[coreboot] (help me to get better) flashrom support for thinkpads with locked down opcodes

Rudolf Marek r.marek at assembler.cz
Tue Aug 28 15:40:25 CEST 2012

> Have you guys considered SMI cache poisoning attacks to work around
> those restrictions?

Yes we tried to break in but it did not work from SMM either. I even did a great 
SMM hack (using my EEE 1000HD).  While waking up from suspend to ram (when linux 
runs in real mode after waking vector is jumped to) I triggered the SMM poison 
attack and redirect myself back to linux resume flow. This resumed linux but 
while still in SMM mode. The intention was to use flashrom "as usual" ;) only 
with special kernel...

I remember we tried this with T40 but for some reason it did not work even when 
we were in SMM.


More information about the coreboot mailing list