Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37289 )
Change subject: cpu/x86/smm: Add sinkhole mitigation to relocatable smmstub ......................................................................
Patch Set 5:
(4 comments)
https://review.coreboot.org/c/coreboot/+/37289/5/src/cpu/x86/smm/smm_stub.S File src/cpu/x86/smm/smm_stub.S:
https://review.coreboot.org/c/coreboot/+/37289/5/src/cpu/x86/smm/smm_stub.S@... PS5, Line 87: /* emit "Crash" on serial */
only write something on serial in case of CONSOLE_SERIAL?
I guess we could ifdef this out, yes.
https://review.coreboot.org/c/coreboot/+/37289/5/src/cpu/x86/smm/smm_stub.S@... PS5, Line 100: ud2
do you need to crash? isn't returning from SMM enough?
That would still enable using the lapic relocation as an SMM blocker, which may be undesirable. Since there's no good reason for the lapic to be configured to such addresses at all, crashing is the most robust way to deal with it.
https://review.coreboot.org/c/coreboot/+/37289/5/src/cpu/x86/smm/smm_stub.S@... PS5, Line 154: protected mode I suppose the GDT is in the already sanitized region?
https://review.coreboot.org/c/coreboot/+/37289/5/src/cpu/x86/smm/smm_stub.S@... PS5, Line 154: relocateble relocatable