | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/southbridge/intel/lynxpoint/Kconfig b/src/southbridge/intel/lynxpoint/Kconfig
index f0c62e4..8261bd2 100644
--- a/src/southbridge/intel/lynxpoint/Kconfig
+++ b/src/southbridge/intel/lynxpoint/Kconfig
@@ -78,4 +78,17 @@ config FINALIZE_USB_ROUTE_XHCI
If you set this option to y, the USB ports will be routed
to the XHCI controller during the finalize SMM callback.
+config LOCK_MANAGEMENT_ENGINE
+ bool "Lock Management Engine section"
+ default n
+ help
+ The Intel Management Engine supports preventing write accesses
+ from the host to the Management Engine section in the firmware
+ descriptor. If the ME section is locked, it can only be overwritten
+ with an external SPI flash programmer. You will want this if you
+ want to increase security of your ROM image once you are sure
+ that the ME firmware is no longer going to change.
+
+ If unsure, say N.
+
endif
More information about the coreboot-gerrit
mailing list