[LinuxBIOS] SMM is evil?

Stefan Reinauer stepan at coresystems.de
Thu May 11 19:53:53 CEST 2006


Loïc Duflot, security engineer and researcher for the scientific
division of the french Central Directorate for Information Systems
Security ("french version of the NSA"), gives some insight on fun that
can be had with the system management mode (SMM) of x86 CPUs.

See http://www.securityfocus.com/print/columnists/402 for more

While, as Loïc writes later in his article, the whole issue of
exploiting SMM is pretty pointless in Linux as the super user can
conquer ring 0 without further effort, the idea of fixing what we
can fix on the bios level seems worthwhile.

If something seems as simple as setting the D_LCK bit of SMM, we should
definitely do it.. It will at least be a marketable feature against
other upcoming firmware implementations.



coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
      Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: info at coresystems.dehttp://www.coresystems.de/

More information about the coreboot mailing list