From ce2564ac519fd974eeaa070ccb30d5a12e0c3334 Mon Sep 17 00:00:00 2001 From: Patrick Georgi Date: Sat, 5 Sep 2015 20:21:24 +0200 Subject: smmhandler: on i945..nehalem, crash if LAPIC overlaps with ASEG This mitigates the Memory Sinkhole issue (described on https://github.com/xoreaxeaxeax/sinkhole) by checking for the issue and crashing the system explicitly if LAPIC overlaps ASEG. This needs to happen without a data access (only code fetches) because data accesses could be tampered with. Don't try to recover because, if somebody tried to do shenanigans like these, we have to expect more. Sandybridge is safe because it does the same test in hardware, and crashes. Newer chipsets presumably do the same. This needs to be extended to deal with overlapping TSEG as well. Change-Id: I508c0b10ab88779da81d18a94b08dcfeca6f5a6f Signed-off-by: Patrick Georgi Reviewed-on: http://review.coreboot.org/11519 Reviewed-by: Aaron Durbin Tested-by: build bot (Jenkins) --- src/cpu/x86/Kconfig | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/cpu/x86/Kconfig') diff --git a/src/cpu/x86/Kconfig b/src/cpu/x86/Kconfig index 9e5f6155fe..131cbf24bb 100644 --- a/src/cpu/x86/Kconfig +++ b/src/cpu/x86/Kconfig @@ -89,6 +89,13 @@ config SMM_MODULE_HEAP_SIZE This option determines the size of the heap within the SMM handler modules. +config SMM_LAPIC_REMAP_MITIGATION + bool + default y if NORTHBRIDGE_INTEL_I945 + default y if NORTHBRIDGE_INTEL_GM45 + default y if NORTHBRIDGE_INTEL_NEHALEM + default n + config X86_AMD_FIXED_MTRRS bool default n -- cgit v1.2.3