> -----Original Message----- > From: Andy Lutomirski [mailto:luto@xxxxxxxxxx] > Sent: Thursday, April 13, 2017 12:44 PM > To: Limonciello, Mario <Mario_Limonciello@xxxxxxxx> > Cc: Darren Hart <dvhart@xxxxxxxxxxxxx>; Andrew Lutomirski <luto@xxxxxxxxxx>; > Michał Kępień <kernel@xxxxxxxxxx>; Rafael J. Wysocki <rjw@xxxxxxxxxxxxx>; Len > Brown <len.brown@xxxxxxxxx>; Pali Rohár <pali.rohar@xxxxxxxxx>; Corentin > Chary <corentin.chary@xxxxxxxxx>; Andy Shevchenko > <andriy.shevchenko@xxxxxxxxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx; platform- > driver-x86@xxxxxxxxxxxxxxx; linux-pm@xxxxxxxxxxxxxxx > Subject: Re: RFC: WMI Enhancements > > On Thu, Apr 13, 2017 at 10:39 AM, <Mario.Limonciello@xxxxxxxx> wrote: > >> -----Original Message----- > >> From: Darren Hart [mailto:dvhart@xxxxxxxxxxxxx] > >> Sent: Thursday, April 13, 2017 12:06 PM > >> To: Limonciello, Mario <Mario_Limonciello@xxxxxxxx> > >> Cc: luto@xxxxxxxxxx; kernel@xxxxxxxxxx; rjw@xxxxxxxxxxxxx; > >> len.brown@xxxxxxxxx; pali.rohar@xxxxxxxxx; corentin.chary@xxxxxxxxx; > >> andriy.shevchenko@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; platform- > >> driver-x86@xxxxxxxxxxxxxxx; linux-pm@xxxxxxxxxxxxxxx > >> Subject: Re: RFC: WMI Enhancements > >> > > > Well the "most" interesting to me is the SMBIOS calling interface on the > > regular Dell GUID (WMBA IIRC). That's what is used to manipulate keyboard > > LED timeouts in dell-laptop (although through direct SMI today). > > > > It's also what is used for other SMBIOS calls like changing random BIOS settings > > that shouldn't be generically exposed in sysfs but should be controlled by > > manageability tools. > > > > Example: turning on/off legacy option ROM or changing legacy boot order. > > > > IIUC we basically can't expose the SMI--based interface to this entry > point to userspace because of its use of physical addressing. It is > reasonably safe to expose the WMI version? (IOW should be expect that > it doesn't enable kernel-mode or SMM code execution?) The SMI based entry is already exposed using dcdbas. The WMI version when executing a call that would be run as a SMI will copy the buffer to an area of memory that the BIOS has already been marked reserved to execute the SMI and copy the result out. > > TBH, I've occasionally considered writing a driver to expose SMM code > execution on systems with a known reliable exploit :) On Dell HW? I'm sure our security folks would be very interested in this.
