SMM_Code_Chk_En (SMM Call-Out) Protection check
SMM_Code_Chk_En is a bit found in the MSR_SMM_FEATURE_CONTROL register. Once set to ‘1’, any CPU that attempts to execute SMM code not within the ranges defined by the SMRR will assert an unrecoverable MCE. As such, enabling and locking this bit is an important step in mitigating SMM call-out vulnerabilities. This CHIPSEC module simply reads the register and checks that SMM_Code_Chk_En is set and locked.
- Intel 64 and IA-32 Architectures Software Developer Manual (SDM)
chipsec_main -m common.smm_code_chk
>>> chipsec_main.py -m common.smm_code_chk
- Registers used:
MSR_SMM_FEATURE_CONTROL may not be defined or readable on all platforms.