[coreboot] REcon MTL 2017 talk on coreboot
Trammell Hudson
hudson at trmm.net
Wed Jul 26 12:01:25 CEST 2017
Yuriy Bulygin and Oleksandr Bazhaniuk's coreboot presentation at REcon
Montreal 2017:
https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-DiggingIntoTheCoreOfBoot.pdf
They recap the MMIO BAR issue (previously disclosed at REcon Brussles),
and identified two new vulnerabilities (handling ACPI GNVS pointers
during S3 resume, and an SMI handler that reads from an unprotected
VGA MMIO register).
They also identify that the /WP bit is not set on most non-chromebook
coreboot installs and that PRR are not enabled by default. They
summarize this configuration as "super crazy developer mode", which has
several drawbacks:
* SMM based firmware write protection is off
• SPI protected range registers are disabled
• TCO and Global SMI are not locked down
• SPI config is not locked
• SMRAM can be DMA’d into
Are there active reviews for the GNVS or VGA issues? I don't see any
on review.coreoot.org.
For the non-chromebook configuration, what is the best practice?
I can set PRR, TSEG, etc in my Linux payload, but is that too late?
--
Trammell
More information about the coreboot
mailing list