Attention is currently required from: Arthur Heymans, Martin L Roth, Michał Żygowski, Patrick Rudolph, Sean Rhodes.

Benjamin Doron has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/70378?usp=email )

Change subject: drivers/smm_payload_interface: Add initial support for SMM payload ......................................................................

Patch Set 14:

(1 comment)

Patchset:

PS14:

We've talked about chain-loading payloads, and this seems like a perfect place to do that. […]

I'm assuming Ron didn't need to support S3 resume? The payload is not on the resume path, so here, coreboot performs SMBASE relocation to maintain SMM's integrity. Skipping this would result in SMM being unusable after S3 resume. It would even be possible for malicious ring-0-level code to take over SMM.

On this making coreboot "UEFI compliant": Yes, EDK2 is currently the only payload where we could intend to use this. But if one wants the payload to own SMM, there are a limited number of approaches to use. We must read CPU SMBASEs from the payload to use on S3 resume during relocation. Then, either the payload contains the small set of register definitions needed, which isn't great for maintainability and adding new SoC support, or we just use the fact that at compile-time, the preprocessor can include the right header for us, because selecting a board determines the SoC.

Either way, we've been looking into sharing SMM between coreboot and some payload SMI handlers, but progress is slow. EDK2's standalone MM is really buggy and I've been busy.