I'm curious why this is an option, especially since it seems almost tailor made to re-create the Snorlax or Prince Harming vulnerabilities (VU#577140):
Flash ROM locking on S3 resume > 1. Don't lock ROM sections on S3 resume (LOCK_SPI_ON_RESUME_NONE) (NEW) 2. Lock all flash ROM sections on S3 resume (LOCK_SPI_ON_RESUME_RO) (NEW) 3. Lock and disable reads all flash ROM sections on S3 resume (LOCK_SPI_ON_RESUME_NO_ACCESS) (NEW) -- Trammell -- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
