Attention is currently required from: Patrick Rudolph, Benjamin Doron, Angel Pons.
View Change
1 comment:
Patchset:
Patch Set #5:
Why cling to the WPD bit? AFAIR, there is an exploitable race, e.g. one
core is busy SMI handling and before it is done resetting the WPD bit
another core already started a write cycle. And that's why the InSMM.STS
thing was invented. I'm not 100% sure. It was said the race was fixed,
but my interpretation was that only InSMM.STS fixes it.
In any case I would prefer a warning at the Kconfig option that this
probably isn't secure. Or just implement InSMM.STS right away. Then you
don't even need to reset WPD, AIUI.
To view, visit change 40830. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I157db885b5f1d0f74009ede6fb2342b20d9429fa
Gerrit-Change-Number: 40830
Gerrit-PatchSet: 5
Gerrit-Owner: Patrick Rudolph <patrick.rudolph@9elements.com>
Gerrit-Reviewer: Angel Pons <th3fanbus@gmail.com>
Gerrit-Reviewer: Benjamin Doron <benjamin.doron00@gmail.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Nico Huber <nico.h@gmx.de>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-Attention: Patrick Rudolph <patrick.rudolph@9elements.com>
Gerrit-Attention: Benjamin Doron <benjamin.doron00@gmail.com>
Gerrit-Attention: Angel Pons <th3fanbus@gmail.com>
Gerrit-Comment-Date: Mon, 08 Mar 2021 22:46:25 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment