Yuriy Bulygin and Oleksandr Bazhaniuk's coreboot presentation at REcon Montreal 2017:
https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-DiggingIntoTheCoreOfBoot.pdf They recap the MMIO BAR issue (previously disclosed at REcon Brussles), and identified two new vulnerabilities (handling ACPI GNVS pointers during S3 resume, and an SMI handler that reads from an unprotected VGA MMIO register). They also identify that the /WP bit is not set on most non-chromebook coreboot installs and that PRR are not enabled by default. They summarize this configuration as "super crazy developer mode", which has several drawbacks: * SMM based firmware write protection is off • SPI protected range registers are disabled • TCO and Global SMI are not locked down • SPI config is not locked • SMRAM can be DMA’d into Are there active reviews for the GNVS or VGA issues? I don't see any on review.coreoot.org. For the non-chromebook configuration, what is the best practice? I can set PRR, TSEG, etc in my Linux payload, but is that too late? -- Trammell -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot