On 15.8.2018 15:58, Shawn wrote:
According to the vulnerability analysis, the SMM is
affected by L1TF. Since
SMM code base in coreboot is much smaller than OEM's firmware, IMOHO L1TF is
not practical on coreboot. Any idea about is coreboot vulnerable to L1TF?
an updated microcode, so the RSM will flush L1 cache (if L1D flush is
else perhaps you will need as a workaround read at least 64KB of memory (L1 is
replacement policy is "not exactly LRU") also, you need to make sure that that
all SMM cores will enter SMM same time. I don't remember how coreboot does that
on Intel chips. Perhaps it is so.
Remember that with L1TF you can only read any secrets which could be stored in
L1. If coreboot has no secrets
there, you don't need to do anything. Modification of data is not possible with