Add Kconfig option to lock/unlock ME firmware during build For reasons of security and testing we want to be able to enable/disable ME section locking through a config option. Change-Id: I341c577cdae86be62c0e3d32bbd6b3333c004a5f Signed-off-by: Stefan Reinauer <reinauer@google.com> Reviewed-on: http://review.coreboot.org/1798 Tested-by: build bot (Jenkins) Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>

commit: 7004b7c9e61640f1e7e7bf9043bf7b2a8603d956 [log] [tgz]
author: Stefan Reinauer <reinauer@chromium.org> Wed Oct 31 17:30:13 2012 -0700
committer: Ronald G. Minnich <rminnich@gmail.com> Tue Nov 13 18:24:06 2012 +0100
tree: 0d59a8d0dd30f16f30754f5fb5a07b29b02f6376
parent: 1bfbbc0d8f68b43af7ccda1dde796ed15950c508 [diff] [blame]
diff --git a/src/southbridge/intel/bd82x6x/Makefile.inc b/src/southbridge/intel/bd82x6x/Makefile.inc
index eca3d9e..7fd6ca8 100644
--- a/src/southbridge/intel/bd82x6x/Makefile.inc
+++ b/src/southbridge/intel/bd82x6x/Makefile.inc

@@ -60,5 +60,14 @@
 		-i ME:3rdparty/mainboard/$(MAINBOARDDIR)/me.bin \
 		$(obj)/coreboot.pre
 	mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
+ifeq ($(CONFIG_LOCK_MANAGEMENT_ENGINE),y)
+	printf "    IFDTOOL    Locking Management Engine\n"
+	$(objutil)/ifdtool/ifdtool -l $(obj)/coreboot.pre
+	mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
+else
+	printf "    IFDTOOL    Unlocking Management Engine\n"
+	$(objutil)/ifdtool/ifdtool -u $(obj)/coreboot.pre
+	mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
+endif
 
 PHONY += bd82x6x_add_me
commit	7004b7c9e61640f1e7e7bf9043bf7b2a8603d956	[log] [tgz]
author	Stefan Reinauer <reinauer@chromium.org>	Wed Oct 31 17:30:13 2012 -0700
committer	Ronald G. Minnich <rminnich@gmail.com>	Tue Nov 13 18:24:06 2012 +0100
tree	0d59a8d0dd30f16f30754f5fb5a07b29b02f6376
parent	1bfbbc0d8f68b43af7ccda1dde796ed15950c508 [diff] [blame]