Re: [coreboot] Design discussions on gerrit

2017-04-12 Thread Zoran Stojsavljevic
Interesting discussion... Thank you Patrick for making me aware of some "things". ;-) Here is what read from my search about this topic from/on the net: Processor switches to System Management Mode (SMM) from protected or real-address mode upon receiving System Management Interrupt (SMI) from

Re: [coreboot] Design discussions on gerrit

2017-04-11 Thread ron minnich
On Tue, Apr 11, 2017 at 7:18 PM taii...@gmx.com wrote: > > I was under the impression that coreboots native init boards disabled > SMM post-init and that this issue only applies to intel's FSP blobbed > stuff, am I incorrect? > > we held the line on smm until about 2006, but the

Re: [coreboot] Design discussions on gerrit

2017-04-11 Thread Patrick Georgi via coreboot
2017-04-12 4:17 GMT+02:00 taii...@gmx.com : > I was under the impression that coreboots native init boards disabled SMM > post-init and that this issue only applies to intel's FSP blobbed stuff, am > I incorrect? SMM is used on many boards, FSP or not, for tasks such as preparing

Re: [coreboot] Design discussions on gerrit

2017-04-11 Thread taii...@gmx.com
On 04/11/2017 11:31 AM, Patrick Georgi via coreboot wrote: Hi, I just pushed https://review.coreboot.org/19242, which adds a document discussing mitigations for the ReBAR SMM attack Intel Security presented in January. I think we had a couple of people bringing it up on IRC and on the list, but

[coreboot] Design discussions on gerrit

2017-04-11 Thread Patrick Georgi via coreboot
Hi, I just pushed https://review.coreboot.org/19242, which adds a document discussing mitigations for the ReBAR SMM attack Intel Security presented in January. I think we had a couple of people bringing it up on IRC and on the list, but these were relatively unstructured and nothing happened from