The previous version from review.coreboot.org is no longer available at
that address. This reverts to using the upstream, which is also a
rewrite and currently in beta. The full release is expected before
22.11.
aka 5.01+coreboot-001+
The version maintained by coreboot project is superior to Debian, it
integrates all the Debian patches and fixes a bunch more bugs.
In particular, it fixes SMP freezes and apparent memory errors when
running under coreboot ROM.
With hardening enabled it reports errors on known-good memory modules
on my Thinkpad X230 (Ivy Bridge). It's the same bug as reported in
https://bugs.launchpad.net/ubuntu/+source/memtest86+/+bug/1071209 but
memtest86+ fails on test #9 instead of test #7 (because #7 in 4.20
became #9 in 5.01) and with all the addresses multiplied by 2 (I guess
the bug was reported for i686, and I test on x86_64, it was 2012 after
all).
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow