Issue #576 has been updated by Dan Ran.
Mate Kukri wrote in #note-4: > This needs to be implemented by someone with motivation and access to the > actual hardware documentation, anything else is hope and prayers that the > lock really works, but who knows if it does. > > Lenovo's stock BIOS and most firmware from this era is also hopelessly > vulnerable and unfixed to this day. > > Mate Kukri I have a T480 with Heads on it as we speak. However, i dont think I'm knowledeable enough to implement whatever you want me to implement without some proper instructions. Is there anything I can do to help or can I test something on my T480 for you? ---------------------------------------- Bug #576: GPIO locking is broken on Kaby Lake and possibly other platforms https://ticket.coreboot.org/issues/576#change-2331 * Author: Mate Kukri * Status: New * Priority: Normal * Target version: none * Start date: 2025-01-30 ---------------------------------------- Many supported Kaby Lake boards (and possibly newer platforms as well) are vulnerable to [TPM GPIO reset attacks](https://mkukri.xyz/2024/06/01/tpm-gpio-fail.html). Trying to fix this by marking the affected GPIOs as locked in gpio.h and even also selecting `SOC_INTEL_COMMON_BLOCK_SMM_LOCK_GPIO_PADS` does not work. This was discovered last year and briefly discussed on #coreboot, but it came up again on the Heads matrix group in relation to supporting the TPM on the in-progress ThinkPad T480 port. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
