by ruik on 9/7/24, 7:44 PM with 30 comments
by tux3 on 9/12/24, 8:50 AM
(Actual Ring 2 is very rarely seen, so perhaps I should have known!)
by pella on 9/12/24, 9:08 AM
by Taniwha on 9/12/24, 11:10 PM
Originally on x86 systems memory was in VERY short supply - SMM mode memory was the DRAM that the VGA window in low memory (0xa0000) overlaid - normal code couldn't access it because the video card claimed memory accesses to that range of addresses - so the north bridge when the CPU was in SMM mode switched data and instruction accesses to that range to go to DRAM rather than the VGA card .... that's great except remember that SMM mode was used for special setup stuff for laptops .... sometimes they need to be able to display on the screen .... that's what this special mode was originally for: so that SMM mode code can display on the screen (it's also likely why SMM mode graphics were so primitive, you're switching in and out of this mode for every pixel you write)
by jandrese on 9/12/24, 2:56 PM
by transpute on 9/12/24, 6:09 PM
pKVM's primary goal is to protect guest pages from a compromised host by enforcing access control restrictions using stage-2 page-tables. Sadly, this cannot prevent TrustZone from accessing non-secure memory, and a compromised host could, for example, perform a 'confused deputy' attack by asking TrustZone to use pages that have been donated to protected guests. This would effectively allow the host to have TrustZone exfiltrate guest secrets on its behalf, hence breaking the isolation that pKVM intends to provide..
FF-A provides (among other things) a set of memory management APIs allowing the Normal World to share, donate or lend pages with Secure. By monitoring these SMCs, pKVM can ensure that the pages that are shared, lent or donated to Secure by the host kernel are only pages that it owns.. the robustness of this approach relies on having all Secure Software on the device use the FF-A protocol for memory management transactions with the normal world, and not use vendor-specific SMCs that pKVM is unable to parse.
> Because of its traditionally unfettered access to memory and device resources, SMM is a known vector of attack for gaining access to the OS and hardware.. One could have perfect code in SMM and still be affected by behavior like trampolining into secure kernel code.. Isolating SMM is implemented in three parts: OEMs implement a policy that states what they require access to; the chip vendor enforces this policy on SMIs; and the chip vendor reports compliance to this policy to the OS.
by HowardStark on 9/12/24, 11:31 AM
by paulmd on 9/12/24, 5:29 PM
the same thing happened with the ryzenfall/masterkey exploit, where people were just in utter denial there was an actual exploit there, because root is root! People literally spent more time talking about who released it and their background image than the actual exploit. AMD obvious cannot have exploits, that's only an intel thing. /s
"alleged" flaws" (rolls eyes) https://old.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen...
assassination attempt* https://old.reddit.com/r/hardware/comments/849paz/assassinat...
doxxing the researchers: https://old.reddit.com/r/hardware/comments/845xks/some_backg...
https://old.reddit.com/r/Amd/comments/84tftt/clarification_a...
https://old.reddit.com/r/Amd/comments/8589t2/cts_labs_clarif...
HN discussions were not much better, although tpacek is cool.
https://news.ycombinator.com/item?id=16576342