SMM is a mode of operation where all normal execution (including the OS) is suspended, and special separate software (usually firmware or a hardware-assisted debugger) is executed in a high-privilege mode. SMM provides an isolated memory and execution environment, and SMM code is invisible to the OS while retaining full access to host physical memory and complete control over peripheral hardware. When SMM is initiated, the current state of the processor is saved and all other processes are stopped. High privileged operations may be performed in SMM mode, such as debugging, hardware management, security functions, emulation, etc., followed by the computing device resuming operation based on the save state of the processor. Upon occurrence of an SMI, the computing device may enter the SMM.
Vulnerabilities in SMM code implementations have led to the introduction of some current security schemes in computing devices, where software critical to device operation is protected through segregation. For example, in a virtual machine (VM) environment, such as, for example, Virtualization Technology (VT) functionality incorporated on some processing devices, one or more machine managers may control VMs operating in different operational environments. For example, VT defines a primary monitor mode where virtual machine managers (VMM) (also known as hypervisors) are able to de-privilege guest operating systems (OS). Similarly, VT also provides a system management mode transfer monitor (STM) that can de-privilege a System Management Interrupt (SMI) handler, such that the SMI handler runs as a guest of the STM in system management mode (SMM).
However, current implementations of the STM lack support for reliability, availability, and serviceability (RAS). RAS is a set of related attributes used to describe a multitude of features that protect data integrity and enable a computer system to stay available for long periods of time without failure. RAS attributes may be considered when designing, manufacturing, purchasing, or using a computer product or component. Current STM implementations do not meet RAS requirements when supporting hot plug, read-only memory (ROM) SMI handler feature, and other RAS actions.
For example, in the case of hot plug support, current STM implementations do not provide for CPU or memory hot plug support. In the case of ROM SMI handler feature support, current STM implementations only support STM on dynamic random access memory (DRAM).