Attention is currently required from: Sean Rhodes, Jonathan Zhang, Johnny Lin, Christian Walter, Angel Pons, Arthur Heymans, Tim Chu.
Benjamin Doron has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74828 )
Change subject: security/lockdown: Allow enabling BOOTMEDIA_SMM_BWP from option
......................................................................
Patch Set 2: Code-Review-1
(1 comment)
Patchset:
PS2:
I like the idea, but this can only be as secure as the option backend. Suppose ring-0 is not a boundary/an attacker has root access. Then, for the CMOS and SMMSTORE option backends, the privilege escalation path is using root's IO privileges to write to RTC or determine the variable's offset in SMMSTORE and trigger an SMI to write it.
For native UEFI variables, it depends on both whether variables have runtime-access and are locked.
Thoughts on adding a Kconfig option? Something like:
`if ((CONFIG(SPI_FLASH_SMM_OPTION) && get_uint_option("bootmedia_smm_bwp", CONFIG(BOOTMEDIA_SMM_BWP)) || CONFIG(BOOTMEDIA_SMM_BWP)) { ... }`
--
To view, visit
https://review.coreboot.org/c/coreboot/+/74828
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iba01a6a42a7f3f521e3f116e61342f77622588ff
Gerrit-Change-Number: 74828
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Rhodes
sean@starlabs.systems
Gerrit-Reviewer: Angel Pons
th3fanbus@gmail.com
Gerrit-Reviewer: Arthur Heymans
arthur@aheymans.xyz
Gerrit-Reviewer: Benjamin Doron
benjamin.doron00@gmail.com
Gerrit-Reviewer: Christian Walter
christian.walter@9elements.com
Gerrit-Reviewer: Johnny Lin
Johnny_Lin@wiwynn.com
Gerrit-Reviewer: Jonathan Zhang
jon.zhixiong.zhang@gmail.com
Gerrit-Reviewer: Lean Sheng Tan
sheng.tan@9elements.com
Gerrit-Reviewer: Tim Chu
Tim.Chu@quantatw.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-Attention: Sean Rhodes
sean@starlabs.systems
Gerrit-Attention: Jonathan Zhang
jon.zhixiong.zhang@gmail.com
Gerrit-Attention: Johnny Lin
Johnny_Lin@wiwynn.com
Gerrit-Attention: Christian Walter
christian.walter@9elements.com
Gerrit-Attention: Angel Pons
th3fanbus@gmail.com
Gerrit-Attention: Arthur Heymans
arthur@aheymans.xyz
Gerrit-Attention: Tim Chu
Tim.Chu@quantatw.com
Gerrit-Comment-Date: Wed, 10 May 2023 17:03:39 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment