Arthur Heymans uploaded patch set #2 to this change.

View Change

cpu/x86/smm: Add sinkhole mitigation to relocatable smmstub

This adds a check for LAPIC base twice. There is a very early check
when the CPU is still executing in real mode checks if the LAPIC base
is inside the region [smmbase,smmbase + SMM_DEFAULT_SIZE). The CPU
cannot use anything but a hardcoded size since even accessing the
relocatable parameters is impossible in the state of the CPU.

The actual SMI handler is located above smmbase + SMM_DEFAULT_SIZE and
before jumping to it the LAPIC base is checked against the whole SMM
region. Given that we have a working stack at this point, this is done
in C code.

UNTESTED.

Change-Id: I49927c4f4218552b732bac8aae551d845ad7f079
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
---
M src/cpu/x86/smm/Makefile.inc
A src/cpu/x86/smm/sinkhole.c
M src/cpu/x86/smm/smm_stub.S
M src/include/cpu/x86/smm.h
4 files changed, 84 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/89/37289/2

To view, visit change 37289. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I49927c4f4218552b732bac8aae551d845ad7f079
Gerrit-Change-Number: 37289
Gerrit-PatchSet: 2
Gerrit-Owner: Arthur Heymans <arthur@aheymans.xyz>
Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org>
Gerrit-Reviewer: Arthur Heymans <arthur@aheymans.xyz>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-MessageType: newpatchset