[coreboot] SPI controller and Lock bits

ron minnich rminnich at gmail.com
Sat Sep 29 17:46:29 CEST 2018


It's not a screw in Chromebooks any more, see vadim's excellent OSFC.io
talk on how it works now.

I think the momentary switch would not be acceptable to anyone for cost and
reliability reasons. The way chromebooks do the protection now is really
well done.

On Sat, Sep 29, 2018 at 8:26 AM Nico Huber <nico.h at gmx.de> wrote:

> On 9/28/18 4:18 AM, Sam Kuper wrote:
> > On 28/09/2018, Peter Stuge <peter at stuge.se> wrote:
> >> Youness Alaoui wrote:
> >>> avoid any malware writing to the flash
> >>
> >> Just disallow flash writes by the platform. Allow flash writes only
> >> by dedicated hardware (maybe ChromeEC?) which implements a simple and
> >> efficient security protocol.
> >
> > Relevant URL:
> https://www.chromium.org/chromium-os/ec-development#TOC-Write-Protect
>
> This seems to state the opposite of what Peter suggested, i.e. the host
> firmware is responsible of validating the EC firmware('s update) and
> not the other way around. IMHO, a good idea.
>
> Nico
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180929/5dc831d2/attachment.html>


More information about the coreboot mailing list