From: Blibbet <blibbet@gmail.com>
To: Peter Zijlstra <peterz@infradead.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: lenb@kernel.org, linux-acpi@vger.kernel.org, acpi@linux.intel.com
Subject: Re: [PATCH] acpi: Better describe ACPI_DEBUGGER
Date: Tue, 1 Dec 2015 13:45:50 -0800 [thread overview]
Message-ID: <565E150E.5010401@gmail.com> (raw)
In-Reply-To: <20151130223908.GH3816@twins.programming.kicks-ass.net>
On 11/30/2015 02:39 PM, Peter Zijlstra wrote:
> On Mon, Nov 30, 2015 at 11:43:26PM +0100, Rafael J. Wysocki wrote:
>> On Monday, November 30, 2015 10:32:15 PM Peter Zijlstra wrote:
[...]
> n/p, for a brief moment I thought about things like a GDB stub running
> in SMM -- which would be entirely awesome if it had dedicated IO through
> a BMC or simple serial.
>
> Then I thought about all the kvm-gdb-stub fail I've encountered over the
> years and figured this would never work, seeing how BIOSes are never
> updated/fixed.
FYI, at Usenix WOOT'15, Intel talked about using a GDB stub to test SMM,
along with S2E, KLEE, OpenOCD, and Minnow. I *think* Intel is going to
be open-sourcing the resulting test project next quarter. Unclear if
this will impact ACPI.
https://www.usenix.org/conference/woot15/workshop-program/presentation/bazhaniuk
"Symbolic Execution for BIOS Security: We are building a tool that uses
symbolic execution to search for BIOS security vulnerabilities including
dangerous memory references (call outs) by SMM interrupt handlers in
UEFI-compliant implementations of BIOS. Our tool currently applies only
to interrupt handlers for SMM variables. Given a snapshot of SMRAM, the
base address of SMRAM, and the address of the variable interrupt handler
in SMRAM, the tool uses S2E to run the KLEE symbolic execution engine to
search for concrete examples of a call to the interrupt handler that
causes the handler to read memory outside of SMRAM. This is a work in
progress. We discuss our approach, our current status, our plans for the
tool, and the obstacles we face."
Thanks,
Lee
RSS: http://firmwaresecurity.com/feed
prev parent reply other threads:[~2015-12-01 21:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-30 21:32 [PATCH] acpi: Better describe ACPI_DEBUGGER Peter Zijlstra
2015-11-30 22:43 ` Rafael J. Wysocki
2015-11-30 22:39 ` Peter Zijlstra
2015-12-01 21:45 ` Blibbet [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=565E150E.5010401@gmail.com \
--to=blibbet@gmail.com \
--cc=acpi@linux.intel.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rjw@rjwysocki.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox