On 11/05/2015 17:17, Laszlo Ersek wrote: > If I understand correctly, this makes SMI_LOCK lock down the GBL_SMI_EN > bit (and my OVMF patch that relies on that / tests it is satisfied too). > > But, it doesn't seem to lock down APMC_EN. According to the ICH9 spec, > it doesn't need to -- however when we discussed this earlier (see > Message-Id: <553f4d23.3060...@redhat.com>), the idea was to lock down > APMC_EN as well. (And I don't understand why the ICH9 spec / hw > implementation doesn't lock APMC_EN; without that, APM_CNT won't > necessarily trigger an SMI.)
I don't think it should. See here <https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02758.html> where I wrote explicitly "Even if the OS tries to maliciously set APMC_EN to 0 (SMI_LOCK doesn't lock APMC_EN)...". Paolo
