SYSTEM AND METHOD FOR PROTECTION AGAINST UNTRUSTED SYSTEM MANAGEMENT CODE BY REDIRECTING A SYSTEM MANAGEMENT INTERRUPT AND CREATING A VIRTUAL MACHINE CONTAINER

• Main Authors: HALL, CLIFFORD D, GRAWROCK DAVID W, SUTTON, JAMES A., II, POISNER, DAVID I, SMITH, LAWRENCE O., III, KOZUCH, MICHAEL A, BURGESS, BRADLEY G, UHLIG, RICHARD A, GEORGE, ROBERT T, GLEW, ANDREW F, NEIGER, GILBERT
• Format: Patent
• Language: English
• Published: 14.09.2012
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

A SYSTEM AND METHOD FOR PERMITTING THE EXECUTION OF SYSTEM MANAGEMENT MODE (SMM) CODE DURING SECURE OPERATIONS IN A MICROPROCESSOR SYSTEM IS DESCRIBED. IN ONE EMBODIMENT, THE SYSTEM MANAGEMENT INTERRUPT (SMI) MAY BE FIRST DIRECTED TO A HANDLER IN A SECURED VIRTUAL MACHINE MONITOR (SVMM). THE SMI MAY THEN BE REDIRECTED TO SMM CODE LOCATED IN A VIRTUAL MACHINE (VM) THAT IS UNDER THE SECURITY CONTROL OF THE SVMM. THIS REDIRECTION MAY BE ACCOMPLISHED BY ALLOWING THE SVMM TO READ AND WRITE THE SYSTEM MANAGEMENT (SM) BASE REGISTER IN THE PROCESSOR.