[coreboot] Patch merged into coreboot/master: 463a858 Don't run any Option ROMs stored outside of the system flash

gerrit at coreboot.org gerrit at coreboot.org
Fri Mar 9 20:01:38 CET 2012


the following patch was just integrated into master:
commit 463a8587844cb9efd236c4e7b3bb52e94756d0c8
Author: Stefan Reinauer <reinauer at chromium.org>
Date:   Thu Oct 6 16:47:51 2011 -0700

    Don't run any Option ROMs stored outside of the system flash
    
    Right now coreboot only executes VGA Option ROMs. However, this is not
    good enough. For security reasons we want to execute only Option ROMs
    stored in our r/o CBFS.
    
    This patch adds a new option to disable execution of arbitrary Option
    ROMs.
    
    Also fix the capitalization of Option ROM in src/devices/Kconfig
    
    Change-Id: I485291c06ec5cd1f875357401831fe32ccfc5f2f
    Signed-off-by: Stefan Reinauer <reinauer at google.com>

Build-Tested: build bot (Jenkins) at Fri Mar  9 17:25:23 2012, giving +1
Reviewed-By: Ronald G. Minnich <rminnich at gmail.com> at Fri Mar  9 18:33:10 2012, giving +2
Reviewed-By: Mathias Krause <minipli at googlemail.com> at Fri Mar  9 20:01:31 2012, giving +2
See http://review.coreboot.org/730 for details.

-gerrit




More information about the coreboot mailing list