[coreboot] question on SMM
Nico Huber
nico.h at gmx.de
Fri Jun 30 09:51:42 CEST 2017
Hi Ron,
On 30.06.2017 06:25, ron minnich wrote:
> there's something I am certain I don't understand about SMM on intel
> chipsets.
>
> The question is pretty simple. Consider a system with a recent intel
> chipset and flash. Is there some special secret sauce that disables writing
> to flash unless in SMM and if so, what is it?
it's a bit in the SPI configuration that Intel encourages everybody to
set (to give SMM a bigger attack surface and make the platform overall
less secure, I suppose?).
>
> Thanks to anyone who can point me to chapter and verse of a data sheet.
Search for BIOS_CNTL / SMM_BWP in your PCH datasheet or (BIOS_SPI_BC /
EISS from Skylake/100 series on).
Nico
More information about the coreboot
mailing list