*** Welcome to piglix ***

System Management Mode


System Management Mode (SMM, sometimes called ring -2) is an operating mode of x86 central processor units (CPUs) in which all normal execution, including the operating system, is suspended. A special separate software, which is usually part of the firmware or a hardware-assisted debugger, is then executed with high privileges.

It was first released with the Intel 386SL. While initially special SL versions were required for SMM, Intel incorporated SMM in its mainline 486 and Pentium processors in 1993. AMD implemented Intel's SMM with the Enhanced Am486 processors in 1994. It is available in all later microprocessors in the x86 architecture.

SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM designed code. It is intended for use only by system firmware, not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.

In order to achieve transparency, SMM imposes certain rules. The SMM can only be entered through SMI (System Management Interrupt). The processor executes the SMM code in a separate address space that has to be made inaccessible to other operating modes of the CPU by the firmware.

Initially, System Management Mode was used for implementing Advanced Power Management (APM) features. However, over time, some BIOS manufacturers have relied on SMM for other functionality like making a USB keyboard work in real mode.

Some uses of the System Management Mode are:

System Management Mode can also be abused to run high-privileged rootkits, as demonstrated at Black Hat 2008 and 2015.


...
Wikipedia

...