Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33193 )
Change subject: soc/intel/{cml, whl}: Add option to skip HECI disable in SMM
......................................................................
Patch Set 8: Code-Review+1
(1 comment)
https://review.coreboot.org/#/c/33193/1/src/soc/intel/cannonlake/Kconfig
File src/soc/intel/cannonlake/Kconfig:
https://review.coreboot.org/#/c/33193/1/src/soc/intel/cannonlake/Kconfig@30
PS1, Line 30: CHROMEOS
i guess you are referring at attack surface due to SMM mode. […]
This sounds much like a step backwards. SMM shouldn't be more privileged than normal execution, it only invites people to implement obscurity features in SMM. I guess in the long run it would be much better if coreboot would do the SAI switching.
I'm not sure if this was answered yet: Will ICL FSP have a UPD to disable HECI, so we won't have to do it in SMM?
--
To view, visit
https://review.coreboot.org/c/coreboot/+/33193
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If3b064f3c32877235916f966a01beb525156d188
Gerrit-Change-Number: 33193
Gerrit-PatchSet: 8
Gerrit-Owner: Subrata Banik
subrata.banik@intel.com
Gerrit-Reviewer: Aamir Bohra
aamir.bohra@intel.com
Gerrit-Reviewer: Aaron Durbin
adurbin@chromium.org
Gerrit-Reviewer: Bora Guvendik
bora.guvendik@intel.com
Gerrit-Reviewer: Duncan Laurie
dlaurie@chromium.org
Gerrit-Reviewer: Furquan Shaikh
furquan@google.com
Gerrit-Reviewer: Nico Huber
nico.h@gmx.de
Gerrit-Reviewer: Rizwan Qureshi
rizwan.qureshi@intel.com
Gerrit-Reviewer: Shelley Chen
shchen@google.com
Gerrit-Reviewer: Subrata Banik
subrata.banik@intel.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Paul Menzel
paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Wed, 12 Jun 2019 22:30:11 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Comment-In-Reply-To: Aaron Durbin
adurbin@chromium.org
Comment-In-Reply-To: Subrata Banik
subrata.banik@intel.com
Comment-In-Reply-To: Duncan Laurie
dlaurie@chromium.org
Comment-In-Reply-To: Furquan Shaikh
furquan@google.com
Gerrit-MessageType: comment