Hi Ron, On 30.06.2017 06:25, ron minnich wrote: > there's something I am certain I don't understand about SMM on intel > chipsets. > > The question is pretty simple. Consider a system with a recent intel > chipset and flash. Is there some special secret sauce that disables writing > to flash unless in SMM and if so, what is it?
it's a bit in the SPI configuration that Intel encourages everybody to set (to give SMM a bigger attack surface and make the platform overall less secure, I suppose?). > > Thanks to anyone who can point me to chapter and verse of a data sheet. Search for BIOS_CNTL / SMM_BWP in your PCH datasheet or (BIOS_SPI_BC / EISS from Skylake/100 series on). Nico -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
