From 5a45b04ac0e4a296f1df1984200766151c66c42c Mon Sep 17 00:00:00 2001 From: Duncan Laurie Date: Thu, 22 Aug 2013 09:56:42 -0700 Subject: [PATCH] intel/lynxpoint: Add CONFIG_LOCK_MANAGEMENT_ENGINE entry to Kconfig This was missing from lynxpoint. BUG=chrome-os-partner:21796 BRANCH=falco,peppy TEST=emerge-falco chromeos-coreboot-falco Change-Id: Id1b261a5310ce1482f11c8c032c13f49046742fc Signed-off-by: Duncan Laurie Reviewed-on: https://gerrit.chromium.org/gerrit/66669 Reviewed-by: Aaron Durbin Reviewed-on: http://review.coreboot.org/6012 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi --- src/southbridge/intel/lynxpoint/Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/southbridge/intel/lynxpoint/Kconfig b/src/southbridge/intel/lynxpoint/Kconfig index 0ad39a0cd9..0ba61bc29f 100644 --- a/src/southbridge/intel/lynxpoint/Kconfig +++ b/src/southbridge/intel/lynxpoint/Kconfig @@ -136,4 +136,17 @@ config FINALIZE_USB_ROUTE_XHCI If you set this option to y, the USB ports will be routed to the XHCI controller during the finalize SMM callback. +config LOCK_MANAGEMENT_ENGINE + bool "Lock Management Engine section" + default n + help + The Intel Management Engine supports preventing write accesses + from the host to the Management Engine section in the firmware + descriptor. If the ME section is locked, it can only be overwritten + with an external SPI flash programmer. You will want this if you + want to increase security of your ROM image once you are sure + that the ME firmware is no longer going to change. + + If unsure, say N. + endif