Bug #576: GPIO locking is broken on Kaby Lake and possibly other platforms - coreboot - Issue Tracker

Actions

Copy link

Bug #576

open

GPIO locking is broken on Kaby Lake and possibly other platforms

Added by Mate Kukri 12 days ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Target version:

none

Start date:

01/30/2025

Due date:

% Done:

Estimated time:

Affected versions:

Needs backport to:

Affected hardware:

Affected OS:

Description

Many supported Kaby Lake boards (and possibly newer platforms as well) are vulnerable to TPM GPIO reset attacks.

Trying to fix this by marking the affected GPIOs as locked in gpio.h and even also selecting SOC_INTEL_COMMON_BLOCK_SMM_LOCK_GPIO_PADS does not work.

This was discovered last year and briefly discussed on #coreboot, but it came up again on the Heads matrix group in relation to supporting the TPM on the in-progress ThinkPad T480 port.

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

coreboot

Bug #576

GPIO locking is broken on Kaby Lake and possibly other platforms