IMHO, a warning will probably be enough here. There is always just one SMI entrypoint, which branches out to the different SMI handler functions depending on the various smi source flag bits. There will always be at least some kind of SMI handler present, since 1. SMI is used for all kinds of stuff during bios (protection, usb legacy, ACPI interface, etc.) and 2. not installing it leaves the system wide open to all kinds of malicious attacks, which is something no bios vendor will risk. So I think it is safe to assume there will be at least some kind of code for SMI handling, which should be able to gracefully exit SMM again even on unknown SMI sources.
Best regards, Ingo
Es gelten unsere Allgemeinen Leistungsbedingungen die unter http://www.msc-ge.com/alb abrufbar sind.
Our standard terms and conditions apply which are available under http://www.msc-ge.com/alb .
MSC Vertriebs GmbH
Sitz der Gesellschaft: Industriestrasse 16, 76297 Stutensee Handelsregister: Mannheim, HRB Nr. 10 3631 Geschäftsführung: Manfred Schwarztrauber, Lothar Kümmerlin, Rüdiger Kuhn, Silvano Geissler Umsatzsteuer ID Nr.: DE 143 585 507 WEEE Reg. Nr. : DE 31011852
Gleichmann & Co. Electronics GmbH
Sitz der Gesellschaft: Schraderstrasse 44, 67227 Frankenthal Handelsregister: Ludwigshafen, HRB Nr. 21305 Geschäftsführung: Manfred Schwarztrauber, Thomas Klein Umsatzsteuer ID Nr. : DE 148 421 329 WEEE Reg. Nr.: DE 72277043
Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
The information contained in this message is confidential and/ or protected by law. If you are not the intended recipient, please contact the sender and delete this message.
-----Ursprüngliche Nachricht----- Von: Stefan Tauner [mailto:stefan.tauner@student.tuwien.ac.at] Gesendet: Freitag, 9. September 2011 20:32 An: Feldschmid, Ingo Cc: flashrom@flashrom.org Betreff: Re: [flashrom] [PATCH] revamp the warning of failing to set BIOS write enable in enable_flash_ich
On Fri, 9 Sep 2011 15:47:34 +0200 "Feldschmid, Ingo" ifel@msc-ge.com wrote:
Uhm, the idea of this mechanism is to prevent flashing of the bios chip. Whenever the bios write enable bit is changed, an SMI is generated, and the SMI code from the bios is executed. Within this code, the original bios vendor can do anything, including preventing the changing of said bit. Normally, this can be used to make sure that the bios chip can only be written through a "bios-vendor-approved" update mechanism.
yes. the question is what should we do? the interrupt service routine could be a NOP too... or it could be undefined and reset the PC (we had something similar on an intel reference board when testing my hardware sequencing patches). of course it is not likely that a vendor will do something like that, but probably check for some internal "enabled"-flag and change back the write enable bit if that flag is not set...
so... is just warning the user enough? if something bad happens in the SMI it would have happened already when the message is printed... should we require --force to try to set the write enable, if the SMM protection is enabled (and warn and explain without --force ofc.)?
Looking at the Dell website, it seems that the optiplex includes a feature called "computrace". This is an advance thief protection which includes, among other things, a bios module which helps preventing the removal of the thief protection from the board. This might be the reason that Dell tries to prevent flashing the bios through the means described above.
To update this computer's bios through flashrom, the user might first have to contact Dell to disable the Computrace/Lojack mechanism on the board. After that, bios updates through non-dell programs might be possible.
jup that's possible. thank you very much for the mail.