Change in coreboot[master]: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

List overview All Threads
Download

newer

older

[M] Change in coreboot[master]:...

[L] Change in coreboot[master]:...

Arthur Heymans (Code Review)

28 Nov 2019 28 Nov '19

9:50 a.m.

Arthur Heymans has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Pre-sandy bridge hardware is likely affected by the sinkhole vulnerability.

Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/cpu/x86/Kconfig 1 file changed, 3 insertions(+), 3 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/21/37321/1

diff --git a/src/cpu/x86/Kconfig b/src/cpu/x86/Kconfig index efb5fa9..335463d 100644 --- a/src/cpu/x86/Kconfig +++ b/src/cpu/x86/Kconfig @@ -139,9 +139,9 @@

config SMM_LAPIC_REMAP_MITIGATION bool - default y if NORTHBRIDGE_INTEL_I945 - default y if NORTHBRIDGE_INTEL_GM45 - default y if NORTHBRIDGE_INTEL_NEHALEM + default y if NORTHBRIDGE_INTEL_I945 || NORTHBRIDGE_INTEL_GM45 \ + || NORTHBRIDGE_INTEL_X4X || NORTHBRIDGE_INTEL_PINEVIEW \ + || NORTHBRIDGE_INTEL_E7505 default n

config SERIALIZED_SMM_INITIALIZATION

Attachments:

attachment.htm (text/html — 2.7 KB)

Show replies by date

Arthur Heymans (Code Review)

28 Nov 28 Nov

9:55 a.m.

Arthur Heymans has uploaded a new patch set (#2). ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Pre-sandy bridge hardware is likely affected by the sinkhole vulnerability.

Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/cpu/x86/Kconfig 1 file changed, 3 insertions(+), 3 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/21/37321/2

Paul Menzel (Code Review)

10:41 a.m.

Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

Patch Set 2:

(1 comment)

https://review.coreboot.org/c/coreboot/+/37321/2//COMMIT_MSG Commit Message:

https://review.coreboot.org/c/coreboot/+/37321/2//COMMIT_MSG@10 PS2, Line 10: vulnerability. Do you have more information about that? The other commit implementing this for Intel 945(?) says, that Sandy Bridge is not affected.

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 2 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Thu, 28 Nov 2019 09:41:12 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

Arthur Heymans (Code Review)

10:46 a.m.

Hello build bot (Jenkins),

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/37321

to look at the new patch set (#3).

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Pre-sandy bridge hardware is likely affected by the sinkhole vulnerability. Intel sandy bridge and newer has hardware mitigations against this attack according to https://github.com/xoreaxeaxeax/sinkhole.

Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/cpu/x86/Kconfig 1 file changed, 3 insertions(+), 3 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/21/37321/3

HAOUAS Elyes (Code Review)

1 Dec 1 Dec

11:26 a.m.

HAOUAS Elyes has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

Patch Set 4: Code-Review+1

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 4 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: HAOUAS Elyes ehaouas@noos.fr Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Sun, 01 Dec 2019 10:26:23 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

HAOUAS Elyes (Code Review)

29 Feb 29 Feb

10:18 a.m.

HAOUAS Elyes has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

Patch Set 5: Code-Review+2

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 5 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: HAOUAS Elyes ehaouas@noos.fr Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Sat, 29 Feb 2020 09:18:37 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Angel Pons (Code Review)

5 Feb 5 Feb

8:23 p.m.

Attention is currently required from: Arthur Heymans. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

Patch Set 5: Code-Review+1

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 5 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Attention: Arthur Heymans arthur@aheymans.xyz Gerrit-Comment-Date: Fri, 05 Feb 2021 19:23:01 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Arthur Heymans (Code Review)

8 Apr 8 Apr

4:07 p.m.

Attention is currently required from: Arthur Heymans. Hello build bot (Jenkins), Angel Pons,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/37321

to look at the new patch set (#6).

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/cpu/x86/Kconfig 1 file changed, 3 insertions(+), 3 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/21/37321/6

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 6 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@mailbox.org Gerrit-Attention: Arthur Heymans arthur@aheymans.xyz Gerrit-MessageType: newpatchset

Angel Pons (Code Review)

9 Apr 9 Apr

12:04 a.m.

Attention is currently required from: Arthur Heymans. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

Patch Set 7: Code-Review+2

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 7 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@mailbox.org Gerrit-Attention: Arthur Heymans arthur@aheymans.xyz Gerrit-Comment-Date: Fri, 08 Apr 2022 22:04:32 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Angel Pons (Code Review)

21 Oct 21 Oct

8:25 p.m.

New subject: [S] Change in coreboot[master]: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Attention is currently required from: Arthur Heymans.

Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

Patch Set 7:

(1 comment)

Patchset:

PS7: We never got to submit this?

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 7 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@mailbox.org Gerrit-Attention: Arthur Heymans arthur@aheymans.xyz Gerrit-Comment-Date: Fri, 21 Oct 2022 18:25:10 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

Arthur Heymans (Code Review)

26 Oct 26 Oct

9:46 a.m.

New subject: [S] Change in coreboot[master]: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Attention is currently required from: Paul Menzel.

Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

Patch Set 7:

(1 comment)

Commit Message:

https://review.coreboot.org/c/coreboot/+/37321/comment/9103a1b6_150fbef2 PS2, Line 10: vulnerability.

...

Do you have more information about that? The other commit implementing this for Intel 945(?) says, that Sandy Bridge is not affected.

I don't have more information than that commit.

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 7 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@mailbox.org Gerrit-Attention: Paul Menzel paulepanter@mailbox.org Gerrit-Comment-Date: Wed, 26 Oct 2022 07:46:42 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Paul Menzel paulepanter@mailbox.org Gerrit-MessageType: comment

Arthur Heymans (Code Review)

9:46 a.m.

New subject: [S] Change in coreboot[master]: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Arthur Heymans has submitted this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Signed-off-by: Arthur Heymans arthur@aheymans.xyz Reviewed-on: https://review.coreboot.org/c/coreboot/+/37321 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Angel Pons th3fanbus@gmail.com --- M src/cpu/x86/Kconfig 1 file changed, 21 insertions(+), 3 deletions(-)

Approvals: build bot (Jenkins): Verified Angel Pons: Looks good to me, approved

diff --git a/src/cpu/x86/Kconfig b/src/cpu/x86/Kconfig index bd3be78..ec7482c 100644 --- a/src/cpu/x86/Kconfig +++ b/src/cpu/x86/Kconfig @@ -181,9 +181,9 @@

config SMM_LAPIC_REMAP_MITIGATION bool - default y if NORTHBRIDGE_INTEL_I945 - default y if NORTHBRIDGE_INTEL_GM45 - default y if NORTHBRIDGE_INTEL_IRONLAKE + default y if NORTHBRIDGE_INTEL_I945 || NORTHBRIDGE_INTEL_GM45 \ + || NORTHBRIDGE_INTEL_X4X || NORTHBRIDGE_INTEL_PINEVIEW \ + || NORTHBRIDGE_INTEL_E7505 || NORTHBRIDGE_INTEL_IRONLAKE default n

config X86_AMD_FIXED_MTRRS

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 8 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@mailbox.org Gerrit-MessageType: merged

9elements QA (Code Review)

5:28 p.m.

New subject: [S] Change in coreboot[master]: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

9elements QA has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37321 )

Change subject: cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB ......................................................................

Patch Set 8:

Automatic boot test returned (PASS/FAIL/TOTAL): 13 / 2 / 15

FAIL: x86_32 "Hermes CFL" , build config PRODRIVE_HERMES_ and payload TianoCore_UefiPayloadPkg : https://lava.9esec.io/r/130960 FAIL: x86_32 "Hermes CFL" , build config PRODRIVE_HERMES and payload TianoCore_UefiPayloadPkg : https://lava.9esec.io/r/130959 PASS: x86_32 "ThinkPad T500" , build config LENOVO_T500 and payload SeaBIOS : https://lava.9esec.io/r/130958 PASS: x86_32 "HP Z220 SFF Workstation" , build config HP_Z220_SFF_WORKSTATION and payload LinuxBoot_BB_kexec : https://lava.9esec.io/r/130957 PASS: x86_64 "HP Compaq 8200 Elite SFF PC" , build config HP_COMPAQ_8200_ELITE_SFF_PC.X86_64 and payload TianoCore : https://lava.9esec.io/r/130956 PASS: x86_64 "HP Compaq 8200 Elite SFF PC" , build config HP_COMPAQ_8200_ELITE_SFF_PC.X86_64 and payload SeaBIOS : https://lava.9esec.io/r/130955 PASS: x86_32 "HP Compaq 8200 Elite SFF PC" , build config HP_COMPAQ_8200_ELITE_SFF_PC and payload TianoCore : https://lava.9esec.io/r/130954 PASS: x86_32 "HP Compaq 8200 Elite SFF PC" , build config HP_COMPAQ_8200_ELITE_SFF_PC and payload SeaBIOS : https://lava.9esec.io/r/130953 PASS: x86_32 "QEMU x86 q35/ich9" , build config EMULATION_QEMU_X86_Q35_SMM_TSEG and payload TianoCore : https://lava.9esec.io/r/130952 PASS: x86_32 "QEMU x86 q35/ich9" , build config EMULATION_QEMU_X86_Q35_SMM_TSEG and payload SeaBIOS : https://lava.9esec.io/r/130951 PASS: x86_32 "QEMU x86 q35/ich9" , build config EMULATION_QEMU_X86_Q35 and payload TianoCore : https://lava.9esec.io/r/130950 PASS: x86_32 "QEMU x86 q35/ich9" , build config EMULATION_QEMU_X86_Q35 and payload SeaBIOS : https://lava.9esec.io/r/130949 PASS: x86_64 "QEMU x86 i440fx/piix4" , build config EMULATION_QEMU_X86_I440FX_X86_64 and payload SeaBIOS : https://lava.9esec.io/r/130948 PASS: x86_32 "QEMU x86 i440fx/piix4" , build config EMULATION_QEMU_X86_I440FX_ASAN and payload SeaBIOS : https://lava.9esec.io/r/130947 PASS: x86_32 "QEMU x86 i440fx/piix4" , build config EMULATION_QEMU_X86_I440FX_ and payload SeaBIOS : https://lava.9esec.io/r/130946

Please note: This test is under development and might not be accurate at all!

-- To view, visit https://review.coreboot.org/c/coreboot/+/37321 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de Gerrit-Change-Number: 37321 Gerrit-PatchSet: 8 Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: 9elements QA hardwaretestrobot@gmail.com Gerrit-CC: Paul Menzel paulepanter@mailbox.org Gerrit-Comment-Date: Wed, 26 Oct 2022 15:28:22 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment

759

days inactive

1822

days old

coreboot-gerrit@coreboot.org

12 comments

5 participants

tags (0)

participants (5)

9elements QA (Code Review)
Angel Pons (Code Review)
Arthur Heymans (Code Review)
HAOUAS Elyes (Code Review)
Paul Menzel (Code Review)