diff options
author | Patrick Rudolph <siro@das-labor.org> | 2019-12-03 19:43:06 +0100 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2020-04-28 01:19:32 +0000 |
commit | 78feacc44057916161365d079ae92aa0baa679f8 (patch) | |
tree | d909045f563bc0a9534a81be4cc6b0e5e3cf8aa0 /src/security/Makefile.inc | |
parent | 7bcd9a1d91f10c6c58cd4c2b4e0583eec221810c (diff) |
security: Add common boot media write protection
Introduce boot media protection settings and use the existing
boot_device_wp_region() function to apply settings on all
platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete.
Every platform locks the SPIBAR in a different stage.
For align up with the common mrc cache driver and lock after it has been
written to.
Tested on Supermicro X11SSH-TF. The whole address space is write-protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32704
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'src/security/Makefile.inc')
-rw-r--r-- | src/security/Makefile.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/security/Makefile.inc b/src/security/Makefile.inc index fd784385e6..72b87dbe73 100644 --- a/src/security/Makefile.inc +++ b/src/security/Makefile.inc @@ -2,3 +2,4 @@ subdirs-y += vboot subdirs-y += tpm subdirs-y += memory subdirs-y += intel +subdirs-y += lockdown |