[coreboot-gerrit] New patch to review for coreboot: f065733 Add CONFIG_LOCK_MANAGEMENT_ENGINE entry to Kconfig

Matt DeVillier (matt.devillier@gmail.com) gerrit at coreboot.org
Fri Jun 13 19:31:33 CEST 2014


Matt DeVillier (matt.devillier at gmail.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6012

-gerrit

commit f06573309745b430aa3c504bd3741ccf6f50f252
Author: Duncan Laurie <dlaurie at chromium.org>
Date:   Thu Aug 22 09:56:42 2013 -0700

    Add CONFIG_LOCK_MANAGEMENT_ENGINE entry to Kconfig
    
    This was missing from lynxpoint.
    
    BUG=chrome-os-partner:21796
    BRANCH=falco,peppy
    TEST=emerge-falco chromeos-coreboot-falco
    
    Change-Id: Id1b261a5310ce1482f11c8c032c13f49046742fc
    Signed-off-by: Matt DeVillier <matt.devillier at gmail.com>
    Signed-off-by: Duncan Laurie <dlaurie at chromium.org>
    Reviewed-on: https://gerrit.chromium.org/gerrit/66669
    Reviewed-by: Aaron Durbin <adurbin at chromium.org>
---
 src/southbridge/intel/lynxpoint/Kconfig | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/southbridge/intel/lynxpoint/Kconfig b/src/southbridge/intel/lynxpoint/Kconfig
index f0c62e4..8261bd2 100644
--- a/src/southbridge/intel/lynxpoint/Kconfig
+++ b/src/southbridge/intel/lynxpoint/Kconfig
@@ -78,4 +78,17 @@ config FINALIZE_USB_ROUTE_XHCI
 	  If you set this option to y, the USB ports will be routed
 	  to the XHCI controller during the finalize SMM callback.
 
+config LOCK_MANAGEMENT_ENGINE
+	bool "Lock Management Engine section"
+	default n
+	help
+	  The Intel Management Engine supports preventing write accesses
+	  from the host to the Management Engine section in the firmware
+	  descriptor. If the ME section is locked, it can only be overwritten
+	  with an external SPI flash programmer. You will want this if you
+	  want to increase security of your ROM image once you are sure
+	  that the ME firmware is no longer going to change.
+
+	  If unsure, say N.
+
 endif



More information about the coreboot-gerrit mailing list