2008-10-01 13:31:35

by Jiri Kosina

[permalink] [raw]
Subject: RE: [RFC PATCH 11/12] e1000e: write protect ICHx NVM to prevent malicious write/erase

On Tue, 30 Sep 2008, Allan, Bruce W wrote:

> Yeah, we can do that. I need to amend the patch a bit to prevent the
> protected range lock from being lifted unintentionally and will add some
> debug statements if/when any write/erase cycles fail.

Olaf raised a rather interesting question -- would iAMT be able to access
NVM contents directly, even if the lock bit would be set on the device?
I.e. is iAMT allowed direct access to the EEPROM contents, bypassing
shadow ram mappings?

Thanks,

--
Jiri Kosina
SUSE Labs


2008-10-01 19:14:19

by Allan, Bruce W

[permalink] [raw]
Subject: RE: [RFC PATCH 11/12] e1000e: write protect ICHx NVM to prevent malicious write/erase

On Wednesday, October 01, 2008 6:29 AM, Jiri Kosina wrote:
>
>Olaf raised a rather interesting question -- would iAMT be
>able to access
>NVM contents directly, even if the lock bit would be set on the device?
>I.e. is iAMT allowed direct access to the EEPROM contents, bypassing
>shadow ram mappings?
>
>Thanks,
>
>--
>Jiri Kosina
>SUSE Labs
>

Only write/erase accesses are blocked by hardware after the protected range and lockdown bits are set in this patch; reads are still allowed. I just received confirmation that iAMT does not write to the GbE region of the NVM.