GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/security
History
Julius Werner 39914a50ae soc/intel: Add SI_DESC region to GSCVD ranges 
Intel platforms have soft straps stored in the SI_DESC FMAP section
which can alter boot behavior and may open up a security risk if they
can be modified by an attacker. This patch adds the SI_DESC region to
the list of ranges covered by GSC verification (CONFIG_VBOOT_GSCVD).

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I0f1b297e207d3c6152bf99ec5a5b0983f01b2d0b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66346
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-09-03 00:41:33 +00:00
..
intel treewide: Remove unused <cpu/x86/msr.h> 2022-07-20 13:16:52 +00:00
lockdown security/intel: Add option to enable SMM flash access only 2021-06-21 08:11:11 +00:00
memory security/memory/memory.c: Include 'stdbool' instead of 'stdint' 2022-01-04 14:56:37 +00:00
tpm cbfs/vboot: Adapt to new vb2_digest API 2022-09-02 23:51:29 +00:00
vboot soc/intel: Add SI_DESC region to GSCVD ranges 2022-09-03 00:41:33 +00:00
Kconfig
Makefile.inc