diff options
author | Martin Roth <gaumless@gmail.com> | 2015-06-23 21:47:19 -0600 |
---|---|---|
committer | Stefan Reinauer <stefan.reinauer@coreboot.org> | 2015-07-02 02:26:21 +0200 |
commit | 775d50828ef090339ae57d93da55f46676f4bf58 (patch) | |
tree | 3d0da4f488af973645f66804c3737a4ca58dc4d4 /src/southbridge | |
parent | c407cb97bc121ef28770cdda1d7ee7e2f06157e8 (diff) |
Intel Firmware Descriptor: Add Lock ME Kconfig question
Add the Kconfig question to allow the user to lock the ME section
using ifdtool.
Change-Id: I46018c3bc9df3e309aa3083d693cbebf00e18062
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: http://review.coreboot.org/10648
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Diffstat (limited to 'src/southbridge')
-rw-r--r-- | src/southbridge/intel/common/firmware/Kconfig | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/southbridge/intel/common/firmware/Kconfig b/src/southbridge/intel/common/firmware/Kconfig index 8ad1fede41..2767c0e316 100644 --- a/src/southbridge/intel/common/firmware/Kconfig +++ b/src/southbridge/intel/common/firmware/Kconfig @@ -92,4 +92,18 @@ config IFD_PLATFORM_SECTION string default "" +config LOCK_MANAGEMENT_ENGINE + bool "Lock ME/TXE section" + depends on HAVE_ME_BIN + default n + help + The Intel Firmware Descriptor supports preventing write accesses + from the host to the ME or TXE section in the firmware + descriptor. If the section is locked, it can only be overwritten + with an external SPI flash programmer. You will want this if you + want to increase security of your ROM image once you are sure + that the ME/TXE firmware is no longer going to change. + + If unsure, say N. + endif #INTEL_FIRMWARE |