[coreboot] question on SMM
Patrick Georgi
pgeorgi at google.com
Fri Jun 30 20:18:37 CEST 2017
2017-06-30 19:46 GMT+02:00 ron minnich <rminnich at gmail.com>:
> The only question that has been raised: are we losing an essential
> security guarantee since flash is writeable in this kernel-based "SMM"? The
> big question is whether we're opening up the possibility of firmware
> getting changed, once the kernel is our "smm mode". Is there a reasonable
> mitigation we could use in the SMM handler before we trampoline back up to
> the kernel?
>
To expand on Trammell's comment, FILO has code to work around a similar
issue on some older AMD chipsets: There, you can lock down the chipset's
flash write capability, only to see it circumvented by manual SPI commands
to write to flash. The solution is to tell the SPI flash itself to go
read-only:
https://review.coreboot.org/cgit/filo.git/tree/drivers/sb600.c#n1204
If you're certain that you don't need any more flash writes (for a _long_
time - I believe that one even survived cold resets), that could be another
defensive layer.
Patrick
--
Google Germany GmbH, ABC-Str. 19, 20354 Hamburg
Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft:
Hamburg
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20170630/72e24a90/attachment.html>
More information about the coreboot
mailing list