All Topics  
System Management Mode

 

 
   Email Print
   Bookmark   Link
 

 

System Management Mode
 
 
  Topics System Management Mode Topic Home

System Management Mode (SMM) is an operating mode first released with the Intel 386SL
Intel 80386

The Intel 80386, otherwise known as the i386 or just 386, is a microprocessor which has been used as the central processing unit of many personal computers and workstations since 1986....
 and available in later microprocessor
Microprocessor

A microprocessor incorporates most or all of the functions of a central processing unit on a single integrated circuit . The first microprocessors emerged in the early 1970s and were used for electronic calculators, using Binary-coded decimal arithmetic on 4-bit Word ....
s in the x86 architecture
X86 architecture

The generic term x86 refers to the most commercially successful instruction set architecture in the history of personal computing. It derived from the model numbers, ending in "86", of the first few processor generations Backward compatibility with the original Intel 8086....
, in which all normal execution (including the operating system) is suspended, and special separate software (usually firmware
Firmware

Firmware is a term sometimes used to denote the fixed, usually rather small, programs that internally control various electronic devices. Typical examples range from end user products such as remote controls or calculators, via computer parts and devices like harddisks, keyboard s, TFT screens or memory cards, all the way to scientific instr...
 or a hardware-assisted debugger
Debugger

A debugger is a computer program that is used to test and debug other programs. The code to be examined might alternatively be running on an Instruction Set Simulator, a technique that allows great power in its ability to halt when specific conditions are encountered but which will typically be much slower than executing the code directly on...
) is executed in high-privilege mode.








Discussion
Ask a question about 'System Management Mode'
Start a new discussion about 'System Management Mode'
Answer questions from other users
Full Discussion Forum



Encyclopedia


System Management Mode (SMM) is an operating mode first released with the Intel 386SL
Intel 80386

The Intel 80386, otherwise known as the i386 or just 386, is a microprocessor which has been used as the central processing unit of many personal computers and workstations since 1986....
 and available in later microprocessor
Microprocessor

A microprocessor incorporates most or all of the functions of a central processing unit on a single integrated circuit . The first microprocessors emerged in the early 1970s and were used for electronic calculators, using Binary-coded decimal arithmetic on 4-bit Word ....
s in the x86 architecture
X86 architecture

The generic term x86 refers to the most commercially successful instruction set architecture in the history of personal computing. It derived from the model numbers, ending in "86", of the first few processor generations Backward compatibility with the original Intel 8086....
, in which all normal execution (including the operating system) is suspended, and special separate software (usually firmware
Firmware

Firmware is a term sometimes used to denote the fixed, usually rather small, programs that internally control various electronic devices. Typical examples range from end user products such as remote controls or calculators, via computer parts and devices like harddisks, keyboard s, TFT screens or memory cards, all the way to scientific instr...
 or a hardware-assisted debugger
Debugger

A debugger is a computer program that is used to test and debug other programs. The code to be examined might alternatively be running on an Instruction Set Simulator, a technique that allows great power in its ability to halt when specific conditions are encountered but which will typically be much slower than executing the code directly on...
) is executed in high-privilege mode.

Usage

Some uses of SMM are:
  • primarily to handle system events like memory or chipset errors
  • system safety functions, such as shutdown on high CPU temperature.
  • power management operations, such as turning on fans.
  • to emulate motherboard hardware that is unimplemented or buggy.
  • to emulate a PS/2 mouse or keyboard from a USB one.
  • system configuration, such as on Toshiba and IBM notebook computers
  • To run high-privileged rootkits as shown at Black Hat
    Black Hat Briefings

    Black Hat is a corporation founded in 1997 by Jeff Moss , most famous for organizing a network of conferences known for providing new and exclusive insights about upcoming information security trends....
     2008.
  • To emulate or forward calls to a Trusted Platform Module
    Trusted Platform Module

    File:TPM english.svgIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptography key that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security Device" ....
     (TPM).


Entering SMM

SMM is entered via the SMI (system management interrupt), which is caused by:
  • motherboard hardware or chipset signaling via a designated pin of the processor chip. This signal can be an independent event
  • SW SMI triggered by the system software via an I/O access to a location considered special by the motherboard logic (port 0B2h is common)
  • an IO write to a location which the firmware has requested that the processor chip act on


Problems

  • By design, the OS cannot override or disable SMIs.
  • Since the SMM code (SMI handler) is installed by the system firmware (BIOS
    BIOS

    In computing, the Basic Input/Output System , also known as the System BIOS, is a de facto standard defining a firmware interface for IBM PC Compatible computers....
    ), the OS and the SMM code may have expectations about hardware settings that are incompatible, such as different ideas of how the APIC
    APIC

    APIC may refer to:*Advanced Programmable Interrupt Controller, a type of Programmable Interrupt Controller.**Intel APIC Architecture, a series of Intel APIC products...
     should be set up.
  • Operations in SMM take CPU time away from the OS, since the CPU state must be stored to memory (SMRAM) and any write back caches must be flushed. This can destroy real-time behavior and cause clock ticks to get lost. Windows/Linux define an SMI Timeout within which SMM Handlers should complete their job and return control back to OS normal operations. Otherwise the OS will crash.
  • A digital logic analyser may be required to determine if SMM is occurring.
  • Recovering the SMI handler code to analyze it for bugs, vulnerabilities, and secrets requires a logic analyzer or dissassembly of the system firmware.
  • SMI handling may cause unacceptable latencies in real-time systems.


See also

  • MediaGX
    MediaGX

    Introduced in 1997, the MediaGX CPU was an x86 processor manufactured and designed by Cyrix and later after merger manufactured by National Semiconductor....
     processor which implements nonexistent hardware via SMM
  • Intel 80486SL
    Intel 80486SL

    The Intel's i486SL is the power-saving variant of the Intel 80486DX microprocessor. The SL was designed for use in mobile computers. It was produced between November 1992 and June 1993....
  • Extensible Firmware Interface
    Extensible Firmware Interface

    The Extensible Firmware Interface is a specification that defines a software interface between an operating system and platform firmware. EFI is intended as a significantly improved replacement of the old legacy BIOS firmware interface historically used by all IBM PC compatible personal computers....
  • Coreboot implements an open source SMM/SMI handler for some chipsets


External links

  • Badness of SMM, and
  • , Chapter 6