@mjg59 @oshepherd Refraining from executing firmware blobs in ring 0 after boot should not require starting over from the beginning.
-
-
Replying to @RichFelker
@RichFelker@mjg59 To what end? The firmware is always resident in SMM, so stuff in Ring 0 is the least of your worries...1 reply 0 retweets 0 likes -
Replying to @erincandescent
@oshepherd@mjg59 SMM is another bug to fix, yes, but the existence of bugs at one layer is no excuse for not fixing other layers.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@mjg59 if you replace your firmware such that your SMM is trustable then your EFI runtime should be trusted also1 reply 0 retweets 0 likes -
Replying to @erincandescent
@oshepherd@mjg59 I was talking about desoldering/cutting the SMI pin.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@oshepherd@mjg59 Alternatively some chipsets have a register to disable it which the kernel could use, if you trust it.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@mjg59 there isn't an SMI pin, and firmware *correctly* blocks writes to that bit1 reply 0 retweets 0 likes -
Replying to @erincandescent
@oshepherd@mjg59 On early models (386-486 era?) there was a pin, and the disable register was available a few years back.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@mjg59 since about Pentium it's been a bus cmessage. It has always been possible for SMM to disable the disable register1 reply 0 retweets 1 like -
Replying to @erincandescent
@oshepherd@RichFelker@mjg59 why exactly is it possible for SMM to disable the ability to disable itsself? That seems silly/insecure.2 replies 0 retweets 0 likes
Rich Felker Retweeted 🎃 unsafe { mem::transmute(@erincandescent) } 🎃
@bofh453 @oshepherd @mjg59 Because Intel has a backwards model of which software is trusted and which is not.https://twitter.com/oshepherd/status/694194416303484928 …
Rich Felker added,
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.