[ltp] Re: Can you trust your firmware?

Nikolaos D. Bougalis linux-thinkpad@linux-thinkpad.org
Mon, 18 Feb 2008 20:42:26 -0800


Shem Multinymous wrote:
> On Feb 18, 2008 7:54 PM, Andrew Barr <andrew.james.barr@gmail.com> wrote:
>   
>> EFI is the face the firmware puts of
>> for the world (e.g. the OS), it doesn't give us any useful information
>> about things like hardware initialization that are done before the OS even
>> starts.
>>     
>
> On most laptops, the worst potentially-evil part of the BIOS is not
> the boot code, but the System Management Mode code. SMM can take over
> at essentially any time, and can read and manipulate all system state
> arbitrarily.
>
>   Shem
>   

    Yeah... what a *HORRIBLE HORRIBLE* idea that was. I know why it was 
added of course, but it was the wrong solution and causes nothing but 
grief to this time.

    Seriously, who thought that adding a ton of extra circuitry on the 
chip, with the goal of transparently stealing control from the O/S and 
making it impossible for
the O/S to determine this has happened was a good idea? And if you feel 
compelled to add this trainwreck-waiting-to-happen, why not make it a 
configurable
feature?

     SMM needs to die, and fast.

    -n