Attention is currently required from: Patrick Rudolph. Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37289 )
Change subject: cpu/x86/smm: Add sinkhole mitigation to relocatable smmstub ......................................................................
Patch Set 5:
(5 comments)
File src/cpu/x86/smm/smm_stub.S:
https://review.coreboot.org/c/coreboot/+/37289/comment/63ca5f15_06e393fd PS3, Line 218: $0xfffffff0, %esp
stack is located above DEFAULT_SMM_SIZE, so the check needs to happen before accessing the stack.
Done
File src/cpu/x86/smm/smm_stub.S:
https://review.coreboot.org/c/coreboot/+/37289/comment/ed7187fc_b47741ce PS5, Line 87: /* emit "Crash" on serial */
I guess we could ifdef this out, yes.
Done
https://review.coreboot.org/c/coreboot/+/37289/comment/6086b753_9a0445f6 PS5, Line 100: ud2
That would still enable using the lapic relocation as an SMM blocker, which may be undesirable. […]
Done
https://review.coreboot.org/c/coreboot/+/37289/comment/1c9129e7_fe4e4eb1 PS5, Line 154: relocateble
relocatable
Done
https://review.coreboot.org/c/coreboot/+/37289/comment/d288e184_0f4821b4 PS5, Line 154: protected mode
I suppose the GDT is in the already sanitized region?
Done. Yes that's actually the only thing that needs to be checked.