[coreboot] RISC-V HiFive Unleashed board added to coreboot - has PCI-e slots via exp board

[Nico Huber]

On 25.06.2018 09:55, Shawn wrote:> Hi Ron,
> On Sun, Jun 24, 2018 at 12:55 AM, ron minnich <rminnich at gmail.com> wrote:
>> On Wed, Jun 20, 2018 at 11:03 PM Taiidan at gmx.com <Taiidan at gmx.com> wrote:
>>> Whats the deal with SMM? What a shame they thought to add it.
>>
>> It's a huge disappointment. I made some effort a few years ago to try to
>> convince folks this was a bad idea and failed.
>>
>>  I'm no longer as optimistic as I was about RISC-V. There seems to be a real
>> push to be "just like x86".
>
> IIRC, Machine mode in RISC-V is just looking similar to SMM in x86.
> But it can do more than what SMM does. It helps to enclave-based
> solution. I'm looking forward to see the open solution, e.g: Sanctum,
> Keystone, etc to land into production environment.

IMO, putting enclaves on the same silicon as the code you want to
protect them from is a failed concept. And more, it's bullshit, it
means two separate entities have to own the same physical chip. And
SGX proves that it doesn't work (they can't protect the OS from being
spied upon from the enclave (see Spectre), how can they ever hope to
protect the enclave from the much more powerful OS?).

IMHO, not RISC-V but the whole industry is at least 20 years away from
getting that going (software separation in one piece of silicon, with-
out help from the software).

So, no, no marketing false-security tech* that doesn't provide what it
promises can justify to pollute an architecture like RISC-V.

Nico

* I know there is a lot of honest research around enclaves, but they
  all seem to ignore the reality of today's processors.