[coreboot] SPI controller and Lock bits

Prasun Gera prasun.gera at gmail.com
Fri Sep 28 03:20:44 CEST 2018

> The problem is we want to allow users to update their flash and
> coreboot doesn't have a "flash update utility" integrated, so it has
> to happen in the payload, which is why coreboot needs to not lock
> anything then let the payload do the locking for us instead. Heads is
> the linux-based payload we're using, and the idea is that Heads would
> lock the flash before it actually boots any OS (from HDD or from USB),
> this way you can only update your flash from within Heads itself and
> Heads will ensure that the image you're trying to flash is properly
> signed, or that you authenticate first before it would allow you to do
> that (prevents someone from booting into a live USB and flash a
> malicious bios).

This is a pretty useful feature, and it would be nice if it weren't tied to
heads (or any payload for that matter). What about tianocore's capsule
update mechanism, as well as stuff like fwupd ? Any way to have something
like a common solution ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180927/6579c75d/attachment-0001.html>

More information about the coreboot mailing list