System Management Mode

Hello there..

Today while reading through the Intel Architecture Software Developer’s Manual Volume 1: Basic Architecture  under section 3.1 I found something really interesting . The section was around modes of processor operation Viz The Protected  Mode, Real mode and System Management mode.

I did hear about first two modes earlier, however the third one was completely new to me. I decided to google a bit on it.

From what I read, the System Management Mode is transparent to the operating system and the BIOS uses it quite frequently to keep the system in shape. This would mean that the processor is made to do a lot of hard work beside the work assigned by the operating system. Your thoghts ?

Lets read a nice post by  Federico Biancuzzi 

"As a matter of fact, SMM is routinely used. Operating systems run in protected mode. But operating systems are not meant to be able to
handle very specific hardware events (Real Time Clock-related issues, Thermal sensor signals or other external events, the list is really endless...). In case such an event occurs, the chipset of the system generates a physical interrupt on the motherboard called an SMI (System Management Interrupt). Upon reception of the SMI, the processor will store its entire context and switch to SMM to run the code - which I'll call the SMI handler from now on. By context, I mean most processor registers including control registers, task registers, instruction and stack pointers. It runs the code that has been written by the BIOS or motherboard manufacturer to handle the SMI, that is to handle the hardware-specific event that caused the SMI to be generated in the first place. When the handler runs the assembly language instruction "RSM," the processor will restore its entire context and switch back to protected mode.

So, as far as the operating system is concerned, nothing happened. The operating system did not notice the CPU switching to SMM and back to protected mode. Code execution in SMM is transparent from the operating system point of view.

During normal operation of a PC, SMIs are routinely generated, but neither the operating system nor the end user are aware that they exist and that the CPU is handling them."

This feature also has been exploited by lots of root kits..