Attention is currently required from: Sean Rhodes, Jonathan Zhang, Benjamin Doron, Johnny Lin, Christian Walter, Arthur Heymans, Tim Chu.
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74828 )
Change subject: security/lockdown: Allow enabling BOOTMEDIA_SMM_BWP from option
......................................................................
Patch Set 2:
(1 comment)
Patchset:
PS2:
so the option would need to be created in edk2? […]
Not reading the option in SMM would reduce the attack surface. Then, it's just a matter of making sure the backend can't be written to from untrusted sources. If using something like SMMSTORE, one could implement a SMMSTORE_LOCK command that prevents further modifications to the store. Something similar could be implemented for any other SMM-mediated approaches.
--
To view, visit
https://review.coreboot.org/c/coreboot/+/74828
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iba01a6a42a7f3f521e3f116e61342f77622588ff
Gerrit-Change-Number: 74828
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Rhodes
sean@starlabs.systems
Gerrit-Reviewer: Angel Pons
th3fanbus@gmail.com
Gerrit-Reviewer: Arthur Heymans
arthur@aheymans.xyz
Gerrit-Reviewer: Benjamin Doron
benjamin.doron00@gmail.com
Gerrit-Reviewer: Christian Walter
christian.walter@9elements.com
Gerrit-Reviewer: Johnny Lin
Johnny_Lin@wiwynn.com
Gerrit-Reviewer: Jonathan Zhang
jon.zhixiong.zhang@gmail.com
Gerrit-Reviewer: Lean Sheng Tan
sheng.tan@9elements.com
Gerrit-Reviewer: Tim Chu
Tim.Chu@quantatw.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-Attention: Sean Rhodes
sean@starlabs.systems
Gerrit-Attention: Jonathan Zhang
jon.zhixiong.zhang@gmail.com
Gerrit-Attention: Benjamin Doron
benjamin.doron00@gmail.com
Gerrit-Attention: Johnny Lin
Johnny_Lin@wiwynn.com
Gerrit-Attention: Christian Walter
christian.walter@9elements.com
Gerrit-Attention: Arthur Heymans
arthur@aheymans.xyz
Gerrit-Attention: Tim Chu
Tim.Chu@quantatw.com
Gerrit-Comment-Date: Wed, 10 May 2023 18:50:53 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Sean Rhodes
sean@starlabs.systems
Comment-In-Reply-To: Benjamin Doron
benjamin.doron00@gmail.com
Gerrit-MessageType: comment