[coreboot] L1TF
Rudolf Marek
r.marek at assembler.cz
Thu Aug 16 08:48:53 CEST 2018
Hi,
On 15.8.2018 15:58, Shawn wrote:
> According to the vulnerability analysis, the SMM is affected by L1TF. Since
> SMM code base in coreboot is much smaller than OEM's firmware, IMOHO L1TF is
> not practical on coreboot. Any idea about is coreboot vulnerable to L1TF?
You need an updated microcode, so the RSM will flush L1 cache (if L1D flush is
advertised)
else perhaps you will need as a workaround read at least 64KB of memory (L1 is
32KB but
replacement policy is "not exactly LRU") also, you need to make sure that that
all SMM cores will enter SMM same time. I don't remember how coreboot does that
on Intel chips. Perhaps it is so.
Remember that with L1TF you can only read any secrets which could be stored in
L1. If coreboot has no secrets
there, you don't need to do anything. Modification of data is not possible with
this attack.
Thanks
Rudolf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180816/f3f4b27c/attachment.html>
More information about the coreboot
mailing list