[coreboot] question on SMM
skochinsky at mail.ru
Fri Jun 30 10:01:44 CEST 2017
Friday, June 30, 2017, 6:25:06 AM, you wrote:
rm> there's something I am certain I don't understand about SMM on intel chipsets.
rm> The question is pretty simple. Consider a system with a recent
rm> intel chipset and flash. Is there some special secret sauce that
rm> disables writing to flash unless in SMM and if so, what is it?
Originally there were two bits in BIOS_CNTL used to effectively enable this:
> When BIOS_CNTL.BLE is set to 1, attempts to write enable the BIOS by
> setting BIOS_CNTL.BIOSWE to 1 will immediately generate a System
> Management Interrupt (SMI). It is the job of this SMI to determine
> whether or not it is permissible to write enable to the BIOS, and if
> not, immediately set BIOS_CNTL.BIOSWE back to 0; the end result being
> that the BIOS is not writable.
As described in the link, this logic is vulnerable to race conditions,
so Intel added yet another bit:
> This issue is mitigated by setting the SMM_BWP bit in the BIOS
> Control Register along with setting BIOS Lock Enable (BLE) and
> clearing BIOS Write Enable (BIOSWE). The SMM_BWP bit requires the
> processor to be in SMM in order to honor writes to the BIOS region
> of SPI flash, thereby mitigating the issue.
So in theory all recent BIOSes should set SMM_BWP. Whether they
actually do it can be checked with Chipsec.
For more background see  and 
Igor mailto:roxfan at skynet.be
More information about the coreboot