System Management Mode: Difference between revisions

'''System Management Mode''' ('''SMM''', sometimes called '''ring&nbsp;−2''' in reference to [[protection ring]]s)<ref>{{cite web | url=https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf | title=The Memory Sinkhole | date=20 July 2015 | accessdate=22 August 2015 | author=Domas, Christopher |publisher = [[Black Hat Briefings|Black Hat]]}}</ref><ref>{{cite web | url=https://www.blackhat.com/presentations/bh-usa-09/TERESHKIN/BHUSA09-Tereshkin-Ring3Rootkit-SLIDES.pdf | publisher=[[Invisible Things Lab]], [[Black Hat Briefings|Black Hat USA]] | date=29 July 2009 | accessdate=22 August 2015 | authorsauthor1=Tereshkin, Alexander and |author2=Wojtczuk, Rafal |title=Introducing Ring -3 Rootkits |page=4 }}</ref> is an operating mode of [[x86]] [[central processor unit]]s (CPUs) in which all normal execution, including the [[operating system]], is suspended. An alternate software system which usually resides in the computer's [[firmware]], or a hardware-assisted [[debugger]], is then executed with high privileges.

It was first released with the [[Intel 386SL]].<ref>{{cite web|url=http://blogs.msdn.com/carmencr/archive/2005/08/31/458609.aspx|title=SMIs Are EEEEVIL (Part 1)|publisher=Microsoft|work=msdn.com|date=17 July 2020 }}</ref><ref>Ellis, Simson C., "The 386 SL Microprocessor in Notebook PCs", Intel Corporation, Microcomputer Solutions, March/April 1991, page 20</ref> While initially special SL versions were required for SMM, Intel incorporated SMM in its mainline 486 and Pentium processors in 1993. [[AMD]] implemented Intel's SMM with the [[Am386]] processors in 1991.<ref>{{cite web | url=http://pdf.datasheetcatalog.com/datasheet/AdvancedMicroDevices/mXwtys.pdf | title=AMD Am386SX/SXL/SXLV Datasheet|publisher=AMD}}</ref> It is available in all later [[microprocessor]]s in the x86 [[Computer architecture|architecture]].<ref>Intel Corporation, "NewsBits: Intel Support EPA's Energy Star Computer Program", Microcomputer Solutions, January/February 1993, page 1</ref>

SomeIn [[ARM architecture|ARM]] processorsthe alsoException includeLevel the3 Management(EL3) Mode,mode foris thealso systemreferred firmwareas (suchSecure asMonitor [[UEFI]])Mode or System Management Mode.<ref>{{Cite web | url=https://documentation-service.arm.com/static/5ed11e40ca06a95ce53f905c?token= | title=ARM® Management Mode Interface Specification | website=documentation-service.arm.com | year=2016}}</ref>

SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM designed code. It is intended for use only by system firmware ([[BIOS]] or [[UEFI]]), not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.{{citation needed|date=December 2021}}

| publisher = ACM |}}</ref><ref>{{cite format = PDFnews

}}</ref> including [[NSA ANT catalog|NSA's "implants"]],<ref>{{cite web |author=#1 Source for Leaks Around the World! |url=http://leaksource.wordpress.com/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/ |title=NSA's ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware &#124; LeakSource |publisher=Leaksource.wordpress.com |date=2013-12-30 |accessdate=2014-01-13 |archive-date=2014-01-02 |archive-url=https://web.archive.org/web/20140102120401/http://leaksource.wordpress.com/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/ |url-status=dead }}</ref> which have individual [[code name]]s for specific hardware, like SOUFFLETROUGH for [[Juniper Networks]] firewalls,<ref>{{cite web |url=https://www.schneier.com/blog/archives/2014/01/souffletrough_n.html |title=Schneier on Security: SOUFFLETROUGH: NSA Exploit of the Day |publisher=Schneier.com |date=2013-12-30 |accessdate=2014-01-13}}</ref> [[:File:Nsa-ant-schoolmontana.jpg|SCHOOLMONTANA]] for [[Juniper J-Series|J-series routers]] of the same company,<ref>{{cite web |url=https://www.schneier.com/blog/archives/2014/01/schoolmontana_n.html |title=Schneier on Security: SCHOOLMONTANA: NSA Exploit of the Day |publisher=Schneier.com |date=2008-05-30 |accessdate=2014-01-16}}</ref> [[:File:NSA DEITYBOUNCE.jpg|DEITYBOUNCE]] for DELL,<ref>{{cite web |url=https://www.schneier.com/blog/archives/2014/08/reverse-enginee.html |title=Schneier on Security |work=schneier.com|date=15 August 2014 }}</ref> or [[:File:NSA IRONCHEF.jpg|IRONCHEF]] for HP [[Proliant]] servers.<ref>{{cite web |url=https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of_1.html |title=Schneier on Security: IRONCHEF: NSA Exploit of the Day |publisher=Schneier.com |date=3 January 3, 2014 |accessdate=2014-01-13}}</ref>

Improperly designed and insufficiently tested SMM BIOS code can make the wrong assumptions and not work properly when interrupting some other x86 operating modes like [[Physical Address Extension|PAE]] or 64-bit [[long mode]].<ref>{{Cite web | url=http://images0.cnitblog.com/cnitblog_com/yuhensong/mode.JPG | format=JPG | title=Transitions Among the Processor's Operating Modes | website=images0.cnitblog.com}}</ref> According to the documentation of the [[Linux kernel]], around 2004, such buggy implementations of the USB legacy support feature were a common cause of crashes, for example, on motherboards based on the Intel [[E7505]] chipset.<ref name="kernel.org" />

* [https://web.archive.org/web/20081207054135/http://www.amd.com/us-en/assets/content_type/DownloadableAssets/dwamd_26049.pdf AMD Hammer BIOS and Kernel Developer's guide], Chapter 6 (archived from the original on December 7, December 2008)