[coreboot] SPI controller and Lock bits
Nico Huber
nico.h at gmx.de
Sat Sep 29 17:25:18 CEST 2018
On 9/28/18 4:18 AM, Sam Kuper wrote:
> On 28/09/2018, Peter Stuge <peter at stuge.se> wrote:
>> Youness Alaoui wrote:
>>> avoid any malware writing to the flash
>>
>> Just disallow flash writes by the platform. Allow flash writes only
>> by dedicated hardware (maybe ChromeEC?) which implements a simple and
>> efficient security protocol.
>
> Relevant URL: https://www.chromium.org/chromium-os/ec-development#TOC-Write-Protect
This seems to state the opposite of what Peter suggested, i.e. the host
firmware is responsible of validating the EC firmware('s update) and
not the other way around. IMHO, a good idea.
Nico
More information about the coreboot
mailing list