Hi,
Loïc Duflot, security engineer and researcher for the scientific division of the french Central Directorate for Information Systems Security ("french version of the NSA"), gives some insight on fun that can be had with the system management mode (SMM) of x86 CPUs.
See http://www.securityfocus.com/print/columnists/402 for more information.
While, as Loïc writes later in his article, the whole issue of exploiting SMM is pretty pointless in Linux as the super user can conquer ring 0 without further effort, the idea of fixing what we can fix on the bios level seems worthwhile.
If something seems as simple as setting the D_LCK bit of SMM, we should definitely do it.. It will at least be a marketable feature against other upcoming firmware implementations.
Comments?
Stefan