PRM: SMM Goes on a Diet
2020-12-01, 17:30–18:00, Main Stage

System Management Mode (SMM), often referred to as ring -2, is an operating mode in x86 computer architecture that is notoriously difficult to debug and secure. To system software including the hypervisor and kernel, SMM is a lurking black box that can asynchronously take control of all system processors for an arbitrary duration of time leading to unpredictable performance degradation. SMM code is stored on non-volatile storage such as SPI flash and loaded during firmware boot alongside other UEFI code. Over time, SMM’s ubiquity and power has attracted platform manufacturers to accumulate implementations in SMM for a growing amount of technologies that require low-level chipset access.

Platform Runtime Mechanism (PRM) is a feature that reverses this trend. It transitions code out of SMM and into the execution context of the OS/VMM by taking advantage of the fact that some code doesn’t require SMM privileges. PRM handlers execute in ring 0 just like other kernel code and can be updated in the OS without resetting the system. Developed in collaboration between Intel and Microsoft, SMI handlers are being ported to PRM handlers today. This talk will primarily discuss the fully open source UEFI code made available for any platform vendor to painlessly enable PRM in their system firmware. It will also cover changes in the ACPI Specification, the open source ACPICA iASL compiler and operating systems such as Linux and Windows to add support for PRM.

Related Projects

tianocore, UEFI, Linux

See also: Presentation

Michael Kubacki is a firmware engineer at Microsoft currently focused on FW/OS interaction and core UEFI features in Azure and Surface. Michael previously worked on system integration and firmware development at Intel across several generations of mobile SoC, client, and server products. He is an advocate for open source software and bringing more production firmware code into open source.