Documentation: Add TODOs for secure SMM when using x86_64

Change-Id: I157238f18bc1c2eba0adc0b87caa9adaf3fc5d38 Signed-off-by: Patrick Rudolph <siro@das-labor.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/42982 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2020-06-30 20:24:11 +02:00 · 2020-06-30 20:24:11 +02:00 · d5321bf2fb
parent 9d69d881e6
commit d5321bf2fb
1 changed files with 9 additions and 0 deletions
--- a/Documentation/arch/x86/index.md
+++ b/Documentation/arch/x86/index.md
@ -49,6 +49,15 @@ At the moment *$n* is 4, which results in identity mapping the lower 4 GiB.
 * Add assembly code to return to protected mode - *TODO*
 * Implement reference code for mainboard `emulation/qemu-q35` - *TODO*

+## Future work
+
+1. Fine grained page tables for SMM:
+   * Must not have execute and write permissions for the same page.
+   * Must allow only that TSEG pages can be marked executable
+   * Must reside in SMRAM
+2. Support 64bit PCI BARs above 4GiB
+3. Place and run code above 4GiB
+
 ## Porting other boards
 * Fix compilation errors
 * Test how well CAR works with x86_64 and paging