On 9/28/18 4:18 AM, Sam Kuper wrote:
> On 28/09/2018, Peter Stuge <[email protected]> wrote:
>> Youness Alaoui wrote:
>>> avoid any malware writing to the flash
>>
>> Just disallow flash writes by the platform. Allow flash writes only
>> by dedicated hardware (maybe ChromeEC?) which implements a simple and
>> efficient security protocol.
>
> Relevant URL:
> https://www.chromium.org/chromium-os/ec-development#TOC-Write-Protect
This seems to state the opposite of what Peter suggested, i.e. the host
firmware is responsible of validating the EC firmware('s update) and
not the other way around. IMHO, a good idea.
Nico
--
coreboot mailing list: [email protected]
https://mail.coreboot.org/mailman/listinfo/coreboot
