Patrick Rudolph has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/42982 )
Change subject: Documentation: Add TODOs for secure SMM when using x86_64 ......................................................................
Documentation: Add TODOs for secure SMM when using x86_64
Change-Id: I157238f18bc1c2eba0adc0b87caa9adaf3fc5d38 Signed-off-by: Patrick Rudolph siro@das-labor.org --- M Documentation/arch/x86/index.md 1 file changed, 9 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/82/42982/1
diff --git a/Documentation/arch/x86/index.md b/Documentation/arch/x86/index.md index 462e7e6..5e75b5b 100644 --- a/Documentation/arch/x86/index.md +++ b/Documentation/arch/x86/index.md @@ -49,6 +49,15 @@ * Add assembly code to return to protected mode - *TODO* * Implement reference code for mainboard `emulation/qemu-q35` - *TODO*
+## Future work + +1. Fine grained page tables for SMM: + * Must not have execute and write permissions for the same page. + * Must allow only that TSEG pages can be marked executable + * Must reside in SMRAM +2. Support 64bit PCI BARs above 4GiB +3. Place and run code above 4GiB + ## Porting other boards * Fix compilation errors * Test how well CAR works with x86_64 and paging
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/42982 )
Change subject: Documentation: Add TODOs for secure SMM when using x86_64 ......................................................................
Patch Set 1: Code-Review+2
(1 comment)
https://review.coreboot.org/c/coreboot/+/42982/1/Documentation/arch/x86/inde... File Documentation/arch/x86/index.md:
https://review.coreboot.org/c/coreboot/+/42982/1/Documentation/arch/x86/inde... PS1, Line 54: 1. Fine grained page tables for SMM: Is this not desirable in general for SMM even if the code is running in protected mode?
Raul Rangel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/42982 )
Change subject: Documentation: Add TODOs for secure SMM when using x86_64 ......................................................................
Patch Set 1: Code-Review+2
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/42982 )
Change subject: Documentation: Add TODOs for secure SMM when using x86_64 ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/c/coreboot/+/42982/1/Documentation/arch/x86/inde... File Documentation/arch/x86/index.md:
https://review.coreboot.org/c/coreboot/+/42982/1/Documentation/arch/x86/inde... PS1, Line 54: 1. Fine grained page tables for SMM:
Is this not desirable in general for SMM even if the code is running in protected mode?
That depends on your expectations. If you want to keep things simple, then you don't want to use paging at all. In protected mode you don't have to.
As long mode requires page tables you can add additional complexity which might result in a safer execution environment, but more code also means more places for bugs.
Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/42982 )
Change subject: Documentation: Add TODOs for secure SMM when using x86_64 ......................................................................
Documentation: Add TODOs for secure SMM when using x86_64
Change-Id: I157238f18bc1c2eba0adc0b87caa9adaf3fc5d38 Signed-off-by: Patrick Rudolph siro@das-labor.org Reviewed-on: https://review.coreboot.org/c/coreboot/+/42982 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Arthur Heymans arthur@aheymans.xyz Reviewed-by: Raul Rangel rrangel@chromium.org --- M Documentation/arch/x86/index.md 1 file changed, 9 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Arthur Heymans: Looks good to me, approved Raul Rangel: Looks good to me, approved
diff --git a/Documentation/arch/x86/index.md b/Documentation/arch/x86/index.md index 536dea3..30dcc10 100644 --- a/Documentation/arch/x86/index.md +++ b/Documentation/arch/x86/index.md @@ -49,6 +49,15 @@ * Add assembly code to return to protected mode - *TODO* * Implement reference code for mainboard `emulation/qemu-q35` - *TODO*
+## Future work + +1. Fine grained page tables for SMM: + * Must not have execute and write permissions for the same page. + * Must allow only that TSEG pages can be marked executable + * Must reside in SMRAM +2. Support 64bit PCI BARs above 4GiB +3. Place and run code above 4GiB + ## Porting other boards * Fix compilation errors * Test how well CAR works with x86_64 and paging
-
Arthur Heymans (Code Review) -
Patrick Georgi (Code Review)
-
Patrick Rudolph (Code Review)
-
Raul Rangel (Code Review)