Arthur Heymans uploaded patch set #5 to this change.

View Change

cpu/x86/smm: Add sinkhole mitigation to relocatable smmstub

This adds a check for LAPIC base twice. There is a very early check
when the CPU is still executing in real mode checks if the LAPIC base
is inside the region [smmbase,smmbase + SMM_DEFAULT_SIZE). The CPU
cannot use anything but a hardcoded size since even accessing the
relocatable parameters is impossible in the state of the CPU.
After the CPU operates in protected mode the relocatable parameters
are accessible and are used the check for the full smm region.

Change-Id: I49927c4f4218552b732bac8aae551d845ad7f079
Signed-off-by: Arthur Heymans <>
M src/cpu/x86/smm/smm_stub.S
1 file changed, 49 insertions(+), 0 deletions(-)

git pull ssh:// refs/changes/89/37289/5

To view, visit change 37289. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I49927c4f4218552b732bac8aae551d845ad7f079
Gerrit-Change-Number: 37289
Gerrit-PatchSet: 5
Gerrit-Owner: Arthur Heymans <>
Gerrit-Reviewer: Aaron Durbin <>
Gerrit-Reviewer: Arthur Heymans <>
Gerrit-Reviewer: Martin Roth <>
Gerrit-Reviewer: Patrick Georgi <>
Gerrit-Reviewer: build bot (Jenkins) <>
Gerrit-CC: Paul Menzel <>
Gerrit-MessageType: newpatchset