System Management Mode: Difference between revisions
Content deleted Content added
m →External links: +es |
m →External links: +cat |
||
| Line 33: | Line 33: | ||
{{computer-stub}} |
{{computer-stub}} |
||
[[Category: |
[[Category:X86 operating modes]] |
||
[[es:Modo de Gerencia del Sistema]] |
[[es:Modo de Gerencia del Sistema]] |
||
Revision as of 13:29, 23 August 2007
| Part of a series on |
| Microprocessor modes for the x86 architecture |
|---|
|
| First supported platform shown in parentheses |
System Management Mode (SMM) is an operating mode first released with the Intel 386SL and available in later microprocessors in the x86 architecture, in which all normal execution (including the operating system) is suspended, and special separate software (usually firmware or a hardware-assisted debugger) is executed in high-privilege mode.
Usage
Some common uses of SMM are:
- to emulate motherboard hardware that is unimplemented or buggy.
- power management operations, such as turning on fans.
- to emulate a PS/2 mouse or keyboard from a USB one.
- system safety functions, such as shutdown on high CPU temperature.
- system configuration, such as on Toshiba and IBM notebook computers
Entering SMM
SMM is entered via the SMI (system management interrupt), which is caused by:
- motherboard hardware signaling via a designated pin of the processor chip. This signal can be an independent event, or triggered by the system software via an I/O read from a location considered special by the motherboard logic (port $B2 is common).
- an IO write to a location which the firmware has requested that the processor chip act on
Problems
- Since the SMM code (SMI handler) is installed by the system firmware (BIOS), the OS and the SMM code may have expectations about hardware settings that are incompatible, such as different ideas of how the APIC should be set up.
- Operations in SMM take CPU time away from the OS, since the CPU state must be stored to memory (SMRAM) and any write back caches must be flushed. This can destroy real-time behavior and cause clock ticks to get lost.
- A digital logic analyser may be required to determine if SMM is occurring.
- Recovering the SMI handler code to analyze it for bugs, vulnerabilities, and secrets requires a logic analyzer or dissassembly of the system firmware.
See also
- MediaGX processor which implements nonexistent hardware via SMM
- Extensible Firmware Interface
External links
- Badness of SMM
- [1] - This old edition of the Intel Software developer's manual has a chapter (12) on SMM, starting on page 403
- The AMD Hammer BIOS and Kernel Developer's guide has a chapter on SMM
- An exploit against SMM based on OpenBSD: http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf