Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Extending System Management Memory

IP.com Disclosure Number: IPCOM000014458D
Original Publication Date: 2000-Sep-20
Included in the Prior Art Database: 2003-Jun-19
Document File: 1 page(s) / 39K

Publishing Venue

IBM

Abstract

Disclosed is a method for extending the same protection as System Management Memory (SMM) has to normal memory address space in Intel* microprocessors. With the many additional uses for the System Management Interrupt (SMI) such as Universal Serial Bus (USB) legacy support and security, the address space dedicated to SMM has become fully occupied. This has forced the USB legacy code to be moved to the top of memory into a location known as the Extended System Management Memory Segment. This area is located in the normal memory address space and contains code called from SMM during System Management (SM) operation. While this solves the problems of lack of space in SMM and slow run time speed of the SMM (since it was originally not cached) it has created a security hole. Rogue programs could insert their own program code into this extended system management memory location as it is accessible during normal system operation. Once a SMM event occurs, the unauthorized code will be called during an SMI. This will allow these types of rogue programs to have access to the SMM which is normally read and write protected. In order to extend the constrained SMM beyond the already architected and protected area in the memory address space at A0000h to BFFFFh, it is necessary to use system Random Access Memory (RAM) in the normal address space of the microprocessor. This system RAM is carved out of the available memory for the operating system and is accessible during normal operations of the microprocessor, which is not true of memory in the system management address space. This availability during normal addressing modes, allows a rogue application to access the program code in the system management extension area and modify it. This will allow the unauthorized modifications to the extended system management mode address space to gain control during SMM operation. This code could potentially scan the SMM in SMM address space to discover any stored passwords or security algorithms. Thus, compromising the integrity of those algorithms or passwords. When Power On Self Tests (POST) loads the SMM memory address space initially, it will also copy from the flash image the SMM extensions into the normal memory address space. The appropriate and well known actions are taken by POST to inform the operating system that this area is not available for their use. In order to implement the invention, it is necessary to modify the memory controller to recognize the extension area. This can be accomplish by providing a start address and count register pair or a start/end register pair that describes the appropriate addresses in normal system memory address space used by the SMM extensions. The memory controller will monitor all accesses to the extension memory. If a read access is detected, the memory controller will allow the operation to complete. This precludes the storing of sensitive security algorithms or passwords in the extension area. If it is a write access, the memory controller will set a status field in a register to indicate the event and then cause a SMM event to the microprocessor. The SMI programmer handler will need to field the interrupt, determine the cause and take appropriate action to prevent the write operation or it can prompt for a new password, for example the Privileged Access Password (PAP), and allow the operation to occur if entered correctly. POST will also initialize the register pair implemented in the memory controller to identify the portion of the normal address space used by the SMM extensions. If caching of the SMM extension area is to be allowed, the cache controller needs to also protect the memory from write access. Trademark of the Intel Corporation

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 1

Extending System Management Memory

    Disclosed is a method for extending the same protection as System Management Memory (SMM) has to normal memory address space in Intel* microprocessors. With the many additional uses for the System Management Interrupt (SMI) such as Universal Serial Bus (USB) legacy support and security, the address space dedicated to SMM has become fully occupied. This has forced the USB legacy code to be moved to the top of memory into a location known as the Extended System Management Memory Segment. This area is located in the normal memory address space and contains code called from SMM during System Management (SM) operation. While this solves the problems of lack of space in SMM and slow run time speed of the SMM (since it was originally not cached) it has created a security hole. Rogue programs could insert their own program code into this extended system management memory location as it is accessible during normal system operation. Once a SMM event occurs, the unauthorized code will be called during an SMI. This will allow these types of rogue programs to have access to the SMM which is normally read and write protected.

In order to extend the constrained SMM beyond the already architected and protected area in the memory address space at A0000h to BFFFFh, it is necessary to use system Random Access Memory (RAM) in the normal address space of the microprocessor. This system RAM is carved out of the available memory for the operating system and is accessible during normal operations of the microprocessor, which is not true of memory in the system management address space. This availability during normal addressing modes, allows a rogue application to access the program code in the system management extension area and modify it. This will allow the unauthorized modifications to the extended system management mode address space to gain control during SMM operation. This code...