System Management Mode (SMM), often referred to as ring -2, is an operating mode in x86 computer architecture that is notoriously difficult to debug and secure. To system software including the hypervisor and kernel, SMM is a lurking black box that can asynchronously take control of all system processors for an arbitrary duration of time leading to unpredictable performance degradation. SMM code is stored on non-volatile storage such as SPI flash and loaded during firmware boot alongside other UEFI code. Over time, SMM’s ubiquity and power has attracted platform manufacturers to accumulate implementations in SMM for a growing amount of technologies that require low-level chipset access.

Platform Runtime Mechanism (PRM) is a feature that reverses this trend. It transitions code out of SMM and into the execution context of the OS/VMM by taking advantage of the fact that some code doesn’t require SMM privileges. PRM handlers execute in ring 0 just like other kernel code and can be updated in the OS without resetting the system. Developed in collaboration between Intel and Microsoft, SMI handlers are being ported to PRM handlers today. This talk will primarily discuss the fully open source UEFI code made available for any platform vendor to painlessly enable PRM in their system firmware. It will also cover changes in the ACPI Specification, the open source ACPICA iASL compiler and operating systems such as Linux and Windows to add support for PRM.