Thanks for the clarification! The way SMI is handled in LinuxBIOS suits my purpose very well. I am working on a project called Pioneer, whose goal is to prevent any malware present on a computer from tampering with code execution (details can be found at http://www.cs.cmu.edu/~arvinds/verifiable_code_exec.html). I would like to implement the Pioneer code as an SMI handler to prevent an attacker from using the SMI as an attack vector. My current plan is to generate an SMI to all CPUs on the system via an IPI. Since all SMI sources on the Southbridge as well as CPU local SMI sources seem to be disabled on a system with LinuxBIOS, I do not have to worry about catching SMIs from any sources other than mine.
Thanks to you guys for an open source BIOS that makes my life a lot easier! I was wondering how on the earth I was going to reverse engineer a proprietary SMM handler to get my code to play nicely...
Best wishes, Arvind
On Tue, 9 Jan 2007, Stefan Reinauer wrote:
- Arvind Seshadri arvinds+@cs.cmu.edu [061230 05:13]:
BTW, I was looking over the datasheet for the AMD8111 southbridge and found that several sources can generate an SMI. There are enable bits for the individual SMI sources as well as a global SMI enable/disable bit. Given that LinuxBIOS does not currently handle SMI, where is SMI disabled in the code? I did some grepping around in the code and could not find anything for the AMD K8. Is it the case that SMI is disabled after reset and has to explicitly enabled by the BIOS?
Global SMI Control Register (PM2C) is initialized with 00, thus disabling all SMI activity in the system. If you want to change this, you need to create an SMM handler, and set those bits you need, for example in the Global SMI Enable Register (PM2A)
Unless you do, no SMIs will happen, and that situation is locked to avoid malware messing with SMI.
One question: why are you going to need SMI? USB legacy emulation?
Stefan
-- coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br. Tel.: +49 761 7668825 • Fax: +49 761 7664613 Email: info@coresystems.de • http://www.coresystems.de/