Fact-checked by Grok 2 weeks ago

System Management Mode

System Management Mode (SMM) is a special-purpose operating mode of x86 processors that provides an isolated, OS-transparent environment for executing critical system management tasks, such as power management and hardware error handling, activated exclusively by System Management Interrupts (SMIs). Introduced by Intel with the 386SL processor in the early 1990s, SMM enables firmware to perform operations without interference from the operating system or applications, ensuring high priority and security for functions like thermal monitoring and legacy hardware support. Upon entry into SMM, the saves its complete to a dedicated of System Management RAM (SMRAM), a protected area typically 64 KB in size starting at a base address defined by the SMBASE register, and then executes SMI handler code stored within SMRAM. This mode operates initially in real-address mode but can transition to protected or -bit modes, with all interrupts blocked except for subsequent SMIs until exit via the RSM (Resume) instruction, which restores the prior and resumes normal execution. SMRAM is hardware-isolated from the rest of the system , inaccessible to the OS or other software outside of SMM, thereby preventing unauthorized access and enhancing security for sensitive operations. SMM's architecture supports advanced features in modern processors, including integration with Virtualization Technology (VT-x) through dual-monitor treatment, where SMM can interact with monitors for secure execution in virtualized environments. Common uses extend beyond to include chipset errata workarounds, secure variable storage, and responses to machine-check events that may trigger system shutdowns. While SMM provides robust isolation, vulnerabilities in its implementation have been identified, prompting ongoing mitigations in security advisories.

History and Development

Introduction and Early Implementations

System Management Mode (SMM) is a highly privileged operating mode within the x86 architecture, designed to handle system-wide tasks such as and hardware control without interference from the operating system (OS) or applications. Introduced by in 1991 with the Intel 386SL , SMM was developed specifically to address the growing demands of , where battery life was a critical constraint. This mode allows to execute in an isolated environment, ensuring that system-level operations remain transparent to the running OS and maintain full compatibility with existing software. The key design goals of SMM emphasized from normal OS execution to prevent conflicts, unrestricted to the full for efficient control, and seamless transparency to the OS, enabling power-saving functions without requiring OS modifications. By switching the into SMM upon a (SMI), the CPU saves its current state and redirects execution to dedicated , allowing tasks like monitoring events and adjusting power states to occur independently of user-level processes. This architecture was pivotal for early portable , where SMM could respond to inactivity or low-battery conditions without disrupting ongoing computations. In its initial hardware implementation on the 386SL, SMM utilized a dedicated System Management (SMRAM) region, typically located in low physical starting at addresses such as 0x30000 and sized up to 64 KB, which was inaccessible to conventional software modes. This protected space housed the SMM handler code and data, implemented using low-power to support low-power operation. Early real-world deployments in 386SL-based laptops leveraged SMM for life extension through features like dynamic clock throttling via the STPCLK# signal and entry into low-power states, such as suspend and standby modes, which could reduce power consumption during inactivity. These capabilities marked SMM's debut as a foundational technology for energy-efficient portable .

Evolution Across Processor Generations

System Management Mode (SMM) was first introduced in the Intel386 SL processor family in 1991 as an architectural extension to support and functions, utilizing a dedicated 64 KB region of System Management RAM (SMRAM) located between addresses 30000H and 3FFFFH. This isolated space, accessible only during SMM execution via the System Management (SMI), allowed for transparent operation without interfering with the main CPU environment or existing software. The design emphasized compatibility, with SMM operating in and saving processor state in a dedicated area to enable resumption of normal execution after handling tasks like idle state transitions. With the release of the in 1993 and supporting s, SMM capabilities were expanded for growing complexity, introducing closed and open s for SMRAM access to enhance and flexibility. In closed , SMRAM remained fully isolated and inaccessible outside SMM to protect management code and data; open allowed selective access for debugging or legacy integration, configurable via controls. This evolution enabled more robust in mobile and desktop s, building on the foundational isolation of SMM without altering its core interrupt-driven entry mechanism. followed suit by incorporating SMM support in its K6 starting in 1997, aligning with Intel's to ensure , though 's implementation placed less emphasis on it compared to Intel's ongoing refinements; the K6 provided a 64 KB SMM memory area requiring at least 64 KB of contiguous , with the top 32 KB populated, with state-save operations mirroring Intel's, using a 512-byte state-save area. Beginning with the Intel Core processor family in 2006, SMM was increasingly integrated into broader architectures for advanced system tasks, including thermal management through features like the Thermal Monitor and firmware validation to ensure integrity during runtime operations. These enhancements repurposed SMM's isolation for handling dynamic power states and validating boot processes, with the mode now supporting interactions with technologies such as Intel VT-x for virtualization. A key milestone came in 2008 with the Nehalem microarchitecture, which introduced Extended Page Tables (EPT) to facilitate SMM virtualization by enabling efficient second-level address translation and handling EPT violations during SMM VM exits, reducing overhead in virtualized environments. Over subsequent generations, SMRAM scalability grew significantly, reaching up to 128 MB in modern implementations with options for relocation to high addresses above 4 GB in 64-bit mode via the SMBASE register and MSEG headers, allowing flexible placement in large memory systems. Intel's specifications for SMM have evolved continuously, as documented from the 1991 Intel386 SL datasheet through updates to the Intel 64 and Architectures Software Developer's Manual into the 2020s, where SMM plays a role in via interactions with SGX—such as triggering Asynchronous Enclave Exits (AEX) on SMI to preserve enclave state in SMRAM. In the 2020s, SMM continued to evolve for , including interactions with TDX for secure enclave management, alongside mitigations for vulnerabilities as detailed in Intel security advisories as of 2025. This progression reflects a shift from basic power savings to integral support for secure, virtualized, and high-memory environments, with default SMRAM starting at 64 KB but extensible to larger ranges like 4 GB in contemporary processors for comprehensive system management.

Technical Architecture

SMM Environment and Memory Model

System Management Mode (SMM) operates at a privilege level known as , which is higher than the operating system kernel's Ring 0, granting it unrestricted access to resources while maintaining from the main system memory and execution environment. This elevated ensures that SMM code executes transparently to the OS and applications, with all interrupts, including non-maskable interrupts (NMIs) and subsequent SMIs, disabled during its runtime to prevent interference. Upon entry, the processor clears key bits—such as CR0.PE () and CR0.PG (paging)—effectively initializing the environment in a real-address mode-like state with 16-bit default operand and address sizes, though 32-bit access is possible using override prefixes for addresses beyond 1 MB. The memory model for SMM relies on System Management RAM (SMRAM), a dedicated, physically addressed region isolated from conventional memory and accessible only while in SMM. In legacy systems, the compatible SMRAM region overlaps the legacy video memory range from 0A0000h to 0BFFFFh (128 KB total), providing a default 64 KB of uncacheable space with the SMI handler starting at an offset of 8000h from the SMBASE register (defaulting to A0000h). Extended SMRAM extends this above 1 MB, often in a configurable high-memory area like TSEG, while high SMRAM in 64-bit systems allocates space above 4 GB (e.g., 0FEDA0000h to 0FEDBFFFFh) for larger implementations, managed via model-specific registers (MSRs) such as IA32_SMRR_PHYSBASE and IA32_SMRR_PHYSMASK to enforce protection. In 64-bit processors, SMM supports long mode execution after switching from real mode, with high SMRAM protected via these MSRs. SMRAM's structure supports relocation of the SMBASE for multi-processor systems, ensuring each CPU has its own handler space while maintaining overall isolation. Central to SMM's state preservation is the State Save Area (SSA), a fixed 512-byte (minimum) structure within SMRAM that captures the processor's complete state upon SMI entry, enabling accurate restoration on exit via the RSM instruction. The SSA, typically located at offsets like [SMBASE + FE00h] or [SMBASE + 8000h + 7E00h], stores key registers including general-purpose ones (EAX, EBX, ECX, EDX, ESI, EDI, EBP, ESP), instruction pointer (EIP), flags (EFLAGS), control registers (CR0, CR2, CR3, CR4), debug registers (DR0–DR7), and segment registers (CS, DS, ES, FS, GS, SS), along with FPU/SSE state. Writable fields like EAX and EIP allow the handler to modify behavior, while read-only ones like CR0 preserve the pre-entry state. For managing halted processors, the SSA includes an AutoHALT restart flag (e.g., at offset 7F02h, bit 0), set if the CPU was in HALT before the SMI, and a resume flag (bit 1) to control exit; if AutoHALT remains set, RSM returns to HALT, otherwise resuming the next instruction. Although SMM entry can occur from protected mode, it always initializes in real mode for compatibility, with the CS selector set to F000h (or based on SMBASE) and EIP to 8000h, using a flat 4 GB address space without paging. The SMI handler may then switch to by loading a (GDT) within SMRAM, enabling 32-bit operations while preserving the ability to exit back to the original mode via the saved state in the SSA. This real-mode initialization ensures broad across processor generations, even as modern systems support extended addressing in SMM.

System Management Interrupt Mechanism

The System Management Interrupt (SMI) is the dedicated signaling mechanism that invokes System Management Mode (SMM) on x86 processors, operating as a highest-priority, non-maskable interrupt with NMI-like precedence. It preempts all other processor execution contexts, including (NMIs), except for hardware resets, ensuring immediate handling of critical system events. SMI is delivered to the processor core primarily through assertion of the dedicated SMI# pin on the processor package or via internal chipset logic, such as (MSI) over the (APIC) bus in delivery mode 010b. Unlike standard interrupts, SMI does not utilize a from the (IDT); instead, it is handled through a special-purpose mechanism that vectors execution directly to a fixed (SMBASE + 0x8000) within the SMRAM memory region, which is briefly activated upon entry. Hardware triggers for SMI originate from chipset-generated events propagated via the SMI# pin, including expiration of the Trusted Computing Group (TCO) timer for system monitoring, thermal sensor thresholds indicating overheating conditions, and configured general-purpose input/output (GPIO) events such as pin state changes. These triggers enable rapid response to hardware faults or environmental changes without OS involvement. Software triggers allow controlled invocation of SMM from ring-0 , commonly achieved in legacy x86 systems by writing an 8-bit to I/O port 0xB2, which generates an SMI# signal through the ; the written is often passed as a parameter to the SMI handler for processing specific requests like power state transitions. In modern processors, the (MSR) at address 0x34 (SMI_COUNT) serves as a read-only counter to track the total number of SMIs since reset, providing visibility into invocation frequency across supported CPU families such as Nehalem and later (e.g., display family_model 06_0Ah). The latency for SMI recognition and entry into SMM is typically 100-200 cycles, reflecting the hardware-accelerated save and switch process that minimizes disruption while ensuring from normal execution. SMI sources are configured via the 's SMI_EN register (typically at offset 0x30 in the ), which includes individual bits to enable or disable specific triggers, such as those for USB legacy support (bit 15), ACPI-related events (bit 8), or TCO timer overflows (bit 13); once enabled, these bits allow the to assert SMI# in response to the corresponding or software stimuli.

Entering and Exiting SMM

Triggers for Entering SMM

System Management Mode (SMM) is entered via a System Management (SMI), which is triggered by specific events or conditions configured by the platform firmware. These triggers ensure that critical system tasks, such as and monitoring, are handled transparently to the operating system. SMIs can be asynchronous, arising from external signals, or synchronous, initiated by software actions like I/O port accesses. Legacy triggers for SMI often originate from the keyboard controller, which handles events like a power button press to initiate system shutdown or suspend sequences. For instance, the power button signal (PWRBTN#) is routed through the (PCH) to generate an SMI when enabled via the PM1_EN register (bit 8 for PWRBTN_EN). Additionally, legacy USB support for keyboards and mice in pre-OS boot phases relies on SMI to emulate PS/2 functionality, with the enabling SMIs on USB events such as port changes or ownership handoffs via the USBLEGCTLSTS register in the EHCI controller. This allows USB devices to function during setup or bootloaders without OS drivers. ACPI integration provides additional triggers by routing system events through General-Purpose Events (GPEs) and Global System Interrupts (GSIs), which can generate SMIs for OS-transparent handling. Events like lid closure on laptops are detected via GPE status changes (e.g., through the _LID control method) and routed as GSIs in the Multiple APIC Description Table (MADT), potentially escalating to an SMI if configured in . Similarly, low conditions in control method batteries trigger notifications (e.g., Notify(0x80)) via GPEs or the , leading to SMI for critical when thresholds in _BTP are exceeded. These GSIs map events to interrupt controllers like the I/O APIC, ensuring precise delivery without OS intervention. Chipset-specific triggers in platforms, such as those from the PCH, include alerts from the subsystem for tasks like firmware updates or error reporting. For example, ME events like TCO ( Group) timeouts or SMBus alerts generate SMIs when enabled via registers like TCO_EN or SMB_SMI_EN, allowing secure . These are configured in PCH registers (e.g., HFS for ME firmware status) to signal the CPU without OS awareness. In modern systems, SMIs for periodic tasks like thermal monitoring or reloads can occur every few milliseconds, potentially disrupting OS performance if handlers are inefficient. Such high-frequency triggers, including those from periodic timers (e.g., 64 intervals in some EFI implementations), may increase CPU or power consumption, with studies showing up to 10% slowdown in compilation from 100 SMIs at 1 Hz. To monitor SMI trigger rates during debugging, developers can read the SMI_COUNT (MSR at address 34H), a read-only 32-bit that increments with each SMI since . This per-core MSR provides quantitative into frequency without invasive tracing, aiding in identifying performance bottlenecks from excessive triggers.

Execution and Exit Procedures

Upon receiving a System Management Interrupt (SMI), the automatically saves its current , including registers such as CR0, EFLAGS, and EIP, to the System State Area (SSA) within System Management RAM (SMRAM) at addresses ranging from [SMBASE + 0xFE00] to [SMBASE + 0xFFFF]. Paging is disabled during this process (CR0.PE = CR0.PG = 0), and all interrupts are cleared to ensure isolated execution. The then jumps to the SMM handler entry point at a fixed vector, typically [SMBASE + 0x8000], where SMBASE is the base address of the SMRAM region configured by . The SMM handler consists of custom code provided by the or , loaded relative to the SMBASE address to ensure relocation independence. This code executes in real-address mode by default, providing a 4 GB flat with 16-bit segment sizes (overridable via prefixes), though it can transition to or if needed for complex operations. Upon completing its tasks—such as system configuration or hardware control—the handler invokes the RSM (Resume) , which is privileged and only executable within SMM (otherwise triggering an invalid exception). The RSM restores the saved state from the SSA, re-enables paging and interrupts as they were pre-entry, and resumes normal execution at the boundary where the SMI occurred. In multi-core environments, each logical processor maintains its own independent SMRAM region, with SMBASE potentially relocated per during initialization to avoid conflicts. SMIs are targeted to specific s via the local APIC, and the firmware infrastructure queues and dispatches handlers using priority-based tables, ensuring serialized execution on the affected while other s continue normal operation or if coordinated by the bootstrap processor (). This per- queuing prevents global disruptions, with semaphores or similar mechanisms used for inter- synchronization during shared SMM operations. The preservation mechanics ensure that SMM execution remains transparent to the operating system, with the restored context identical to the pre-SMI except for deliberate modifications made by the handler. conditions during execution, such as invalid restoration or resource exhaustion, are handled through status reporting protocols, potentially leading to shutdown if unrecoverable.

Applications and Usage

Power Management Functions

System Management Mode (SMM) plays a crucial role in implementing dynamic voltage and frequency scaling (DVFS) through dedicated handlers that monitor system load and adjust CPU clock speeds accordingly. These handlers, executed in response to system management interrupts (SMIs), enable real-time modifications to processor frequency and voltage to optimize while maintaining performance under varying workloads. In early implementations, such as those on Intel's SL-enhanced processors, SMM facilitated dynamic frequency shifting by interfacing with external clock generators, allowing reductions in operating frequency during low-demand periods to conserve power. SMM also coordinates sleep state transitions, managing both processor core idle states (C-states) and system-level suspend states (S-states). For C-states, SMM handlers respond to events like halt instructions (e.g., state) by saving CPU context to System Management RAM (SMRAM) and coordinating with the to halt internal clocks, thereby minimizing power draw from the processor core. In S-states, such as suspend-to-RAM (S3), SMM oversees the orchestration of peripheral power-down sequences, ensuring peripherals like devices and network interfaces enter low-power modes before the system suspends, with restoration upon wake-up via SMI-triggered resume procedures. This coordination ensures seamless transitions without OS intervention, leveraging hardware signals from the . In battery-powered systems like laptops, SMM originated as a key mechanism for management, particularly in the Intel 386SL design introduced in 1990. SMM routines monitor charge levels through dedicated interfaces, such as those integrated with the 82360 chipset, and trigger low-power modes like peripheral shutdowns or full system doze states when thresholds are approached, extending operational time on limited power sources. These functions were foundational to portable computing, providing transparent power conservation without disrupting application execution. SMM's power management operates transparently to the operating system (OS), executing in a isolated from normal execution, but it collaborates with the OS via mechanisms like the (). Upon exiting SMM, handlers can issue ACPI notifications (e.g., through fixed events or control methods) to inform the OS of state changes, such as completed suspend preparations, allowing the OS to adjust policies accordingly. This integration ensures that higher-level OS power directives, like idle thread scheduling, align with low-level hardware controls performed in SMM. Frequent SMIs for power management introduce performance overhead, typically consuming 1-5% of CPU time in idle or low-load scenarios due to repeated context switches and state saves to SMRAM. This can prevent deep C-state entry, elevating average power consumption as the CPU remains in shallower idle states (e.g., C0/C1 instead of C6). Optimization techniques, such as SMI coalescing—where multiple pending interrupts are batched into fewer, longer SMIs—mitigate this by reducing invocation frequency, though they may increase individual handler latency; for instance, coalescing eight short SMIs can extend effective delays to 10-26 ms in virtualized environments.

Security and System Integrity Features

System Management Mode (SMM) plays a critical role in firmware validation by enabling UEFI BIOS code to measure and verify boot integrity, particularly through mechanisms like Intel Trusted Execution Technology (TXT) introduced in 2006. In Intel TXT, the BIOS measures SMM code as part of the Measured Launch Environment (MLE) into the Trusted Platform Module (TPM)'s Platform Configuration Registers (PCRs) during the pre-boot phase, ensuring that no unauthorized modifications have occurred to critical firmware components before OS execution. This process establishes a chain of trust from the Core Root of Trust for Measurement (CRTM) onward, allowing attestation of the system's boot state to prevent tampering. SMM also supports secure boot enforcement by facilitating TPM interactions in pre-OS phases to mitigate threats. SMM handlers, initialized early in the process, interact with the TPM to extend measurements of boot components, verifying signatures and checks that block execution of untrusted code or . This high-privilege ensures that rootkits attempting to persist at the firmware level are detected and prevented from compromising the boot chain, as SMM's protected memory environment remains inaccessible to the OS. In platform configuration, SMM enforces security by locking hardware registers to prevent runtime modifications, such as setting the SMM BIOS Write Protect (SMM_BWP) bit in the chipset's Control Register. When SMM_BWP is enabled, writes to the SPI flash containing code are restricted to periods when all processors are in SMM, triggered by a System Management Interrupt (SMI), thereby protecting against unauthorized alterations from the OS or other runtime entities. Additionally, the Flash Lockdown (FLOCKDN) bit can be set via SMM to render controller registers read-only until a platform reset, further securing configuration against persistent changes. Modern extensions of SMM integrate with to support enclave-based in processors from the 2020s, such as those in the 11th generation Core and later families. SMM provides architectural protection for trusted services interacting with SGX enclaves by leveraging its isolation to manage enclave initialization and runtime policies, ensuring that sensitive computations remain shielded from or OS interference. This synergy enhances by allowing SMM to enforce hardware policies for enclave attestation and memory isolation without exposing enclave data. Vendor-specific implementations exemplify SMM's integrity features, such as Sure Start, which uses SMM for runtime intrusion detection and automated recovery from corrupted . In Sure Start, SMM code is monitored for anomalies every 15 minutes via hardware, with the Endpoint Security Controller () triggering self-healing from a protected "golden copy" backup in if corruption is detected, completing restoration in under a minute. Similarly, Dell's SafeBIOS employs SMM-based mechanisms in conjunction with hardware protections like Guard to detect and recover from tampering, maintaining system integrity post-boot.

Security Issues and Mitigations

Known Vulnerabilities

System Management Mode (SMM) is designed as a highly privileged root of trust for critical system operations, but its reliance on / firmware creates a substantial vulnerable to exploitation through improper input validation and chipset-specific bugs that enable overwriting of System Management RAM (SMRAM). For instance, vulnerabilities in SMM handlers can allow attackers to manipulate memory regions intended to be isolated, such as by coercing SMM code to access or modify SMRAM contents outside protected boundaries via functions in modules. These flaws often stem from insufficient checks on communication buffers between the operating system and SMM, permitting from ring 0 to ring -2. Notable (CVEs) highlight the risks, including a potential in SMM handlers as detailed in security bulletin AMD-SB-1027 (May 2022), where failures in or may allow high-privilege attackers by accessing or tampering with SMM memory. In 2025, additional issues emerged, such as multiple SMM memory corruption in firmware (CVE-2025-7026, CVE-2025-7027, CVE-2025-7029), enabling local attackers to overwrite SMRAM via flawed Software SMI handlers, and SMM callout in the AmdCpmDisplayFeatureSMM driver (AMD-SB-7027), allowing SMRAM overwrites and potential . Attack methods targeting SMM include relocation of SMRAM by altering the SMBASE or exploiting configurations to remap ranges, thereby overwriting SMM handlers with malicious . Additionally, speculative execution side-channel attacks, such as variants adapted for SMM, can bypass SMRAM protections to expose , data, or other secrets during mode transitions. Such vulnerabilities carry severe impacts, potentially leading to full system compromise since SMM operates at the highest privilege level (), granting unrestricted access to hardware and . Affected vendors encompass and processors, as well as OEMs like , where SMM callout flaws in server have enabled in isolated environments.

Defenses and Best Practices

Hardware mitigations play a crucial role in securing System Management Mode (SMM) by isolating its execution environment and validating code integrity. introduced the as a dedicated runtime environment within SMM that deprivileges individual System Management (SMI) handlers, enforcing validation of their code before execution to prevent unauthorized modifications or injections. This mechanism operates as a lightweight operating system kernel inside SMM, restricting handler access to system resources and mitigating risks from untrusted modules. Complementing this, provides SMM-specific protections such as enhanced SMRAM locking and validation in to isolate SMM from or OS interference. These features collectively harden SMM against privilege escalations by limiting the scope of SMI handlers and enforcing strict resource boundaries. Firmware updates are essential for addressing SMRAM vulnerabilities, such as memory leaks that could expose sensitive SMM data to lower privilege modes. Regular patches, distributed through services like the Vendor Firmware Service (LVFS), enable vendors to deliver targeted fixes for known SMRAM issues without requiring physical access to the system. Additionally, enabling the SMM LOCK bit in the chipset configuration prevents relocation or resizing of SMRAM regions post-initialization, locking the memory space to thwart attacks that attempt to alter SMM boundaries during runtime. These updates and configurations should be applied promptly upon release to maintain SMM integrity, with LVFS providing a standardized, secure portal for Linux-based systems to fetch and verify payloads. Best practices for SMM security emphasize proactive measures to reduce attack surfaces and ensure robust implementation. Minimizing SMI frequency is recommended to limit exposure windows, as excessive interrupts can amplify denial-of-service risks or provide more opportunities for exploitation; this involves disabling unnecessary hardware triggers in the . Auditing SMM handler code for vulnerabilities like buffer overflows is critical, with developers advised to implement input validation and bounds checking in all SMI entry points to prevent code execution flaws. Enabling chipset-specific features, such as SMI filtering, allows selective routing of interrupts to trusted handlers, further isolating SMM from potentially malicious sources. These guidelines, aligned with NIST recommendations for protection, promote a defense-in-depth approach by combining code hygiene with hardware controls. Integration with established tools and standards enhances SMM monitoring and enforcement. UEFI Secure Boot, introduced in the UEFI 2.3.1 specification (2011), supports cryptographic verification of modules, including those loaded into SMRAM via authenticated variables and runtime services to maintain chain-of-trust during OS handoff. The (DMTF) Architecture for Server Hardware (SMASH) supports remote SMM monitoring through standardized protocols like , enabling oversight of states and SMI configurations without disrupting system operation. These integrations facilitate automated compliance checks and remote attestation, bolstering SMM resilience in enterprise environments. As of , future directions in SMM focus on zero-trust architectures with partitioning, particularly in Intel's Lunar Lake processors, which incorporate advanced for SMM resources to assume no inherent trust among components. This evolution prioritizes granular access controls and hardware-rooted verification to counter emerging threats in AI-enabled platforms.

References

  1. [1]
    [PDF] Intel® 64 and IA-32 Architectures Software Developer's Manual
    This chapter describes the basics of virtual machine architecture and an overview of the virtual-machine extensions. (VMX) that support virtualization of ...
  2. [2]
    [PDF] Intel® Platform Innovation Framework for EFI System Management ...
    Sep 16, 2003 · Overview. This specification defines the core code and services that are required for an implementation of the. System Management Mode (SMM) ...
  3. [3]
    INTEL-SA-00068
    The issue identified is a method that enables malicious code to gain access to System Management Mode (SMM). ... System management mode (SMM), potentially ...
  4. [4]
    [PDF] 240852-002_386SL_Technical_Overview_1991.pdf - Bitsavers.org
    Jul 23, 2014 · Chapter 4 goes into greater depth explaining the new system management mode, especially as it relates to power management, and discusses its ...
  5. [5]
    [PDF] intel "
    ... System Management Mode extension. The System Management Mode is a new CPU oper- ating-mode which allows system vendors to rid their systems of the backwards ...
  6. [6]
    [PDF] Pentium Processor User Manual Vol. 2 (1995) - DOS Days
    Over the last two-and-a-half decades, Intel's business has evolved and today the company's focus is on delivering an extensive line of component, module and ...
  7. [7]
    [PDF] Intel E7205 Chipset Memory Controller Hub (MCH)
    The Intel E7205 is a Chipset Memory Controller Hub (MCH) that may contain design defects or errors.
  8. [8]
    None
    Below is a merged summary of the System Management Mode (SMM) support in the AMD-K6 processor, consolidating all information from the provided segments into a dense and comprehensive response. To maximize detail retention, I’ve organized key information into tables where appropriate, followed by a narrative summary that ties everything together. All unique details, including URLs and page references, are preserved.
  9. [9]
    [PDF] System Programming Guide - Intel
    Intel technologies features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn.
  10. [10]
    [PDF] Intel® 64 and IA-32 Architectures Software Developer's Manual
    Intel technologies may require enabled hardware, software or service activation. No product or component can be absolutely secure.
  11. [11]
    [PDF] Intel® 64 and IA-32 Architectures Software Developer's Manual
    Intel technologies features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at ...
  12. [12]
    [PDF] Intel® 64 and IA-32 Architectures Software Developer's Manual
    NOTE: The Intel® 64 and IA-32 Architectures Software Developer's Manual consists of ten volumes: Basic Architecture, Order Number 253665; Instruction Set ...
  13. [13]
    [PDF] 9-series-chipset-pch-datasheet.pdf - Intel
    ... Register Access Security ... SMI_EN—SMI Control and Enable Register................................ 439. 12.8.3.8. SMI_STS—SMI Status Register ...
  14. [14]
    [PDF] Intel® 64 and IA-32 Architectures Software Developer's Manual
    This manual, Volume 4, focuses on Model-Specific Registers (MSRs) and is part of a ten-volume series.
  15. [15]
    [PDF] PERFORMANCE IMPLICATIONS OF SYSTEM MANAGEMENT MODE
    ABSTRACT. System Management Mode (SMM) is a special x86 processor mode that privileged software such as kernels or hypervisors cannot access or interrupt.
  16. [16]
    [PDF] Intel® 64 and IA-32 Architectures Software Developer's Manual
    Intel technologies features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at ...
  17. [17]
    [PDF] Enhanced Host Controller Interface Specification for - Intel
    Mar 12, 2002 · USBLEGCTLSTS USB Legacy Support Control/Status ... A system configuration may include support in the BIOS (also referred herein as Pre-OS ...
  18. [18]
    [PDF] Advanced Configuration and Power Interface (ACPI) Specification
    Aug 29, 2022 · ACPI was developed through collaboration between Intel, Microsoft*, Toshiba*, HP*, and Phoenix* in the mid-1990s. Before the development of ACPI ...
  19. [19]
    [PDF] Intel® 64 and IA-32 Architectures Software Developer's Manual
    VM entry using instructions VMLAUNCH and VMRESUME; it regains control using VM exits. • VM exits transfer control to an entry point specified by the VMM. The ...
  20. [20]
    [PDF] Power Management Features of X86 Microprocessors
    System Management Mode (SMM) is an X86 operating environment which allows the processor to manage power through software which runs transparent to the ...
  21. [21]
    [PDF] System Management Mode Explained: 6/17/92 - CECS
    Jun 17, 1992 · Intel's 386SL/82360 combination has only two op- tions: a 32K space located at 38000 (hex) or a 64K space located at 30000.Missing: SMRAM | Show results with:SMRAM
  22. [22]
    [PDF] Intel® Trusted Execution Technology (Intel® TXT) Enabling Guide
    Mar 1, 2014 · The primary goal of using Intel TXT is to validate that there have been no unauthorized changes to critical parts of the code that provides the ...
  23. [23]
    [PDF] NIST SP 800-147, BIOS Protection Guidelines
    In addition, the BIOS loads and initializes important system management functions, such as power and thermal management. The system BIOS may also load CPU.
  24. [24]
    Firmware Security Realizations - Part 3 - SPI Write Protections
    Sep 19, 2022 · A value of 0 indicates the BIOS is writable even if processors are not in SMM mode. A value of 1 indicates the BIOS is not writable unless all ...<|control11|><|separator|>
  25. [25]
    https://eclypsium.com/blog/firmware-security-realizations-part-3-spi-write-protections/
  26. [26]
    [PDF] HP Sure Start
    Additionally, if HP Sure Start detects tampering with BIOS, firmware, or runtime System Management Mode (SMM) BIOS code, it can recover using a protected backup ...
  27. [27]
    Dell Splash Screen Displays a Secured with Dell SafeBIOS Message
    Dell SafeBIOS mitigates the risk of BIOS and firmware tampering with integrated firmware attack detection. It uses a secure cloud environment to compare your ...Missing: SMM | Show results with:SMM
  28. [28]
    SMM Callout Vulnerabilities in UEFI - Eclypsium | Supply Chain ...
    Jun 5, 2025 · Eclypsium Automata has identified multiple, separate SMM callout vulnerabilities in UEFI modules supplied by AMD and leading firmware vendor AMI.
  29. [29]
    https://eclypsium.com/blog/smm-callout-vulnerabilities-in-uefi/
  30. [30]
    [PDF] Software-based Fault Injection Attacks against Intel SGX - Plundervolt
    Plundervolt is an attack where a software adversary abuses an Intel voltage interface to corrupt SGX enclave computations by controlling voltage and inducing ...
  31. [31]
    AMD Client Vulnerabilities – May 2022
    May 10, 2022 · A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM ...
  32. [32]
    Intel® 64 and IA-32 Architectures Software Developer Manuals
    Oct 29, 2025 · Volume 3C covers system management mode, virtual machine extensions (VMX) instructions, and Intel® Virtualization Technology (Intel® VT). Intel® ...
  33. [33]
    System Management Mode Speculative Execution Attacks - Eclypsium
    May 17, 2018 · An OS-level exploit invokes an SMI, which will cause the CPU to transition to SMM and execute SMI handler firmware. · The SMI handler accesses ...Missing: queuing | Show results with:queuing
  34. [34]
    CVE-2024-45105 Detail - NVD
    Sep 13, 2024 · An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that ...