Sun Dec 9 17:34:17 CET 2012
"The OS driver initiates an ownership request by setting the OS Owned
semaphore to a one. The OS waits for the BIOS Owned bit to go to a zero
before attempting to use the EHCI controller. The time that OS must wait
for BIOS to respond to the request for ownership is beyond the scope of
"If the BIOS has set SMI on OS Ownership Change in the USBLEGCTLSTS
register to a one, it receives an SMI when the OS Driver sets the OS
Owned semaphore to a one. BIOS observes that OS has changed the value of
the OS Owned bit..."
What happens if the BIOS doesn't relinquish control of the EHCI? Does
hardware somehow prevent the OS from accessing the USB controller? What
happens if the OS tries to use the USB controller without using these
semaphores at all? It seems to me that the OS can at least cause a
Denial-of-Service by sending commands to the USB controller, but I
suspect it can also eavesdrop on keyboard events. Can anybody confirm
or deny this attack?
If this is outside the scope of coreboot, I'm sorry for bothering the list.
Thank you for your time,
More information about the coreboot