WP_NOTES.md: add some more links to past discussions and Platform Chipset Locking(PR0) to lock SPI access from Heads prior of kexec to main OS

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-18 12:46:26 +00:00 · 2024-09-10 13:46:08 -04:00 · 2024-09-10 13:46:08 -04:00 · e180fed3e2
commit e180fed3e2
parent de99b412ba
1 changed files with 6 additions and 1 deletions
--- a/WP_NOTES.md
+++ b/WP_NOTES.md
@ -1,6 +1,6 @@
 Flashrom was passed to flashprog under https://github.com/linuxboot/heads/pull/1769
-Thoe are notes for @i-c-o-n and others wanting to move WP forward but track issues and users
+Those are notes for @i-c-o-n and others wanting to move WP forward but track issues and users
 The problem with WP is that it is desired but even if partial write protection regions is present, WP is widely unused.
@ -13,5 +13,10 @@ Some random notes since support is incomplete (depends on chips, really)
   - Documented https://docs.dasharo.com/variants/asus_kgpe_d16/spi-wp/
  - WP still unused
 Alternative, as suggested by @i-c-o-n is Chipset Platform Locking (PR0) which is enforced at platform's chipset level for a boot
 - This is implemented and enforced on <= Haswell from this PR merged : https://github.com/linuxboot/heads/pull/1373
 - Non-upstreamed work has been made from @root-hardenedvault work in vaultboot downstream fork of Heads at https://github.com/hardenedvault/vaultboot/blob/master/patches/coreboot/0001-x11.patch
 - Discussion point under flashrom-> flashprog PR under https://github.com/linuxboot/heads/pull/1769/files/f8eb0a27c3dcb17a8c6fcb85dd7f03e8513798ae#r1752395865 tagging @i-c-o-n
 Not sure what is the way forward here, but lets keep this file in tree to track improvements over time.