System Management Mode attack
Posted: Fri 09 Sep 2011, 12:49
http://www.securityfocus.com/columnists/402
SMM stands for System Management Mode. System Management mode is one of the four modes of operation of most x86 processors (Intel Xeon, Intel Pentium, or AMD Athlon for instance). Modern operating systems (such as Linux, BSD, or Windows) run in so-called protected mode. In protected mode, 4 different processor privilege levels (also called rings) are available, ring 0 being the most privileged one and ring 3 the least privileged one. Kernels of operating systems run in ring 0 whereas userspace code runs in ring 3. The set of operations available to ring 3 code is restricted by hardware-enforced security mechanisms such as segmentation, paging, and I/O privilege restrictions. A few security-critical assembly language instructions are also restricted to ring 0 operation. Most software security techniques (PaX on Linux, W^X on OpenBSD, and so on) heavily rely upon protected mode enforced mechanisms. On the contrary, System Management Mode is a 16-bit mode of operation dedicated to system maintenance. Code running in System Management Mode is running with full privileges on the system (free access to physical memory and to peripheral devices). Protected mode security mechanisms (paging, segmentation, rings, ...) are not enforced while in System Management Mode.