futility: gscvd: Allow verification ranges in SI_ALL section
Recent discussions have brought us to the conclusion that we probably
want to include the SI_DESC section on Intel mainboards in the GSCVD
verified areas, since it contains soft straps that may affect
pre-coreboot behavior. The problem is that while this section itself
generally doesn't change, it is part of the larger Intel-specific SI_ALL
section that also contains the ME code and data -- which _can_ be
overwritten, so we usually place it in the RW part of the flash. The
section is instead protected from unauthorized software access by
platform-specific mechanisms.
This patch modifies `futility gscvd` so that it will also accept
verification ranges in an SI_ALL region (if it exists), not just in
WP_RO.
BRANCH=none
BUG=none
TEST=Modified coreboot to add SI_DESC range, verified ranges on Joxer.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Iacff931f7cb34a41d3d878eee395b97ba2452c2d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3794950
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
1 file changed
