[coreboot-gerrit] Patch set updated for coreboot: cb882f1 NOTFORMERGE: ec/lenovo/h8: permanently enable wifi/trackpoint/touchpad, disable bluetooth/wwan
Francis Rowe (info@gluglug.org.uk)
gerrit at coreboot.org
Mon Oct 13 01:43:34 CEST 2014
Francis Rowe (info at gluglug.org.uk) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/7058
-gerrit
commit cb882f1bb75aa2ccc5fa62284eacf5ee59029348
Author: Francis Rowe <info at gluglug.org.uk>
Date: Mon Oct 13 00:14:53 2014 +0100
NOTFORMERGE: ec/lenovo/h8: permanently enable wifi/trackpoint/touchpad, disable bluetooth/wwan
Wifi is enabled by default: most users will want wifi.
Intel wifi chipsets might be a security risk due to non-free firmware (these chipsets have DMA access)
and could leak data over a side-channel. Switching to a non-intel wifi chipset (without firmware, or with free firmware) is recommended.
Disable wwan. These chipsets have non-free firmware in them and direct memory access.
Disable bluetooth (potential security risk).
Enable trackpoint and touchpad. There is no reason to disable these.
Change-Id: Ic76ab9ab9c865f30312378e18af58bece6c3260a
Signed-off-by: Francis Rowe <info at gluglug.org.uk>
---
src/ec/lenovo/h8/h8.c | 22 ++++++++++++----------
src/ec/lenovo/pmh7/pmh7.c | 11 ++++-------
2 files changed, 16 insertions(+), 17 deletions(-)
diff --git a/src/ec/lenovo/h8/h8.c b/src/ec/lenovo/h8/h8.c
index 79ef3cd..dd6f73c 100644
--- a/src/ec/lenovo/h8/h8.c
+++ b/src/ec/lenovo/h8/h8.c
@@ -245,9 +245,11 @@ static void h8_enable(device_t dev)
ec_write(H8_FAN_CONTROL, H8_FAN_CONTROL_AUTO);
- if (get_option(&val, "wlan") != CB_SUCCESS)
- val = 1;
- h8_wlan_enable(val);
+ // Permanently enable wifi
+ // Intel wifi could be a security risk because it uses firmware. Wlan chip has DMA
+ // and could leak data over a side-channel. Using another manufacturer is recommended.
+ // see http://libreboot.org/docs/index.html#recommended_wifi
+ h8_wlan_enable(1);
h8_trackpoint_enable(1);
h8_usb_power_enable(1);
@@ -255,14 +257,14 @@ static void h8_enable(device_t dev)
if (get_option(&val, "volume") == CB_SUCCESS)
ec_write(H8_VOLUME_CONTROL, val);
- if (get_option(&val, "bluetooth") != CB_SUCCESS)
- val = 1;
- h8_bluetooth_enable(val);
-
- if (get_option(&val, "wwan") != CB_SUCCESS)
- val = 1;
+ // Permanently disable bluetooth (potential remote security risk)
+ h8_bluetooth_enable(0);
- h8_wwan_enable(val);
+ // Permanently disable wwan
+ // These wwan chips have firmware in them - they have to. It's a small OS that handles communication
+ // with a telecoms provider. The issue is that this could allow remote access to the machine,
+ // and the cards have direct memory access. It could potentially leak data.
+ h8_wwan_enable(0);
if (conf->has_uwb) {
if (get_option(&val, "uwb") != CB_SUCCESS)
diff --git a/src/ec/lenovo/pmh7/pmh7.c b/src/ec/lenovo/pmh7/pmh7.c
index cb0e27b..38ca77a 100644
--- a/src/ec/lenovo/pmh7/pmh7.c
+++ b/src/ec/lenovo/pmh7/pmh7.c
@@ -106,7 +106,6 @@ static void enable_dev(device_t dev)
{
struct ec_lenovo_pmh7_config *conf = dev->chip_info;
struct resource *resource;
- u8 val;
resource = new_resource(dev, EC_LENOVO_PMH7_INDEX);
resource->flags = IORESOURCE_IO | IORESOURCE_FIXED;
@@ -118,13 +117,11 @@ static void enable_dev(device_t dev)
pmh7_backlight_enable(conf->backlight_enable);
pmh7_dock_event_enable(conf->dock_event_enable);
- if (get_option(&val, "touchpad") != CB_SUCCESS)
- val = 1;
- pmh7_touchpad_enable(val);
+ // Permanently enable touchpad
+ pmh7_touchpad_enable(1);
- if (get_option(&val, "trackpoint") != CB_SUCCESS)
- val = 1;
- pmh7_trackpoint_enable(val);
+ // Permanently enable trackpoint
+ pmh7_trackpoint_enable(1);
}
struct chip_operations ec_lenovo_pmh7_ops = {
More information about the coreboot-gerrit
mailing list