1. Field of the Invention
The present invention concerns computer systems in general, and a scheme for hardening a System Management Mode (SMM) framework and other similar modes of processors in particular.
2. Background Information
Since the 386SL processor was introduced by the Intel Corporation, SMM has been available on IA32 processors as an operation mode hidden to operating systems that executes code loaded by BIOS or firmware. SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code. The mode is deemed “hidden” because the operating system (OS) and software applications cannot see it, or even access it.
IA32 processors are enabled to enter SMM via activation of an SMI (System Management Interrupt) signal. A similar signal called the PMI (Processor Management Interrupt) signal that is roughly analogous to the SMI signal is used for Itanium™-class processors. For simplicity, both SMI and PMI signals are sometimes referred to as xMI signals herein.
Most BIOS implementations that leverage the SMM capability of the foregoing Intel processors simply register a monolithic section of code that is created during the build of the BIOS to support a specific function or set of functions particular to systems that use the BIOS. This code comprises 16-bit assembly in IA32 and 64-bit assembly for Itanium processors. The monolithic code segments for these legacy implementations runs from beginning to completion in response to all xMI activations.
Recently, an extensible SMM framework has been introduced that enables the registration and execution of third-party SMM code, thus allowing SMM to perform operations that extend beyond those provided by the monolithic code solution. However, this presents a new problem. When a monolithic code segment is employed, its trustworthiness is inherent since it is BIOS provider. In other words, the SMM code can be trusted because if a BIOS vendor provided errant or malicious code, that vendor would soon be out of business. In contrast, the current extensible SMM framework, by itself, cannot protect against rogue or malicious code present in the third-party SMM code.