1. Field
The present disclosure pertains to the field of information processing; more specifically, to secure information processing systems.
2. Description of Related Art
Information processing systems, such as those including a processor in the Intel® Pentium® Processor Family from Intel Corporation, may support operation in a secure system environment. A secure system environment may include a trusted partition and an un-trusted partition. The bare platform hardware of the system and trusted software may be included in the trusted partition. Direct access from the un-trusted partition to the resources of the trusted partition may be prevented to protect any secrets that the system may contain from being discovered or altered.
The bare platform hardware of the system may be included in the trusted partition through the execution of a secure system entry protocol. For example, an initiating processor may execute a secure enter (“SENTER”) instruction, to which all agents in the system must respond appropriately in order for the protocol to succeed. The responding agents may be required to not issue any instructions or process any transactions during the secure entry process, so that the initiating processor may validate a firmware module as authentic and trusted, execute the firmware module to configure the system to support trusted operations, and initiate the execution of a measured virtual machine monitor (“MVMM”). The MVMM may create one or more virtual machine environments in which to run un-trusted software, such that un-trusted software does not have direct access to system resources.
Typically, the secure system entry protocol is invoked by a basic input/output system (“BIOS”) or boot loader installed in the system by the system manufacturer. Therefore, the system manufacturer typically controls the secure system entry protocol. In contrast, the MVMM is usually written by an operating system (“OS”), virtual machine monitor (“VMM”), or hypervisor vendor, and the system manufacturer typically does not control the MVMM.
Furthermore, the system may provide a sub-OS mode, such as system management mode (“SMM”), which is an operating environment that is parallel to the normal execution environment and may be used to perform special tasks such as system management, device management, power management, thermal management, reliability functions, availability functions, serviceability functions, etc. SMM is typically entered by asserting a system management interrupt (“SMI”) pin and exited by executing a resume instruction. Since SMM is a separate operating environment, it has its own private memory space that must be protected from the normal execution environment. Although this private memory space is separate from regular system memory, it is mapped to an address region in regular system memory.
Typically, SMM is disabled as part of the execution of the SENTER instruction, so that malicious code cannot use an SMI to disrupt the secure system entry protocol. Therefore, the system manufacturer generally depends on the OS vendor to enable SMM in the MVMM.