Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33193 )
Change subject: soc/intel/{cml, whl}: Add option to skip HECI disable in SMM
......................................................................
Patch Set 6:
(1 comment)
https://review.coreboot.org/#/c/33193/1/src/soc/intel/cannonlake/Kconfig
File src/soc/intel/cannonlake/Kconfig:
https://review.coreboot.org/#/c/33193/1/src/soc/intel/cannonlake/Kconfig@30
PS1, Line 30: CHROMEOS
What is SMM mode allowing that non-SMM doesn't? […]
That's my point. Once the SA id is changed we require SMM. However, that also means we have libraries linked and persistent in SMM for communicating with ME. This is about turning off HECI, but it's concerning leaving this code around for attack purposes. I think Intel should think about this and how to minimize the exposure.
--
To view, visit
https://review.coreboot.org/c/coreboot/+/33193
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If3b064f3c32877235916f966a01beb525156d188
Gerrit-Change-Number: 33193
Gerrit-PatchSet: 6
Gerrit-Owner: Subrata Banik
subrata.banik@intel.com
Gerrit-Reviewer: Aamir Bohra
aamir.bohra@intel.com
Gerrit-Reviewer: Aaron Durbin
adurbin@chromium.org
Gerrit-Reviewer: Bora Guvendik
bora.guvendik@intel.com
Gerrit-Reviewer: Duncan Laurie
dlaurie@chromium.org
Gerrit-Reviewer: Furquan Shaikh
furquan@google.com
Gerrit-Reviewer: Rizwan Qureshi
rizwan.qureshi@intel.com
Gerrit-Reviewer: Shelley Chen
shchen@google.com
Gerrit-Reviewer: Subrata Banik
subrata.banik@intel.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Nico Huber
nico.h@gmx.de
Gerrit-CC: Paul Menzel
paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Tue, 11 Jun 2019 14:35:54 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Aaron Durbin
adurbin@chromium.org
Comment-In-Reply-To: Subrata Banik
subrata.banik@intel.com
Comment-In-Reply-To: Duncan Laurie
dlaurie@chromium.org
Comment-In-Reply-To: Furquan Shaikh
furquan@google.com
Gerrit-MessageType: comment