Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang Department of
Computer Science, North Carolina State University Xiaolan Zhang IBM
T.J. Watson Research Center Nathan C. Skalsky IBM Systems &
Technology Group 2011/3/81ADL Meeting Slide 2 Outline About SMM
Introduction and Background Assumptions, Threat Model, and Security
Requirements The HyperSentry Framework Verifying the Integrity of
the Xen Hypervisor a Case Study Implementation and Experimental
Evaluation Conclusion 2011/3/82ADL Meeting Slide 3 About SMM -
Reference Phrack Magazine: Issue #65: System Management Mode Hack:
Using SMM for Other PurposesSystem Management Mode Hack: Using SMM
for Other Purposes Issue #66: A Real SMM Rootkit: Reversing and
Hooking BIOS SMI HandlersA Real SMM Rootkit: Reversing and Hooking
BIOS SMI Handlers Duflot, Using CPU System Management Mode to
Circumvent Operating System Security FunctionsUsing CPU System
Management Mode to Circumvent Operating System Security Functions
Intel Architecture Software Developers Manuals, Volume 3: System
Programming 2011/3/83ADL Meeting Slide 4 About SMM SMM: System
Management Mode [wiki][wiki] Intel manuals: The Intel System
Management Mode (SMM) is typically used to execute specific
routines for power management. SMM operates independently of other
system software, and can be used for other purposes too.
2011/3/84ADL Meeting Slide 5 About SMM Real Address Mode Protected
Mode Virtual 8086 Mode SMM Mode PE = 1 PE=0 or reset VM = 0 VM = 1
reset -> SMI (interrupt)