Attention is currently required from: Nico Huber, Patrick Georgi.
Benjamin Doron has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/79095?usp=email )
Change subject: Documentation: Describe how SMMSTORE can be used safely ......................................................................
Patch Set 2:
(1 comment)
File Documentation/drivers/smmstore.md:
https://review.coreboot.org/c/coreboot/+/79095/comment/b7c43285_0ab4b6a4 : PS2, Line 177: As a remedy, CLEAR could be disabled after the initial repacking, : within the boot process, so that SMMSTORE becomes an append-only : store. In this case, the attacker could fill up the buffer, leading : to a DoS of the variable store until it's repacked. As described : earlier, once there's an attacker on the system, the variable store : lost its function until the attacker has been evicted, anyway.
Raw write from outside SMM is supposed to be disabled in the SMMSTORE model, yes. […]
I don't understand. SMMSTOREv2 is a raw read/write capability, likely for greater flexibility with payloads. It seems we've been considering different versions of SMMSTORE.
Can you add a note that SMMSTOREv2 requires more consideration? There are no keys to use as indices, and a block-based LOCK command might not be granular enough, but... something would be necessary.