[M] Change in coreboot[main]: cpu/x86: Support SMBASE relocation-only use-case - coreboot-gerrit

31 Oct 2023


      Attention is currently required from: Angel Pons, Dinesh Gehlot, Eran Mitrani, Felix Held, Fred Reitberger, Jason Glenesk, Kapil Porwal, Martin L Roth, Matt DeVillier, Matt DeVillier, Maulik Vaghela, Raul Rangel, Subrata Banik, Tarun, Tarun Tuli, ron minnich.
Benjamin Doron has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/70376?usp=email )
Change subject: cpu/x86: Support SMBASE relocation-only use-case
......................................................................
Patch Set 7:
(1 comment)
Patchset:
PS7:
...
ah, ok, that special hob being within smram/tseg and not just being a regular hob makes me a bit les […]
In this instance, we want to enable secure boot properly, which depends on the integrity of its variables. So, verifying and performing a SPI write should be performed together (which is why we can't use SMMSTORE).
I guess it'd be possible for someone to include proprietary code in SMM, but as I see it, I'm only concerned with the open-source implementation of UefiPayload (as far as I'm aware at this time, we don't have any SMM we're keeping closed at 9elements), and if the user and/or platform builder want to add binaries they can't verify, that's their responsibility.
Ah. Unfortunately I have university classes at 1pm EST. I might be able to make it one of these weeks anyway though.
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/70376?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: Iec96bab19cdcf80622756f02a3dae49b42036c8d
Gerrit-Change-Number: 70376
Gerrit-PatchSet: 7
Gerrit-Owner: Benjamin Doron benjamin.doron00@gmail.com
Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Dinesh Gehlot digehlot@google.com
Gerrit-Reviewer: Eran Mitrani mitrani@google.com
Gerrit-Reviewer: Felix Held felix-coreboot@felixheld.de
Gerrit-Reviewer: Fred Reitberger reitbergerfred@gmail.com
Gerrit-Reviewer: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Reviewer: Kapil Porwal kapilporwal@google.com
Gerrit-Reviewer: Lean Sheng Tan sheng.tan@9elements.com
Gerrit-Reviewer: Matt DeVillier matt.devillier@amd.corp-partner.google.com
Gerrit-Reviewer: Maulik Vaghela maulikvaghela@google.com
Gerrit-Reviewer: Raul Rangel rrangel@chromium.org
Gerrit-Reviewer: Subrata Banik subratabanik@google.com
Gerrit-Reviewer: Tarun tstuli@gmail.com
Gerrit-Reviewer: Tarun Tuli taruntuli@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Martin L Roth gaumless@gmail.com
Gerrit-CC: Matt DeVillier matt.devillier@gmail.com
Gerrit-CC: Stefan Reinauer stefan.reinauer@coreboot.org
Gerrit-CC: ron minnich rminnich@gmail.com
Gerrit-Attention: Raul Rangel rrangel@chromium.org
Gerrit-Attention: Eran Mitrani mitrani@google.com
Gerrit-Attention: Matt DeVillier matt.devillier@amd.corp-partner.google.com
Gerrit-Attention: Maulik Vaghela maulikvaghela@google.com
Gerrit-Attention: Matt DeVillier matt.devillier@gmail.com
Gerrit-Attention: Dinesh Gehlot digehlot@google.com
Gerrit-Attention: Angel Pons th3fanbus@gmail.com
Gerrit-Attention: Tarun tstuli@gmail.com
Gerrit-Attention: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Attention: Tarun Tuli taruntuli@google.com
Gerrit-Attention: Martin L Roth gaumless@gmail.com
Gerrit-Attention: Subrata Banik subratabanik@google.com
Gerrit-Attention: Kapil Porwal kapilporwal@google.com
Gerrit-Attention: Fred Reitberger reitbergerfred@gmail.com
Gerrit-Attention: ron minnich rminnich@gmail.com
Gerrit-Attention: Felix Held felix-coreboot@felixheld.de
Gerrit-Comment-Date: Tue, 31 Oct 2023 02:08:22 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Benjamin Doron benjamin.doron00@gmail.com
Comment-In-Reply-To: Felix Held felix-coreboot@felixheld.de
Gerrit-MessageType: comment