arthur, what might we do with either the build process or startup to avoid this problem in future? Do you think we could find a way to catch this programmatically soon, rather than humanly too late?
On Mon, Apr 11, 2022 at 2:48 AM Arthur Heymans <[email protected]> wrote: > > Hi > > After last week's SMM loader problem on all but the BSP, I noticed another > problem in the SMM setup. > The permanent smihandler is currently built as a relocatable module such that > coreboot > can place it wherever it thinks it's a good idea. (TSEG is not known at > buildtime). > These relocatable modules have an alignment requirement. > > It looks however that the code to deal with the alignment requirement is also > wrong > and aligns the handler upwards instead of downwards which makes it encroach > either an SSE2 > FX_SAVE area or an SMM register save state. It's hard to know whether this is > easily exploitable. > I would think that a carefully crafted SMM save state on the right AP > arbitrary code executing might be possible. On the other hand I noticed last > week that launching SMM on APs is broken too so this is likely a lesser > problem. > > Anyway the fix is in https://review.coreboot.org/c/coreboot/+/63475 > (It has a comment indicating what code was causing this problem) > Please review and update your coreboot code! > > Kind regards > Arthur > _______________________________________________ > coreboot mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
