Rename doc/ to docs/
Signed-off-by: Tim Crawford <tcrawford@system76.com>
This commit is contained in:
Tim Crawford
committed by
Jeremy Soller
Jeremy Soller
parent
9302a30a2d
commit
bd291871f4
13
docs/security.md
Normal file
13
docs/security.md
Normal file
@@ -0,0 +1,13 @@
|
||||
# Firmware security
|
||||
|
||||
The firmware security feature can be configured by setting `CONFIG_SECURITY=1`
|
||||
in the `src/board/system76/[board]/board.mk` file. This feature prevents
|
||||
programming the EC firmware at runtime, unless the EC is unlocked with the
|
||||
`system76-ectool security unlock` command. After this, on the next reboot, the
|
||||
EC will respond to the SPI and reset commands. On boards where the `ME_WE` GPIO
|
||||
exists, it will be set high when the EC security state is unlocked.
|
||||
|
||||
Other firmware components can use this state to perform their own locking and
|
||||
unlocking primitives. For example, in `coreboot`, flash regions may be locked
|
||||
when the EC security state is locked. In `EDK2`, a physical presence dialog may
|
||||
be shown when the EC security state is unlocked.
|
||||
Reference in New Issue
Block a user