[coreboot] L1TF

Rudolf Marek r.marek at assembler.cz
Thu Aug 16 08:48:53 CEST 2018

On 15.8.2018 15:58, Shawn wrote:
> According to the vulnerability analysis, the SMM is affected by L1TF. Since 
> SMM code base in coreboot is much smaller than OEM's firmware, IMOHO L1TF is 
> not practical on coreboot. Any idea about is coreboot vulnerable to L1TF?
You need an updated microcode, so the RSM will flush L1 cache (if L1D flush is 
else perhaps you will need as a workaround read at least 64KB of memory (L1 is 
32KB but
replacement policy is "not exactly LRU") also, you need to make sure that that 
all SMM cores will enter SMM same time. I don't remember how coreboot does that 
on Intel chips. Perhaps it is so.

Remember that with L1TF you can only read any secrets which could be stored in 
L1. If coreboot has no secrets
there, you don't need to do anything. Modification of data is not possible with 
this attack.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180816/f3f4b27c/attachment.html>

More information about the coreboot mailing list