[coreboot] (help me to get better) flashrom support for thinkpads with locked down opcodes
r.marek at assembler.cz
Tue Aug 28 15:40:25 CEST 2012
> Have you guys considered SMI cache poisoning attacks to work around
> those restrictions?
Yes we tried to break in but it did not work from SMM either. I even did a great
SMM hack (using my EEE 1000HD). While waking up from suspend to ram (when linux
runs in real mode after waking vector is jumped to) I triggered the SMM poison
attack and redirect myself back to linux resume flow. This resumed linux but
while still in SMM mode. The intention was to use flashrom "as usual" ;) only
with special kernel...
I remember we tried this with T40 but for some reason it did not work even when
we were in SMM.
More information about the coreboot