[coreboot] [PATCH] Make RAM check configurable via Kconfig

Uwe Hermann uwe at hermann-uwe.de
Mon Mar 17 14:54:47 CET 2008 

On Mon, Mar 17, 2008 at 03:09:19AM -0400, Corey Osgood wrote:
> IMO, ram_check should be a lot more advanced and configurable then it
> already is. I'd like to see it work something like this:
> 
> * configured via Kconfig.

ACK.


> Builder has the option of running it all the time,
> only if coreboot enters fallback, or if the memory size changes
> * size of the ram is stored in cmos, for above. obviously there would need
> to be some northbridge-specific function created to return the size of the
> ram

Not sure about normal/fallback, but I think it would be nice to have at
least two/three options:

 - Check low RAM (640 KB)
 - Check all of RAM
 - (Check first x MB of RAM)

We shouldn't make this _too_ configurable though, it gets messy very
soon.


> * ram_check has two options, basic or advanced. basic would be the current
> code, advanced would incorporate more tests, similar to memtest86's tests.
> user gets the option of which test is run. possibly basic runs when the
> memory size changes, advanced only runs in fallback.

I agree with Peter here, this should not be in coreboot. We don't
want to duplicate memtest, developers/users should just use memtest if
they need more advanced RAM checks.

I do _not_ agree that the ram_check() is useless or should be always
disabled, though. Having it as an EXPERT Kconfig option is fine IMO.

Also, this might be very very useful for other things than just
_checking_ RAM. Remember the security problem of RAM not losing its
contents right after power is removed?

  http://hermann-uwe.de/blog/lest-we-remember--cold-boot-attacks-on-encryption-keys
  http://citp.princeton.edu/memory/

Our ram_check() is pretty much all that is required for us to "fix" at
least one part of that security nightmare -- an attacker rebooting a
system running coreboot with ram_check() enabled will not be able to
grab any useful memory contents.

That's is a _feature_ of coreboot in this case, not just a developer
aid. We should not entirely drop ram_check(), rather we should advertise
it as coreboot security feature and have a Kconfig option for users
to enable/disable it.


Uwe.
-- 
http://www.hermann-uwe.de  | http://www.holsham-traders.de
http://www.crazy-hacks.org | http://www.unmaintained-free-software.org

More information about the coreboot mailing list