On 10/02/13 00:45, Rich Futyma wrote:
Would happen to know which linux driver handles this interrupt?
SMM code is loaded into SMRAM during BIOS POST. Then the access to SMRAM is locked so that SMRAM is only visible when an SMI is active. The CPU cannot access SMRAM when no SMI is active. The CPU immediately starts to execute code from SMRAM once it receives the SMI. There is no Linux code involved, this is all initialised before any OS code is loaded.
Also, do you know where is this "correct handshake" described? It seems that once bit 1 is set it can only be cleared by the reset.
No. This handshake is not public knowledge AFAIK. It would not be much of a protection mechanism if everyone, including the virus writers, knew how to bypass it. I would expect the handshake to involve cryptography as well.
Andrew