[coreboot] flashrom: Support Pm49FL004/2 Block Locking Registers

Peter Stuge peter at stuge.se
Sat May 17 14:35:08 CEST 2008

On Sat, May 17, 2008 at 01:51:32PM +0200, Stefan Reinauer wrote:
> Peter Stuge wrote:
> > I don't think any other part of flashrom bit twiddling does restore,
> Yes. They all leave it open, as they do with the board enable and the
> chipset enable. This is a very high security risk.

Why do you think so?

If flashrom was able to unlock something, then another process with
sufficient credentials will also be able to unlock that something.

> > I'm not sure it actually matters anywhere?
> Well, "It's broken everywhere else"...

Yes, if not locking == broken, but I'm not sure about that.

> I figured it matters to some extend, as you put the locking back in
> place. If you were inspired by the other chips, you would have let
> the protection open ;-)

I didn't do much, this patch was written by Nikolay and Reinder, I
just reformatted it to HEAD and added the test flags.

> > I guess our policy is to leave bits unlocked. 
> Not a policy. If we want a policy, it can not be anything but
> "We leave the same way as we came"

I seem to recall that there was discussion about restoring the board
enable/chipset enable signals too. Someone mentioned that it wasn't
always possible or safe to restore signals. I am not sure what the
technical motivation for that was. I guess this is what has left the
code in limbo..


More information about the coreboot mailing list