[coreboot] flashrom: Support Pm49FL004/2 Block Locking Registers
Peter Stuge
peter at stuge.se
Sat May 17 14:35:08 CEST 2008
On Sat, May 17, 2008 at 01:51:32PM +0200, Stefan Reinauer wrote:
> Peter Stuge wrote:
> > I don't think any other part of flashrom bit twiddling does restore,
>
> Yes. They all leave it open, as they do with the board enable and the
> chipset enable. This is a very high security risk.
Why do you think so?
If flashrom was able to unlock something, then another process with
sufficient credentials will also be able to unlock that something.
> > I'm not sure it actually matters anywhere?
>
> Well, "It's broken everywhere else"...
Yes, if not locking == broken, but I'm not sure about that.
> I figured it matters to some extend, as you put the locking back in
> place. If you were inspired by the other chips, you would have let
> the protection open ;-)
I didn't do much, this patch was written by Nikolay and Reinder, I
just reformatted it to HEAD and added the test flags.
> > I guess our policy is to leave bits unlocked.
>
> Not a policy. If we want a policy, it can not be anything but
> "We leave the same way as we came"
I seem to recall that there was discussion about restoring the board
enable/chipset enable signals too. Someone mentioned that it wasn't
always possible or safe to restore signals. I am not sure what the
technical motivation for that was. I guess this is what has left the
code in limbo..
//Peter
More information about the coreboot
mailing list