Attacks Against System Management Mode (SMM)
System Management Mode (SMM) is an operating mode available in Intel x86 and x86_64 architectures. SMM is the most privileged CPU operation mode on Intel architectures and facilitates power-management features and other operating-system-independent functions. It resides in a protected region of memory called System Management RAM (SMRAM)—access to which is typically limited to the BIOS. An SMI (system management interrupt) is used to enter SMM mode.
Over the last few years, research reports discussing attacks that target SMM have started to surface. In 2006, Loïc Duflot reported various security issues in SMM and presented an attack that bypassed the Securelevel mechanism in the OpenBSD kernel. In 2008, a research report discussing SMM rootkits was published. During the same year, another report about Xen hypervisor subversions and access to SMRAM was also released.
On March 19, 2009, Joanna Rutkowska and Rafal Wojtczuk released a research report about a new security issue affecting the SMM in Intel-based systems. This issue was also independently discovered by Loïc Duflot and presented at the CanSecWest 2009 security conference. The issue can be exploited to gain unauthorized read and write access to SMRAM. This particular attack can be carried out by poisoning the cache using a technique that involves modification of the MSR or specifically MTRR registers. The registers can be used to mark the region of system memory where the SMRAM is located as cacheable with type Write-Back (WB). Note that access to MSR registers requires administrative privileges, including the ability to load and execute arbitrary code, so this attack will likely occur after successful exploitation by some other means. Therefore, attackers who have gained administrative access to a vulnerable computer through some means can use this attack to hide rootkits in SMRAM, bypass kernel-level security checks, and attack hardware hypervisors (VT) on systems running virtual machines to host multiple guest operating systems. This is possible because SMM code runs with higher privileges than “Ring 0” (kernel) and “Ring -1” (hypervisor mode).
The researchers responsible for discovering this issue have provided details and proof of concepts that demonstrate that this security issue can be used to gain read and write access to SMRAM. In addition to attacks against hypervisors, this technique allows attackers to create stealthier rootkits that can exist outside of the operating system.