intel/lynxpoint: Add CONFIG_LOCK_MANAGEMENT_ENGINE entry to Kconfig
This was missing from lynxpoint. BUG=chrome-os-partner:21796 BRANCH=falco,peppy TEST=emerge-falco chromeos-coreboot-falco Change-Id: Id1b261a5310ce1482f11c8c032c13f49046742fc Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/66669 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/6012 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
This commit is contained in:
Duncan Laurie
Patrick Georgi
parent
78145a56b4
commit
5a45b04ac0
|
|
@ -136,4 +136,17 @@ config FINALIZE_USB_ROUTE_XHCI
|
||||||
If you set this option to y, the USB ports will be routed
|
If you set this option to y, the USB ports will be routed
|
||||||
to the XHCI controller during the finalize SMM callback.
|
to the XHCI controller during the finalize SMM callback.
|
||||||
|
|
||||||
|
config LOCK_MANAGEMENT_ENGINE
|
||||||
|
bool "Lock Management Engine section"
|
||||||
|
default n
|
||||||
|
help
|
||||||
|
The Intel Management Engine supports preventing write accesses
|
||||||
|
from the host to the Management Engine section in the firmware
|
||||||
|
descriptor. If the ME section is locked, it can only be overwritten
|
||||||
|
with an external SPI flash programmer. You will want this if you
|
||||||
|
want to increase security of your ROM image once you are sure
|
||||||
|
that the ME firmware is no longer going to change.
|
||||||
|
|
||||||
|
If unsure, say N.
|
||||||
|
|
||||||
endif
|
endif
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue