summaryrefslogtreecommitdiff
path: root/Documentation/security
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/security')
-rw-r--r--Documentation/security/index.md4
-rw-r--r--Documentation/security/smm.md29
2 files changed, 33 insertions, 0 deletions
diff --git a/Documentation/security/index.md b/Documentation/security/index.md
index d5d4e2b93e..c9cb4a77de 100644
--- a/Documentation/security/index.md
+++ b/Documentation/security/index.md
@@ -13,3 +13,7 @@ This section describes documentation about the security architecture of coreboot
- [Intel TXT in general](intel/txt.md)
- [Intel TXT Initial Boot Block](intel/txt_ibb.md)
- [Intel Authenticated Code Modules](intel/acm.md)
+
+## SMM
+
+- [System Management Mode](smm.md)
diff --git a/Documentation/security/smm.md b/Documentation/security/smm.md
new file mode 100644
index 0000000000..4e95427b86
--- /dev/null
+++ b/Documentation/security/smm.md
@@ -0,0 +1,29 @@
+# x86 System Managment Mode
+
+## Introduction
+
+The code running in System Management Mode (SMM) provides runtime services
+to applications running in [ring0]. It has a higher privilege level than
+[ring0] and resides in the SMRAM region which cannot be accessed from [ring0].
+
+SMM can be entered by issuing System Managment Interrupts (SMIs).
+
+## Secure data exchange
+
+In order to not leak SMM internals or accidentally overwrite parts of SMM,
+[ring0] provided data (pointers, offsets, sizes, ...) must be checked before
+using them in SMM.
+
+There exist two methods to verify data:
+
+```C
+/* Returns true if the region overlaps with the SMM */
+bool smm_region_overlaps_handler(struct region *r);
+```
+
+```C
+/* Returns true if the memory pointed to overlaps with SMM reserved memory. */
+static inline bool smm_points_to_smram(const void *ptr, const size_t len);
+```
+
+[ring0]: https://en.wikipedia.org/wiki/Protection_ring