[flashrom] [PATCH] revamp the warning of failing to set BIOS write enable in enable_flash_ich

Feldschmid, Ingo ifel at msc-ge.com
Mon Sep 12 14:53:17 CEST 2011


IMHO, a warning will probably be enough here. There is always just one SMI entrypoint, which branches out to the different SMI handler functions depending on the various smi source flag bits. There will always be at least some kind of SMI handler present, since 1. SMI is used for all kinds of stuff during bios (protection, usb legacy, ACPI interface, etc.) and 2. not installing it leaves the system wide open to all kinds of malicious attacks, which is something no bios vendor will risk. So I think it is safe to assume there will be at least some kind of code for SMI handling, which should be able to gracefully exit SMM again even on unknown SMI sources. 

Best regards,
Ingo


Es gelten unsere Allgemeinen Leistungsbedingungen die 
unter http://www.msc-ge.com/alb abrufbar sind. 

Our standard terms and conditions apply which are 
available under http://www.msc-ge.com/alb .

 
MSC Vertriebs GmbH

Sitz der Gesellschaft:	Industriestrasse 16, 76297 Stutensee 
Handelsregister: 	Mannheim, HRB Nr. 10 3631
Geschäftsführung: 	Manfred Schwarztrauber, Lothar Kümmerlin, Rüdiger Kuhn, Silvano Geissler
Umsatzsteuer ID Nr.: 	DE 143 585 507
WEEE Reg. Nr. :		DE 31011852
 

Gleichmann & Co. Electronics GmbH

Sitz der Gesellschaft:	Schraderstrasse 44, 67227 Frankenthal 
Handelsregister:	Ludwigshafen, HRB Nr. 21305
Geschäftsführung:	Manfred Schwarztrauber, Thomas Klein
Umsatzsteuer ID Nr. :	DE 148 421 329            
WEEE Reg. Nr.:		DE 72277043
 

Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. 
Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den
Absender und löschen Sie diese E-Mail. 
 
The information contained in this message is confidential and/ or protected by law. 
If you are not the intended recipient, please contact the sender and delete this message. 


-----Ursprüngliche Nachricht-----
Von: Stefan Tauner [mailto:stefan.tauner at student.tuwien.ac.at] 
Gesendet: Freitag, 9. September 2011 20:32
An: Feldschmid, Ingo
Cc: flashrom at flashrom.org
Betreff: Re: [flashrom] [PATCH] revamp the warning of failing to set BIOS write enable in enable_flash_ich

On Fri, 9 Sep 2011 15:47:34 +0200
"Feldschmid, Ingo" <ifel at msc-ge.com> wrote:

> Uhm, the idea of this mechanism is to prevent flashing of the bios chip. Whenever the bios write enable bit is changed, an SMI is generated, and the SMI code from the bios is executed. Within this code, the original bios vendor can do anything, including preventing the changing of said bit. Normally, this can be used to make sure that the bios chip can only be written through a "bios-vendor-approved" update mechanism. 

yes. the question is what should we do? the interrupt service routine
could be a NOP too... or it could be undefined and reset the PC (we had
something similar on an intel reference board when testing my hardware
sequencing patches). of course it is not likely that a vendor will do
something like that, but probably check for some internal "enabled"-flag
and change back the write enable bit if that flag is not set...

so... is just warning the user enough? if something bad happens in the
SMI it would have happened already when the message is printed...
should we require --force to try to set the write enable, if the SMM
protection is enabled (and warn and explain without --force ofc.)?

> Looking at the Dell website, it seems that the optiplex includes a feature called "computrace". This is an advance thief protection which includes, among other things, a bios module which helps preventing the removal of the thief protection from the board. This might be the reason that Dell tries to prevent flashing the bios through the means described above. 
> 
> To update this computer's bios through flashrom, the user might first have to contact Dell to disable the Computrace/Lojack mechanism on the board. After that, bios updates through non-dell programs might be possible.

jup that's possible. thank you very much for the mail.

-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner





More information about the flashrom mailing list