Browse Prior Art Database

Extending System Management Memory

IP.com Disclosure Number: IPCOM000014458D
Original Publication Date: 2000-Sep-20
Included in the Prior Art Database: 2003-Jun-19
Document File: 1 page(s) / 39K

Publishing Venue

IBM

Abstract

Disclosed is a method for extending the same protection as System Management Memory (SMM) has to normal memory address space in Intel* microprocessors. With the many additional uses for the System Management Interrupt (SMI) such as Universal Serial Bus (USB) legacy support and security, the address space dedicated to SMM has become fully occupied. This has forced the USB legacy code to be moved to the top of memory into a location known as the Extended System Management Memory Segment. This area is located in the normal memory address space and contains code called from SMM during System Management (SM) operation. While this solves the problems of lack of space in SMM and slow run time speed of the SMM (since it was originally not cached) it has created a security hole. Rogue programs could insert their own program code into this extended system management memory location as it is accessible during normal system operation. Once a SMM event occurs, the unauthorized code will be called during an SMI. This will allow these types of rogue programs to have access to the SMM which is normally read and write protected.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 1

Extending System Management Memory

    Disclosed is a method for extending the same protection as System Management Memory (SMM) has to normal memory address space in Intel* microprocessors. With the many additional uses for the System Management Interrupt (SMI) such as Universal Serial Bus (USB) legacy support and security, the address space dedicated to SMM has become fully occupied. This has forced the USB legacy code to be moved to the top of memory into a location known as the Extended System Management Memory Segment. This area is located in the normal memory address space and contains code called from SMM during System Management (SM) operation. While this solves the problems of lack of space in SMM and slow run time speed of the SMM (since it was originally not cached) it has created a security hole. Rogue programs could insert their own program code into this extended system management memory location as it is accessible during normal system operation. Once a SMM event occurs, the unauthorized code will be called during an SMI. This will allow these types of rogue programs to have access to the SMM which is normally read and write protected.

In order to extend the constrained SMM beyond the already architected and protected area in the memory address space at A0000h to BFFFFh, it is necessary to use system Random Access Memory (RAM) in the normal address space of the microprocessor. This system RAM is carved out of the available memory for the operating system and is accessible during normal operations of the microprocessor, which is not true of memory in the system management address space. This availability during normal addressing modes, allows a rogue application to access the program code in the system management extension area and modify it. This will allow the unauthorized modifications to the extended system management mode address space to gain control during SMM operation. This code...