[coreboot-gerrit] Patch set updated for coreboot: f44e531 NOTFORMERGE: ec/lenovo/h8: permanently enable wifi/trackpoint/touchpad/bluetooth/wwan
Francis Rowe (info@gluglug.org.uk)
gerrit at coreboot.org
Mon Oct 13 02:12:50 CEST 2014
Francis Rowe (info at gluglug.org.uk) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/7058
-gerrit
commit f44e531919c64c13654ad38700a9fdf2840fc8f1
Author: Francis Rowe <info at gluglug.org.uk>
Date: Mon Oct 13 00:14:53 2014 +0100
NOTFORMERGE: ec/lenovo/h8: permanently enable wifi/trackpoint/touchpad/bluetooth/wwan
Wifi is enabled by default: most users will want wifi.
Intel wifi chipsets might be a security risk due to non-free firmware (these chipsets have DMA access)
and could leak data over a side-channel. Switching to a non-intel wifi chipset (without firmware, or with free firmware) is recommended.
Enable bluetooth and wwan.
Note, these are both security risks.
WWAN cards also have proprietary firmware in them. That, plus DMA access means you should physically remove it.
It's possible to replace the wwan card with something else, for example an SD card reader.
Enable trackpoint and touchpad. There is no reason to disable these.
Change-Id: Ic76ab9ab9c865f30312378e18af58bece6c3260a
Signed-off-by: Francis Rowe <info at gluglug.org.uk>
---
src/ec/lenovo/h8/h8.c | 21 +++++++++++----------
src/ec/lenovo/pmh7/pmh7.c | 11 ++++-------
2 files changed, 15 insertions(+), 17 deletions(-)
diff --git a/src/ec/lenovo/h8/h8.c b/src/ec/lenovo/h8/h8.c
index 79ef3cd..186ae6a 100644
--- a/src/ec/lenovo/h8/h8.c
+++ b/src/ec/lenovo/h8/h8.c
@@ -245,9 +245,11 @@ static void h8_enable(device_t dev)
ec_write(H8_FAN_CONTROL, H8_FAN_CONTROL_AUTO);
- if (get_option(&val, "wlan") != CB_SUCCESS)
- val = 1;
- h8_wlan_enable(val);
+ // Permanently enable wifi
+ // Intel wifi could be a security risk because it uses firmware. Wlan chip has DMA
+ // and could leak data over a side-channel. Using another manufacturer is recommended.
+ // see http://libreboot.org/docs/index.html#recommended_wifi
+ h8_wlan_enable(1);
h8_trackpoint_enable(1);
h8_usb_power_enable(1);
@@ -255,14 +257,13 @@ static void h8_enable(device_t dev)
if (get_option(&val, "volume") == CB_SUCCESS)
ec_write(H8_VOLUME_CONTROL, val);
- if (get_option(&val, "bluetooth") != CB_SUCCESS)
- val = 1;
- h8_bluetooth_enable(val);
-
- if (get_option(&val, "wwan") != CB_SUCCESS)
- val = 1;
+ // Permanently enable bluetooth.
+ // NOTE: bluetooth is a potential security risk. Physical removal of the bluetooth module is recommended.
+ h8_bluetooth_enable(1);
- h8_wwan_enable(val);
+ // Permanently enable wwan.
+ // NOTE: wwan is a security risk (remove access plus DMA). Physical removal of both the wwan and sim card is recommended.
+ h8_wwan_enable(1);
if (conf->has_uwb) {
if (get_option(&val, "uwb") != CB_SUCCESS)
diff --git a/src/ec/lenovo/pmh7/pmh7.c b/src/ec/lenovo/pmh7/pmh7.c
index cb0e27b..38ca77a 100644
--- a/src/ec/lenovo/pmh7/pmh7.c
+++ b/src/ec/lenovo/pmh7/pmh7.c
@@ -106,7 +106,6 @@ static void enable_dev(device_t dev)
{
struct ec_lenovo_pmh7_config *conf = dev->chip_info;
struct resource *resource;
- u8 val;
resource = new_resource(dev, EC_LENOVO_PMH7_INDEX);
resource->flags = IORESOURCE_IO | IORESOURCE_FIXED;
@@ -118,13 +117,11 @@ static void enable_dev(device_t dev)
pmh7_backlight_enable(conf->backlight_enable);
pmh7_dock_event_enable(conf->dock_event_enable);
- if (get_option(&val, "touchpad") != CB_SUCCESS)
- val = 1;
- pmh7_touchpad_enable(val);
+ // Permanently enable touchpad
+ pmh7_touchpad_enable(1);
- if (get_option(&val, "trackpoint") != CB_SUCCESS)
- val = 1;
- pmh7_trackpoint_enable(val);
+ // Permanently enable trackpoint
+ pmh7_trackpoint_enable(1);
}
struct chip_operations ec_lenovo_pmh7_ops = {
More information about the coreboot-gerrit
mailing list