Attention is currently required from: Nico Huber, Patrick Rudolph, Benjamin Doron.
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/40830 )
Change subject: security/intel: Add option to enable SMM flash access only
......................................................................
Patch Set 5:
(1 comment)
Patchset:
PS5:
Why cling to the WPD bit? AFAIR, there is an exploitable race, e.g. one […]
InSMM.STS does not exist on older plaforms. Moreover, InSMM.STS needs special handling when using SMMSTORE, and the point of these patches is to protect the flash chip while allowsing SMMSTORE to work (otherwise I would've simply used protected ranges). Once I have InSMM.STS working, I can enable it by default where supported when one chooses to write-protect the flash through SMM.
--
To view, visit
https://review.coreboot.org/c/coreboot/+/40830
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I157db885b5f1d0f74009ede6fb2342b20d9429fa
Gerrit-Change-Number: 40830
Gerrit-PatchSet: 5
Gerrit-Owner: Patrick Rudolph
patrick.rudolph@9elements.com
Gerrit-Reviewer: Angel Pons
th3fanbus@gmail.com
Gerrit-Reviewer: Benjamin Doron
benjamin.doron00@gmail.com
Gerrit-Reviewer: Patrick Rudolph
siro@das-labor.org
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Nico Huber
nico.h@gmx.de
Gerrit-CC: Paul Menzel
paulepanter@users.sourceforge.net
Gerrit-Attention: Nico Huber
nico.h@gmx.de
Gerrit-Attention: Patrick Rudolph
patrick.rudolph@9elements.com
Gerrit-Attention: Benjamin Doron
benjamin.doron00@gmail.com
Gerrit-Comment-Date: Mon, 08 Mar 2021 23:26:57 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Nico Huber
nico.h@gmx.de
Gerrit-MessageType: comment
