[coreboot] Flash ROM locking on S3 resume
David Hendricks
david.hendricks at gmail.com
Mon Apr 18 19:02:07 CEST 2016
On Mon, Apr 18, 2016 at 8:48 AM, Trammell Hudson <hudson at trmm.net> wrote:
> I'm curious why this is an option, especially since it seems almost tailor
> made to re-create the Snorlax or Prince Harming vulnerabilities
> (VU#577140):
>
> Flash ROM locking on S3 resume
> > 1. Don't lock ROM sections on S3 resume (LOCK_SPI_ON_RESUME_NONE) (NEW)
> 2. Lock all flash ROM sections on S3 resume (LOCK_SPI_ON_RESUME_RO) (NEW)
> 3. Lock and disable reads all flash ROM sections on S3 resume
> (LOCK_SPI_ON_RESUME_NO_ACCESS) (NEW)
>
Maybe the default just needs to be changed to LOCK_SPI_ON_RESUME_RO?
LOCK_SPI_ON_RESUME_NONE is probably intended for developers who need to
re-flash their systems a lot and might not want to rely on external
programmers (especially for laptop development).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20160418/81861473/attachment-0001.html>
More information about the coreboot
mailing list