On Mon, Jun 25, 2018 at 11:39 PM, ron minnich <rminn...@gmail.com> wrote: > > > On Mon, Jun 25, 2018 at 12:55 AM Shawn <cit...@gmail.com> wrote: >> >> Hi Ron, >> >> >> IIRC, Machine mode in RISC-V is just looking similar to SMM in x86. >> But it can do more than what SMM does. > > > that's in my view not good, since in many cases, M mode code is part of > firmware, not the kernel image. Kernels don't get to change or ignore it. M > mode can protect itself from the kernel, even from being read. So it can > hide its presence, what it does, and might even be able to change itself. > > I had a talk with a BIG ARM SOC vendor not long ago. They said that at one > point a big x86 company proposed that their company implement SMM for ARM. > "so they asked us to implement this SMM-like thing that had unlimited > privilege. We said no, no no, there's no reason to repeat x86 mistakes on > ARM". Good call on that company's part. > > I argued several years ago that M mode code should be supplied by the > kernel, not firmware, for the obvious reasons: M mode is a great place to > put a persistent threat. The various x86 experiences were well known by that > time, so the problem should have been pretty clear. > Well, from that perspective I'm totally agree w/ SMM is a big threat especially when the machine was compromised and then attacker implant a rootkit running in SMM. If that happened in x86, it's pretty much fuc*ed up. Cu'z it's unlikely detect the smm rootkit at runtime, while the static analysis of forensics cost more time/money. Maybe we should've taken mitigation( SMRAM?) into this case in the 1st place.
-- GNU powered it... GPL protect it... God blessing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot