Tim Crawford

> After running `ectool.sh security unlock` I get presented with the unlock prompt on every boot - hot or cold - until I cancel out of it. ~Addressed by https://github.com/system76/firmware-setup/pull/45.~...

The running firmware needs to have the option already enabled for the prompt to show. - 1st flash with `CONFIG_SECURITY=y`: will not prompt - 2nd flash with `CONFIG_SECURITY=y`: will prompt

You need to give the commit of firmware-open you are using, and the commit of any submodule if you have modified them.

The feature requires the functionality be added/enabled in: - coreboot - ec - edk2 - firmware-setup - firmware-update

If you are using 4b32a3e9f5eb without any modifications to submodules, then the only thing needed is adding `CONFIG_SECURITY=y` in `models/galp5/ec.config`.

It must be `y`, not `1`. Can you confirm you have the setting correct.

coreboot uses Kconfig imported from Linux with patches: [`util/kconfig`](https://github.com/coreboot/coreboot/tree/24.08/util/kconfig) Zephyr appears to have a Python based implementation for parsing Kconfig files: [`scripts/kconfig`](https://github.com/zephyrproject-rtos/zephyr/tree/zephyr-v3.5.0/scripts/kconfig) There are Rust bindings for Kconfig via tree-sitter:...

There is no integration for using the container yet, so podman is not a dependency.

There definitely seems to be some WDT still running: - 10 seconds after first power-on it resets - Do we need to ACK/set a signal? - On second boot, FSP-S...

``` -c, --component ... Add specific components on installation ``` The usage was never clearly defined. But as the reporter of #4073, I have only ever used tooling that accepts...