[coreboot-gerrit] Patch set updated for coreboot: 6f40946 intel/lynxpoint: Add CONFIG_LOCK_MANAGEMENT_ENGINE entry to Kconfig
Paul Menzel (paulepanter@users.sourceforge.net)
gerrit at coreboot.org
Mon Jun 16 16:29:31 CEST 2014
Paul Menzel (paulepanter at users.sourceforge.net) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6012
-gerrit
commit 6f40946fb64d12697fd3232f9dfdefb34a198e2c
Author: Duncan Laurie <dlaurie at chromium.org>
Date: Thu Aug 22 09:56:42 2013 -0700
intel/lynxpoint: Add CONFIG_LOCK_MANAGEMENT_ENGINE entry to Kconfig
This was missing from lynxpoint.
BUG=chrome-os-partner:21796
BRANCH=falco,peppy
TEST=emerge-falco chromeos-coreboot-falco
Change-Id: Id1b261a5310ce1482f11c8c032c13f49046742fc
Signed-off-by: Duncan Laurie <dlaurie at chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66669
Reviewed-by: Aaron Durbin <adurbin at chromium.org>
---
src/southbridge/intel/lynxpoint/Kconfig | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/southbridge/intel/lynxpoint/Kconfig b/src/southbridge/intel/lynxpoint/Kconfig
index 0ad39a0..0ba61bc 100644
--- a/src/southbridge/intel/lynxpoint/Kconfig
+++ b/src/southbridge/intel/lynxpoint/Kconfig
@@ -136,4 +136,17 @@ config FINALIZE_USB_ROUTE_XHCI
If you set this option to y, the USB ports will be routed
to the XHCI controller during the finalize SMM callback.
+config LOCK_MANAGEMENT_ENGINE
+ bool "Lock Management Engine section"
+ default n
+ help
+ The Intel Management Engine supports preventing write accesses
+ from the host to the Management Engine section in the firmware
+ descriptor. If the ME section is locked, it can only be overwritten
+ with an external SPI flash programmer. You will want this if you
+ want to increase security of your ROM image once you are sure
+ that the ME firmware is no longer going to change.
+
+ If unsure, say N.
+
endif
More information about the coreboot-gerrit
mailing list