On 06/20/2018 04:08 AM, Thomasheidler via coreboot wrote:

Hello,

I noticed that all Lenovo Thinkpads supported by coreboot have a SD card controller that is connected as a PCI device. I assume that the controller runs non-free firmware from its own ROM and because it is a PCI device it should have DMA, which seems like a security risk, right?

If so, is there a way to prevent the SD card controller from turning on when the computer is booted, by changing some code in the source (maybe in devicetree.cb) or at least to stop the controller from having DMA?

If you are using linux IOMMU will protect you after it is initialized (a few seconds after main kernel init) even if you don't add the device to a VM but before then you are SOL in terms of protection from a really slick hardware rootkit like one found in a cheap PCI-e card...but I have no idea if that thinkpad SD card PCI-e device has its own firmware.

I asked a question like this quite a long time ago and there was a discussion on how to prevent this issue by not providing DMA access in the coreboot phase which is much more simple vs having coreboot init the IOMMU itself pre-linux.

Look at my thread: [coreboot] DMA protection? [AMD-Vi]

AFAIK nothing has changed since then in terms of security improvements but I would appreciate it if one of the coreboot expert squad can respond to this. Timothy Pearson from Raptor engineering was also willing to add DMA protection to coreboot under contract.

I also suggest: Disabling Option ROM execution or executing them with YABEL. Looking in to the a libre EC replacement such as origami-ec and replacing your EC firmware with a "clean" fresh one from a lenovo update directly without using their update tool (which does a variety of things to it such as adding your serial number) which can be done on various models internally so you don't have to connect an external cable.