SMM PROTECTION UTILIZING RING SEPARATION AND SMI ISOLATION

SMM PROTECTION UTILIZING RING SEPARATION AND SMI ISOLATION

In one embodiment, a processor comprises a plurality of system resources accessible to processes executed at a first privilege level but generally not accessible to processes executing at a second privilege level; a memory to store an access control policy; and an execution unit to: execute a system...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Yao, Jiewen, Brannock, Kirk D
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In one embodiment, a processor comprises a plurality of system resources accessible to processes executed at a first privilege level but generally not accessible to processes executing at a second privilege level; a memory to store an access control policy; and an execution unit to: execute a system management interrupt (SMI) handler at the second privilege level; and execute a policy manager at the first privilege level, the policy manager to detect a request from the SMI handler to access a first system resource of the plurality of system resources; and access the first system resource on behalf of the SMI handler in response to a determination that the access control policy allows the SMI handler to access the first system resource.