chipsec.modules.common.smm_code_chk module

SMM_CODE_CHK_EN (SMM Call-Out) Protection check

SMM_CODE_CHK_EN is a bit found in the MSR_SMM_FEATURE_CONTROL register. Once set to ‘1’, any CPU that attempts to execute SMM code not within the ranges defined by the SMRR will assert an unrecoverable MCE. As such, enabling and locking this bit is an important step in mitigating SMM call-out vulnerabilities. This CHIPSEC module simply reads the register and checks that SMM_CODE_CHK_EN is set and locked.

Reference:
Usage:

chipsec_main -m common.smm_code_chk

Examples:
>>> chipsec_main.py -m common.smm_code_chk
Registers used:
  • MSR_SMM_FEATURE_CONTROL.LOCK

  • MSR_SMM_FEATURE_CONTROL.SMM_CODE_CHK_EN

Note

  • MSR_SMM_FEATURE_CONTROL may not be defined or readable on all platforms.