[coreboot] RISC-V HiFive Unleashed board added to coreboot - has PCI-e slots via exp board
ron minnich
rminnich at gmail.com
Mon Jun 25 17:39:12 CEST 2018
On Mon, Jun 25, 2018 at 12:55 AM Shawn <citypw at gmail.com> wrote:
> Hi Ron,
>
>
> IIRC, Machine mode in RISC-V is just looking similar to SMM in x86.
> But it can do more than what SMM does.
>
that's in my view not good, since in many cases, M mode code is part of
firmware, not the kernel image. Kernels don't get to change or ignore it. M
mode can protect itself from the kernel, even from being read. So it can
hide its presence, what it does, and might even be able to change itself.
I had a talk with a BIG ARM SOC vendor not long ago. They said that at one
point a big x86 company proposed that their company implement SMM for ARM.
"so they asked us to implement this SMM-like thing that had unlimited
privilege. We said no, no no, there's no reason to repeat x86 mistakes on
ARM". Good call on that company's part.
I argued several years ago that M mode code should be supplied by the
kernel, not firmware, for the obvious reasons: M mode is a great place to
put a persistent threat. The various x86 experiences were well known by
that time, so the problem should have been pretty clear.
That's another point I somehow failed to communicate well, since I was
ignored. Hence, RISC-V now comes with Persistent Threat Support (TM) for
free :-(
ron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180625/49bccda7/attachment.html>
More information about the coreboot
mailing list