summaryrefslogtreecommitdiff
path: root/src/devices/pci_rom.c
diff options
context:
space:
mode:
authorStefan Reinauer <reinauer@chromium.org>2011-10-06 16:47:51 -0700
committerMathias Krause <minipli@googlemail.com>2012-03-09 20:01:32 +0100
commitafaa25776ff2f42293e6ef48fdaddfa8104bbe50 (patch)
tree1305ce64ad9924ebc693ded82dff1e9ec0a0b822 /src/devices/pci_rom.c
parent1025f3afc85be633451c4312ab26d179d47132e5 (diff)
downloadcoreboot-afaa25776ff2f42293e6ef48fdaddfa8104bbe50.tar.xz
Don't run any Option ROMs stored outside of the system flash
Right now coreboot only executes VGA Option ROMs. However, this is not good enough. For security reasons we want to execute only Option ROMs stored in our r/o CBFS. This patch adds a new option to disable execution of arbitrary Option ROMs. Also fix the capitalization of Option ROM in src/devices/Kconfig Change-Id: I485291c06ec5cd1f875357401831fe32ccfc5f2f Signed-off-by: Stefan Reinauer <reinauer@google.com> Reviewed-on: http://review.coreboot.org/730 Tested-by: build bot (Jenkins) Reviewed-by: Ronald G. Minnich <rminnich@gmail.com> Reviewed-by: Mathias Krause <minipli@googlemail.com>
Diffstat (limited to 'src/devices/pci_rom.c')
-rw-r--r--src/devices/pci_rom.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/devices/pci_rom.c b/src/devices/pci_rom.c
index 471c7e2a7a..800776e8df 100644
--- a/src/devices/pci_rom.c
+++ b/src/devices/pci_rom.c
@@ -71,9 +71,15 @@ struct rom_header *pci_rom_probe(struct device *dev)
rom_address|PCI_ROM_ADDRESS_ENABLE);
}
- printk(BIOS_DEBUG, "On card, ROM address for %s = %lx\n",
+#if CONFIG_ON_DEVICE_ROM_RUN
+ printk(BIOS_DEBUG, "Option ROM address for %s = %lx\n",
dev_path(dev), (unsigned long)rom_address);
rom_header = (struct rom_header *)rom_address;
+#else
+ printk(BIOS_DEBUG, "Option ROM execution disabled "
+ "for %s\n", dev_path(dev));
+ return NULL;
+#endif
}
printk(BIOS_SPEW, "PCI expansion ROM, signature 0x%04x, "