[coreboot] [PATCH] Make RAM check configurable via Kconfig
Uwe Hermann
uwe at hermann-uwe.de
Mon Mar 17 14:54:47 CET 2008
On Mon, Mar 17, 2008 at 03:09:19AM -0400, Corey Osgood wrote:
> IMO, ram_check should be a lot more advanced and configurable then it
> already is. I'd like to see it work something like this:
>
> * configured via Kconfig.
ACK.
> Builder has the option of running it all the time,
> only if coreboot enters fallback, or if the memory size changes
> * size of the ram is stored in cmos, for above. obviously there would need
> to be some northbridge-specific function created to return the size of the
> ram
Not sure about normal/fallback, but I think it would be nice to have at
least two/three options:
- Check low RAM (640 KB)
- Check all of RAM
- (Check first x MB of RAM)
We shouldn't make this _too_ configurable though, it gets messy very
soon.
> * ram_check has two options, basic or advanced. basic would be the current
> code, advanced would incorporate more tests, similar to memtest86's tests.
> user gets the option of which test is run. possibly basic runs when the
> memory size changes, advanced only runs in fallback.
I agree with Peter here, this should not be in coreboot. We don't
want to duplicate memtest, developers/users should just use memtest if
they need more advanced RAM checks.
I do _not_ agree that the ram_check() is useless or should be always
disabled, though. Having it as an EXPERT Kconfig option is fine IMO.
Also, this might be very very useful for other things than just
_checking_ RAM. Remember the security problem of RAM not losing its
contents right after power is removed?
http://hermann-uwe.de/blog/lest-we-remember--cold-boot-attacks-on-encryption-keys
http://citp.princeton.edu/memory/
Our ram_check() is pretty much all that is required for us to "fix" at
least one part of that security nightmare -- an attacker rebooting a
system running coreboot with ram_check() enabled will not be able to
grab any useful memory contents.
That's is a _feature_ of coreboot in this case, not just a developer
aid. We should not entirely drop ram_check(), rather we should advertise
it as coreboot security feature and have a Kconfig option for users
to enable/disable it.
Uwe.
--
http://www.hermann-uwe.de | http://www.holsham-traders.de
http://www.crazy-hacks.org | http://www.unmaintained-free-software.org
More information about the coreboot
mailing list