On Fri, Apr 18, 2008 at 12:07:00PM -0400, Jonathan M. McCune wrote:
What happens if the BIOS doesn't relinquish control of the EHCI?
A well-behaved OS will wait. An ill-behaved OS will try to exploit.
Does hardware somehow prevent the OS from accessing the USB controller?
Hardware can never know which software (firmware or OS) is accessing the controller.
What happens if the OS tries to use the USB controller without using these semaphores at all? It seems to me that the OS can at least cause a Denial-of-Service by sending commands to the USB controller, but I suspect it can also eavesdrop on keyboard events. Can anybody confirm or deny this attack?
A malicious OS could poll the controller frequently in order to eavesdrop on firmware<->hw communication, but the eavesdropping is a race condition, since firmware and OS probably will not execute in parallell.
A malicious OS could certainly feed constant junk to a controller in order to disrupt any firmware use.
The semaphore is only a convenience primitive for use by cooperating firmware and OS.
If this is outside the scope of coreboot, I'm sorry for bothering the list.
Mh, well maybe just a little. :)
//Peter