chipsec.modules.common.smrr moduleΒΆ

CPU SMM Cache Poisoning / System Management Range Registers check

This module checks to see that SMRRs are enabled and configured.

Reference:

Researchers demonstrated a way to use CPU cache to effectively change values in SMRAM in Attacking SMM Memory via Intel CPU Cache Poisoning and Getting into the SMRAM: SMM Reloaded . If ring 0 software can make SMRAM cacheable and then populate cache lines at SMBASE with exploit code, then when an SMI is triggered, the CPU could execute the exploit code from cache. System Management Mode Range Registers (SMRRs) force non-cachable behavior and block access to SMRAM when the CPU is not in SMM. These registers need to be enabled/configured by the BIOS.

Usage:

chipsec_main -m common.smrr [-a modify]

  • -a modify: Attempt to modify memory at SMRR base

Examples:
>>> chipsec_main.py -m common.smrr
>>> chipsec_main.py -m common.smrr -a modify
Registers used:
  • IA32_SMRR_PHYSBASE.PhysBase

  • IA32_SMRR_PHYSBASE.Type

  • IA32_SMRR_PHYSMASK.PhysMask

  • IA32_SMRR_PHYSMASK.Valid