Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BIOS update disable / toggle in the BIOS #176

Closed
mkopec opened this issue Jul 28, 2022 · 2 comments
Closed

BIOS update disable / toggle in the BIOS #176

mkopec opened this issue Jul 28, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@mkopec
Copy link
Member

mkopec commented Jul 28, 2022
edited

The problem you're addressing (if any)

Add a toggle to completely disable write accesses to the BIOS flash for better security

Describe the solution you'd like

An option in the BIOS to lock the SPI flash completely

Where is the value to a user, and who might that user be?

Added security in certain scenarios, where Verified Boot may not be enough

Describe alternatives you've considered

n/a

Additional context

Certain enterprise laptops have the option to disable BIOS updates.
@macpijan macpijan added the enhancement New feature or request label Jul 28, 2022
@miczyg1
Copy link
Contributor

miczyg1 commented Aug 21, 2022

Disabling BIOS update != disabling SPI flash access. That kind of options typically disable capsule update. What you would probably want to achieve is something different. Make BIOS writable only in SMM?

@mkopec
Copy link
Member Author

mkopec commented Oct 28, 2022

SMM_BWP flash protection was implemented for #120 so this issue can be closed now.

@mkopec mkopec closed this as completed Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mkopec @macpijan @miczyg1