Hi, On 15.8.2018 15:58, Shawn wrote:
According to the vulnerability analysis, the SMM is affected by L1TF. Since SMM code base in coreboot is much smaller than OEM's firmware, IMOHO L1TF is not practical on coreboot. Any idea about is coreboot vulnerable to L1TF?
You need an updated microcode, so the RSM will flush L1 cache (if L1D flush is advertised) else perhaps you will need as a workaround read at least 64KB of memory (L1 is 32KB but replacement policy is "not exactly LRU") also, you need to make sure that that all SMM cores will enter SMM same time. I don't remember how coreboot does that on Intel chips. Perhaps it is so.
Remember that with L1TF you can only read any secrets which could be stored in L1. If coreboot has no secrets there, you don't need to do anything. Modification of data is not possible with this attack.
Thanks Rudolf