lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 13 Apr 2017 17:49:49 +0000
From:   <Mario.Limonciello@...l.com>
To:     <luto@...nel.org>
CC:     <dvhart@...radead.org>, <kernel@...pniu.pl>, <rjw@...ysocki.net>,
        <len.brown@...el.com>, <pali.rohar@...il.com>,
        <corentin.chary@...il.com>, <andriy.shevchenko@...ux.intel.com>,
        <linux-kernel@...r.kernel.org>,
        <platform-driver-x86@...r.kernel.org>, <linux-pm@...r.kernel.org>
Subject: RE: RFC: WMI Enhancements

> -----Original Message-----
> From: Andy Lutomirski [mailto:luto@...nel.org]
> Sent: Thursday, April 13, 2017 12:44 PM
> To: Limonciello, Mario <Mario_Limonciello@...l.com>
> Cc: Darren Hart <dvhart@...radead.org>; Andrew Lutomirski <luto@...nel.org>;
> Michał Kępień <kernel@...pniu.pl>; Rafael J. Wysocki <rjw@...ysocki.net>; Len
> Brown <len.brown@...el.com>; Pali Rohár <pali.rohar@...il.com>; Corentin
> Chary <corentin.chary@...il.com>; Andy Shevchenko
> <andriy.shevchenko@...ux.intel.com>; linux-kernel@...r.kernel.org; platform-
> driver-x86@...r.kernel.org; linux-pm@...r.kernel.org
> Subject: Re: RFC: WMI Enhancements
> 
> On Thu, Apr 13, 2017 at 10:39 AM,  <Mario.Limonciello@...l.com> wrote:
> >> -----Original Message-----
> >> From: Darren Hart [mailto:dvhart@...radead.org]
> >> Sent: Thursday, April 13, 2017 12:06 PM
> >> To: Limonciello, Mario <Mario_Limonciello@...l.com>
> >> Cc: luto@...nel.org; kernel@...pniu.pl; rjw@...ysocki.net;
> >> len.brown@...el.com; pali.rohar@...il.com; corentin.chary@...il.com;
> >> andriy.shevchenko@...ux.intel.com; linux-kernel@...r.kernel.org; platform-
> >> driver-x86@...r.kernel.org; linux-pm@...r.kernel.org
> >> Subject: Re: RFC: WMI Enhancements
> >>
> 
> > Well the "most" interesting to me is the SMBIOS calling interface on the
> > regular Dell GUID (WMBA IIRC).  That's what is used to manipulate keyboard
> > LED timeouts in dell-laptop (although through direct SMI today).
> >
> > It's also what is used for other SMBIOS calls like changing random BIOS settings
> > that shouldn't be generically exposed in sysfs but should be controlled by
> > manageability tools.
> >
> > Example: turning on/off legacy option ROM or changing legacy boot order.
> >
> 
> IIUC we basically can't expose the SMI--based interface to this entry
> point to userspace because of its use of physical addressing.  It is
> reasonably safe to expose the WMI version?  (IOW should be expect that
> it doesn't enable kernel-mode or SMM code execution?)

The SMI based entry is already exposed using dcdbas.

The WMI version when executing a call that would be run as a SMI 
will copy the buffer to an area of memory that the BIOS has already 
been marked reserved to execute the SMI and copy the result out.

> 
> TBH, I've occasionally considered writing a driver to expose SMM code
> execution on systems with a known reliable exploit :)

On Dell HW?  I'm sure our security folks would be very interested in this.

Powered by blists - more mailing lists