diff options
Diffstat (limited to 'src/southbridge/intel/common/firmware/Kconfig')
-rw-r--r-- | src/southbridge/intel/common/firmware/Kconfig | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/southbridge/intel/common/firmware/Kconfig b/src/southbridge/intel/common/firmware/Kconfig index 4e934265bb..cd975ba4e6 100644 --- a/src/southbridge/intel/common/firmware/Kconfig +++ b/src/southbridge/intel/common/firmware/Kconfig @@ -55,6 +55,14 @@ config CHECK_ME proceeding with the build, in order to prevent an accidental loading of a corrupted ME/TXE image. +config ME_REGION_ALLOW_CPU_READ_ACCESS + bool "Allows HOST/CPU read access to ME region" + default n + help + The config ensures Host has read access to the ME region if it is locked + through LOCK_MANAGEMENT_ENGINE config. This config is enabled when the CSE + Lite SKU is integrated. + config USE_ME_CLEANER bool "Strip down the Intel ME/TXE firmware" depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_IRONLAKE || \ @@ -145,12 +153,12 @@ config DO_NOT_TOUCH_DESCRIPTOR_REGION config LOCK_MANAGEMENT_ENGINE bool "Lock ME/TXE section" help - The Intel Firmware Descriptor supports preventing write accesses - from the host to the ME or TXE section in the firmware - descriptor. If the section is locked, it can only be overwritten - with an external SPI flash programmer. You will want this if you - want to increase security of your ROM image once you are sure - that the ME/TXE firmware is no longer going to change. + The Intel Firmware Descriptor supports preventing write and read + accesses from the host to the ME or TXE section. If the section + is locked, it can only be overwritten with an external SPI flash + programmer or HECI HMRFPO_ENABLE command needs to be sent to CSE + before writing to the ME Section. If CSE Lite SKU is integrated, + the Kconfig prevents only writing to the ME section. If unsure, select "Unlock flash regions". |