[M] Change in coreboot[main]: cpu/x86: Support SMBASE relocation-only use-case - coreboot-gerrit

30 Oct 2023


      Attention is currently required from: Angel Pons, Benjamin Doron, Dinesh Gehlot, Eran Mitrani, Fred Reitberger, Jason Glenesk, Kapil Porwal, Martin L Roth, Matt DeVillier, Matt DeVillier, Maulik Vaghela, Raul Rangel, Subrata Banik, Tarun, Tarun Tuli, ron minnich.
Felix Held has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/70376?usp=email )
Change subject: cpu/x86: Support SMBASE relocation-only use-case
......................................................................
Patch Set 7:
(1 comment)
Patchset:
PS7:
...
It's a fair concern, but if we want to use payload SMI handlers, the payload must put code in SMM. […]
ah, ok, that special hob being within smram/tseg and not just being a regular hob makes me a bit less concerned about the security aspects of that part.
i still don't see why a payload should install the smi handler which should only contain the small amount of smm code needed to make the hardware work; putting more code than necessary into the smi handler increases the chance of possible attack surfaces. another thing i'm concerned about there is the possibility to use that to put proprietary code into smm which i consider a rather bad idea in terms of security and reviewability of the code that stays active after the handoff from the firmware to the os. might be worth discussing this at a leadership meeting; not sure though if i'll manage to attend the one in two days
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/70376?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: Iec96bab19cdcf80622756f02a3dae49b42036c8d
Gerrit-Change-Number: 70376
Gerrit-PatchSet: 7
Gerrit-Owner: Benjamin Doron benjamin.doron00@gmail.com
Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Dinesh Gehlot digehlot@google.com
Gerrit-Reviewer: Eran Mitrani mitrani@google.com
Gerrit-Reviewer: Felix Held felix-coreboot@felixheld.de
Gerrit-Reviewer: Fred Reitberger reitbergerfred@gmail.com
Gerrit-Reviewer: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Reviewer: Kapil Porwal kapilporwal@google.com
Gerrit-Reviewer: Lean Sheng Tan sheng.tan@9elements.com
Gerrit-Reviewer: Matt DeVillier matt.devillier@amd.corp-partner.google.com
Gerrit-Reviewer: Maulik Vaghela maulikvaghela@google.com
Gerrit-Reviewer: Raul Rangel rrangel@chromium.org
Gerrit-Reviewer: Subrata Banik subratabanik@google.com
Gerrit-Reviewer: Tarun tstuli@gmail.com
Gerrit-Reviewer: Tarun Tuli taruntuli@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Martin L Roth gaumless@gmail.com
Gerrit-CC: Matt DeVillier matt.devillier@gmail.com
Gerrit-CC: Stefan Reinauer stefan.reinauer@coreboot.org
Gerrit-CC: ron minnich rminnich@gmail.com
Gerrit-Attention: Raul Rangel rrangel@chromium.org
Gerrit-Attention: Eran Mitrani mitrani@google.com
Gerrit-Attention: Matt DeVillier matt.devillier@amd.corp-partner.google.com
Gerrit-Attention: Maulik Vaghela maulikvaghela@google.com
Gerrit-Attention: Benjamin Doron benjamin.doron00@gmail.com
Gerrit-Attention: Matt DeVillier matt.devillier@gmail.com
Gerrit-Attention: Dinesh Gehlot digehlot@google.com
Gerrit-Attention: Angel Pons th3fanbus@gmail.com
Gerrit-Attention: Tarun tstuli@gmail.com
Gerrit-Attention: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Attention: Tarun Tuli taruntuli@google.com
Gerrit-Attention: Martin L Roth gaumless@gmail.com
Gerrit-Attention: Subrata Banik subratabanik@google.com
Gerrit-Attention: Kapil Porwal kapilporwal@google.com
Gerrit-Attention: Fred Reitberger reitbergerfred@gmail.com
Gerrit-Attention: ron minnich rminnich@gmail.com
Gerrit-Comment-Date: Mon, 30 Oct 2023 22:35:14 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Benjamin Doron benjamin.doron00@gmail.com
Comment-In-Reply-To: Felix Held felix-coreboot@felixheld.de
Gerrit-MessageType: comment