On 04/11/2017 11:31 AM, Patrick Georgi via coreboot wrote:
Hi,
I just pushed https://review.coreboot.org/19242, which adds a document discussing mitigations for the ReBAR SMM attack Intel Security presented in January. I think we had a couple of people bringing it up on IRC and on the list, but these were relatively unstructured and nothing happened from there.
I'd just use this opportunity to try out Gerrit as design discussion tool, so if you're interested in that topic, feel free to comment.
Thanks, Patrick
I was under the impression that coreboots native init boards disabled SMM post-init and that this issue only applies to intel's FSP blobbed stuff, am I incorrect?
2017-04-12 4:17 GMT+02:00 Taiidan@gmx.com Taiidan@gmx.com:
I was under the impression that coreboots native init boards disabled SMM post-init and that this issue only applies to intel's FSP blobbed stuff, am I incorrect?
SMM is used on many boards, FSP or not, for tasks such as preparing for shutdown (eg on i945 it needs to disable busmaster on all devices for shutdown to work) or to handle certain EC tasks (eg. brightness settings, potentially only if ACPI isn't enabled).
Patrick
On Tue, Apr 11, 2017 at 7:18 PM Taiidan@gmx.com Taiidan@gmx.com wrote:
I was under the impression that coreboots native init boards disabled SMM post-init and that this issue only applies to intel's FSP blobbed stuff, am I incorrect?
we held the line on smm until about 2006, but the i945 pushed us over the edge. I personally don't like it but what can you do?
-
Patrick Georgi -
ron minnich -
Taiidan@gmx.com