-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/12/2015 10:44 AM, Patrick Georgi wrote:
2015-08-12 16:28 GMT+02:00 Francis Rowe <info@gluglug.org.uk mailto:info@gluglug.org.uk>:
My basic question is: are coreboot systems affected by this vulnerability, and if so, what work is being done to patch it?I reviewed our SMM handler, drafted out how to mitigate any potential issue and started work on a PoC. Then got distracted by something else.
My test system is the getac/p470 (i945, core2duo CPU)
Specifically, in my case, I am interested in the following coreboot systems: * i945 platforms (Lenovo X60/T60, Macbook2,1) * GM45 platforms (Lenovo X200/T400/T500/R400/R500) * fam10h AMD platforms (ASUS KFSN4-DRE, ASUS KGPE-D16)Totally different architecture, I'm not sure if the APIC decoding behavior even translates to that.
I will be checking this out sometime soon. I'm not expecting to find anything given that SMM is (mostly*) deactivated on all of the non-AGESA platforms I have looked at.
* SMM is given a base address, memory window, and then locked. If I understand the exploit correctly it requires SMM to both be triggerable and for SMM to attempt to execute code after being triggered.
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 http://www.raptorengineeringinc.com