A computer system typically comprises a processor, chipset, memory, and I/O devices. The processor may operate in a normal mode and a protected mode such as the system management mode (SMM). SMM allows system developers to provide functions such as power management or security, in a manner that is transparent to the operating system (OS) and other application programs. A hardware interrupt referred to the System Management Interrupt (SMI) may initiate the processor to enter SMM.
After receiving the SMI, the processor may store the current execution state referred to as the ‘context’ to a System Management Random Access Memory (SMRAM) before executing a software routine, such as a SMI handler. The SMRAM may comprise pre-specified memory areas referred to as SMM spaces. While the processor is operating in SMM, an intruder may write a malicious piece of code at an address, which may correspond to the SMI handler. As a result of such cache attacks, the malicious piece of code may take control of the processor.