From 41fec869fb3b25fd5bb5b454ab1bf39660ce314d Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Wed, 6 May 2020 10:55:12 +0200 Subject: cpu/x86/smm: Add helper functions to verify SMM access * Add a function to check if a region overlaps with SMM. * Add a function to check if a pointer points to SMM. * Document functions in Documentation/security/smm To be used to verify data accesses in SMM. Change-Id: Ia525d2bc685377f50ecf3bdcf337a4c885488213 Signed-off-by: Patrick Rudolph Signed-off-by: Christian Walter Reviewed-on: https://review.coreboot.org/c/coreboot/+/41084 Reviewed-by: Angel Pons Reviewed-by: Patrick Georgi Tested-by: build bot (Jenkins) --- Documentation/security/index.md | 4 ++++ Documentation/security/smm.md | 29 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 Documentation/security/smm.md (limited to 'Documentation/security') diff --git a/Documentation/security/index.md b/Documentation/security/index.md index d5d4e2b93e..c9cb4a77de 100644 --- a/Documentation/security/index.md +++ b/Documentation/security/index.md @@ -13,3 +13,7 @@ This section describes documentation about the security architecture of coreboot - [Intel TXT in general](intel/txt.md) - [Intel TXT Initial Boot Block](intel/txt_ibb.md) - [Intel Authenticated Code Modules](intel/acm.md) + +## SMM + +- [System Management Mode](smm.md) diff --git a/Documentation/security/smm.md b/Documentation/security/smm.md new file mode 100644 index 0000000000..4e95427b86 --- /dev/null +++ b/Documentation/security/smm.md @@ -0,0 +1,29 @@ +# x86 System Managment Mode + +## Introduction + +The code running in System Management Mode (SMM) provides runtime services +to applications running in [ring0]. It has a higher privilege level than +[ring0] and resides in the SMRAM region which cannot be accessed from [ring0]. + +SMM can be entered by issuing System Managment Interrupts (SMIs). + +## Secure data exchange + +In order to not leak SMM internals or accidentally overwrite parts of SMM, +[ring0] provided data (pointers, offsets, sizes, ...) must be checked before +using them in SMM. + +There exist two methods to verify data: + +```C +/* Returns true if the region overlaps with the SMM */ +bool smm_region_overlaps_handler(struct region *r); +``` + +```C +/* Returns true if the memory pointed to overlaps with SMM reserved memory. */ +static inline bool smm_points_to_smram(const void *ptr, const size_t len); +``` + +[ring0]: https://en.wikipedia.org/wiki/Protection_ring -- cgit v1.2.3