Re: [coreboot] [Resend] Tapping into the core (33C3)

Hello Denis. On Tue, 17 Jan 2017 11:11:38 + Maxim Goryachy wrote: [...] If I understand correctly, when DCI is disabled in the flash descriptor, such attacks are not possible and the computer is safe. Unfortunately no, DCI can

Re: [coreboot] [Resend] Tapping into the core (33C3)

Adding notes: If ioperm/iopl are necessary to enable DCI on GNU/Linux, two tiny features from PaX/Grsecurity can mitigate such attack: CONFIG_GRKERNSEC_KMEM, CONFIG_GRKERNSEC_IO On Wed, Jan 18, 2017 at 9:08 PM, Denis 'GNUtoo' Carikli wrote: > On Tue, 17 Jan 2017 11:11:38 +

Re: [coreboot] [Resend] Tapping into the core (33C3)

On 01/18/2017 08:08 AM, Denis 'GNUtoo' Carikli wrote: On Tue, 17 Jan 2017 11:11:38 + Maxim Goryachy wrote: [...] If I understand correctly, when DCI is disabled in the flash descriptor, such attacks are not possible and the computer is safe. Unfortunately no,

Re: [coreboot] [Resend] Tapping into the core (33C3)

On Tue, 17 Jan 2017 11:11:38 + Maxim Goryachy wrote: [...] > If I understand correctly, when DCI is disabled in the flash > descriptor, such attacks are not possible and the computer is safe. > > Unfortunately no, DCI can be activated through P2SB device at any >

Re: [coreboot] [Resend] Tapping into the core (33C3)

I'm putting my time into riscv nowadays. The breaking point for me with ARM was their move to UEFI a few years back for 64 bit. And remember, as open as ARM is now, that can end any time. It's still a licensed architecture. There was a time when x86 implementations were everywhere, in the way

Re: [coreboot] [Resend] Tapping into the core (33C3)

Sorry, I forgot to attach slides. On 16.01.2017 18:41, Denis 'GNUtoo' Carikli wrote: Hello Denis. Thank you for interest to our talk. Hi, I saw your presentation "Tapping into the core"[1] that you gave at the last CCC. As I understand from the slides DCI can be activated trough: - The flash

Re: [coreboot] [Resend] Tapping into the core (33C3)

On 16.01.2017 18:41, Denis 'GNUtoo' Carikli wrote: Hello Denis. Thank you for interest to our talk. Hi, I saw your presentation "Tapping into the core"[1] that you gave at the last CCC. As I understand from the slides DCI can be activated trough: - The flash descriptor - UEFI - The P2SB

Re: [coreboot] [Resend] Tapping into the core (33C3)

Bootguard can be bypassed by simply swapping compatible CPU's from two computers/laptops, correct? The bigger issue is, do we really want to support a company that will one day succeed in shutting us down? while x86 is the only real option for a mobile workstation I feel as though all

Re: [coreboot] [Resend] Tapping into the core (33C3)

On Mon, Jan 16, 2017 at 04:40:33PM +0100, Denis 'GNUtoo' Carikli wrote: > [...] > As I understand from the slides DCI can be activated trough: > - The flash descriptor > - UEFI > - The P2SB register Aren't there two different things being discussed here? There is DCI, which requires BIOS or

[coreboot] [Resend] Tapping into the core (33C3)

Hi, I saw your presentation "Tapping into the core"[1] that you gave at the last CCC. As I understand from the slides DCI can be activated trough: - The flash descriptor - UEFI - The P2SB register Are skylake platform safe if: - DCI is disabled in the flash descriptor. - DCI is not activated by