Skip to content

Commit

Permalink
coreboot config: correct CONFIG_INTEL_CHIPSET_LOCKDOWN behavior to ma…
Browse files Browse the repository at this point in the history
…ke sure none locks
  • Loading branch information
tlaurion committed Jun 27, 2023
1 parent a4f5965 commit 14e7a76
Show file tree
Hide file tree
Showing 16 changed files with 48 additions and 26 deletions.
2 changes: 1 addition & 1 deletion config/coreboot-p8z77-m_pro-tpm1.config
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down
8 changes: 5 additions & 3 deletions config/coreboot-t420-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -328,14 +328,14 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI_ICH9=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_ACPI_MADT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down Expand Up @@ -541,9 +541,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
2 changes: 1 addition & 1 deletion config/coreboot-t420.config
Original file line number Diff line number Diff line change
Expand Up @@ -334,7 +334,7 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down
2 changes: 1 addition & 1 deletion config/coreboot-t430-legacy.config
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,7 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down
4 changes: 3 additions & 1 deletion config/coreboot-t430-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -541,9 +541,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
8 changes: 5 additions & 3 deletions config/coreboot-t520-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -329,14 +329,14 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI_ICH9=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_ACPI_MADT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down Expand Up @@ -537,9 +537,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
8 changes: 5 additions & 3 deletions config/coreboot-t530-dgpu-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -334,14 +334,14 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI_ICH9=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_ACPI_MADT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down Expand Up @@ -542,9 +542,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
4 changes: 3 additions & 1 deletion config/coreboot-t530-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -543,9 +543,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
4 changes: 3 additions & 1 deletion config/coreboot-w530-dgpu-K1000m-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -543,9 +543,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
4 changes: 3 additions & 1 deletion config/coreboot-w530-dgpu-K2000m-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -543,9 +543,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
8 changes: 5 additions & 3 deletions config/coreboot-w530-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -331,14 +331,14 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI_ICH9=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_ACPI_MADT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down Expand Up @@ -544,9 +544,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
4 changes: 3 additions & 1 deletion config/coreboot-x220-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -540,9 +540,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
2 changes: 1 addition & 1 deletion config/coreboot-x220.config
Original file line number Diff line number Diff line change
Expand Up @@ -333,7 +333,7 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down
2 changes: 1 addition & 1 deletion config/coreboot-x230-legacy.config
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,7 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down
4 changes: 3 additions & 1 deletion config/coreboot-x230-maximized-fhd_edp.config
Original file line number Diff line number Diff line change
Expand Up @@ -540,9 +540,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down
8 changes: 5 additions & 3 deletions config/coreboot-x230-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -328,14 +328,14 @@ CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI_ICH9=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_ACPI_MADT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_INTEL_CHIPSET_LOCKDOWN=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
Expand Down Expand Up @@ -540,9 +540,11 @@ CONFIG_PLATFORM_HAS_DRAM_CLEAR=y

# CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security

Expand Down

0 comments on commit 14e7a76

Please sign in to comment.