### Advanced x86:

### BIOS and System Management Mode Internals SMRAM (System Management RAM)

### Xeno Kovah && Corey Kallenberg LegbaCore, LLC



### All materials are licensed under a Creative Commons "Share Alike" license. http://creativecommons.org/licenses/by-sa/3.0/

You are free:



to Share — to copy, distribute and transmit the work

to Remix - to adapt the work

#### Under the following conditions:

Attribution — You must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work).



Share Alike — If you alter, transform, or build upon this work, you may distribute the resulting work only under the same, similar or a compatible license.

Attribution condition: You must indicate that derivative work

"Is derived from John Butterworth & Xeno Kovah's 'Advanced Intel x86: BIOS and SMM' class posted at http://opensecuritytraining.info/IntroBIOS.html" 2

### Prelude

- So we have talked about what causes the system to enter SMM
- And we've (sort of) even "seen" it happen
  - As best as possible
- But we haven't talked about SMM's address space yet ...

### SMRAM

- SMRAM is the address space where the processor switches to upon entering SMM
- This address space contains the SMI handler code and data
- The processor's pre-SMI register context is saved at a pre-defined location in SMRAM (fixed offset from SMBASE)
- SMBASE is the base address of SMRAM and is located in a reserved portion of main RAM
  - Thus access control mechanisms must be based in the memory controller (MCH or CPU)

### **Address Space Layout**

- First off, lets define the terms SMBASE and SMRAM
- SMRAM refers to the entire range (or ranges) where the SMI handler code and data is located
- SMBASE is a private CPU-internal register that holds the address denoting the base address of SMRAM for a processor (or core)
  - Each core will have its own SMBASE
- The state save area(s) and entry point(s) are fixed offsets from SMBASE
- SMBASE is also found as a field stored in the state save area within SMRAM
  - The stored value is always at the same offset from SMBASE (FEF8h)
  - A 32-bit value containing the physical address of SMRAM (SMBASE)
  - Even in x64 architecture
- Therefore SMRAM is relocatable by changing the saved value of SMBASE, stored in the SMRAM save state area upon SMI
- We'll talk about where in physical memory SMBASE/SMRAM is likely to be located in a bit



- Default SMBASE on startup is 30000h, but can be relocated
- SMI Handler Executable code entry point is always at SMBASE + 8000h
  - CPU always begins executing at SMBASE + 8000h
- Multi-core systems will typically have their SMBASE offset by N bytes from each other. For example:
  - Core 0 defines SMBASE as A\_0000h, will enter SMI handler at A\_8000h
  - Core 1 defines SMBASE as A\_1000h, will enter SMI handler at A\_9000h



- State save address starts at SMBASE + 8000h + 7FFFh
   SMBASE + FFFFh
- For 32-bit CPU's, the state-save area is 200h bytes
- State save area extends down to SMBASE + 8000h + 7E00h
  - SMBASE + FE00h



#### From Intel Vol. 3. Ch. "System Management Mode"

Table 34-1. SMRAM State Save Map

| Offset<br>(Added to SMBASE + 8000H) | Register                                   | Writable? |
|-------------------------------------|--------------------------------------------|-----------|
| 7FFCH                               | CRO                                        | No        |
| 7FF8H                               | CR3                                        | No        |
| 7FF4H                               | EFLAGS                                     | Yes       |
| 7FF0H                               | EIP                                        | Yes       |
| 7FECH                               | EDI                                        | Yes       |
| 7FE8H                               | ESI                                        | Yes       |
| 7FE4H                               | EBP                                        | Yes       |
| 7FE0H                               | ESP                                        | Yes       |
| 7FDCH                               | EBX                                        | Yes       |
| 7FD8H                               | EDX                                        | Yes       |
| 7FD4H                               | ECX                                        | Yes       |
| 7FD0H                               | EAX                                        | Yes       |
| 7FCCH                               | DR6                                        | No        |
| 7FC8H                               | DR7                                        | No        |
| 7FC4H                               | TR <sup>1</sup>                            | No        |
| 7FC0H                               | Reserved                                   | No        |
| 7FBCH                               | CS1                                        | No        |
| 7FB8H                               | FS <sup>1</sup>                            | No        |
| 7FB4H                               | DS <sup>1</sup>                            | No        |
| 7FB0H                               | SS1                                        | No        |
| 7FACH                               | C21                                        | No        |
| 7FA8H                               | ES1                                        | No        |
| 7FA4H                               | I/O State Fleld, see Section 34.7          | No        |
| 7FA0H                               | I/O Memory Address Field, see Section 34.7 | No        |
| 7F9FH-7F03H                         | Reserved                                   | No        |
| 7F02H                               | Auto HALT Restart Fleid (Word)             | Yes       |
| 7F00H                               | I/O Instruction Restart Field (Word)       | Yes       |
| 7EFCH                               | SMM Revision Identifier Field (Doubleword) | No        |
| 7EF8H                               | SMBASE Field (Doubleword)                  | Yes       |
| 7EF7H - 7E00H                       | Reserved                                   | No        |



- State save address starts at SMBASE + 8000h + 7FFFh
   SMBASE + FFFFh
- For 64-bit CPU's, the state-save area is 400h bytes
- The state-save extends down to SMBASE + 8000h + 7C00h
  - SMBASE + FC00h



### 64-Bit

#### Table 34-3. SMRAM State Save Map for Intel 64 Architecture

| Offset<br>(Added to SMBASE + 8000H) | Register              | Writable? |
|-------------------------------------|-----------------------|-----------|
| 7FF8H                               | CRO                   | No        |
| 7FF0H                               | CR3                   | No        |
| 7FE8H                               | RFLAGS                | Yes       |
| 7FE0H                               | IA32_EFER             | Yes       |
| 7FD8H                               | RIP                   | Yes       |
| 7FDOH                               | DR6                   | No        |
| 7FC8H                               | DR7                   | No        |
| 7FC4H                               | TR SEL <sup>1</sup>   | No        |
| 7FC0H                               | LDTR SEL <sup>1</sup> | No        |
| 7FBCH                               | GS SEL <sup>1</sup>   | No        |
| 7FB8H                               | FS SEL <sup>1</sup>   | No        |
| 7FB4H                               | DS SEL <sup>1</sup>   | No        |
| 7FB0H                               | SS SEL <sup>1</sup>   | No        |
| 7FACH                               | CS SEL <sup>1</sup>   | No        |
| 7FA8H                               | ES SEL <sup>1</sup>   | No        |
| 7FA4H                               | IO_MISC               | No        |
| 7F9CH                               | IO_MEM_ADDR           | No        |
| 7F94H                               | RDI                   | Yes       |
| 7F8CH                               | RSI                   | Yes       |
| 7F84H                               | RBP                   | Yes       |
| 7F7CH                               | RSP                   | Yes       |
| 7F74H                               | RBX                   | Yes       |
| 7F6CH                               | RDX                   | Yes       |
| 7F64H                               | RCX                   | Yes       |
| 7F5CH                               | RAX                   | Yes       |
| 7F54H                               | R8                    | Yes       |
| 7F4CH                               | R9                    | Yes       |
| 7F44H                               | R10                   | Yes       |
| 7F3CH                               | R11                   | Yes       |
| 7F34H                               | R12                   | Yes       |

|        | 7F34H                               | R12                                          | Yes       |
|--------|-------------------------------------|----------------------------------------------|-----------|
| 64-Bit | 7F2CH                               | R13                                          | Yes       |
|        | 7F24H                               | R14                                          | Yes       |
|        | 7F1CH                               | R15                                          | Yes       |
|        | 7F1BH-7F04H                         | Reserved                                     | No        |
|        | 7F02H                               | Auto HALT Restart Fleld (Word)               | Yes       |
|        | 7F00H                               | I/O Instruction Restart Field (Word)         | Yes       |
|        | 7EFCH                               | SMM Revision Identifier Field (Doubleword)   | No        |
| (      | 7EF8H                               | SMBASE Fleid (Doubleword)                    | Yes       |
|        | Offset<br>(Added to SMBASE + 8000H) | Register                                     | Writable? |
|        | 7EF7H - 7EE4H                       | Reserved                                     | No        |
|        | 7EEOH                               | Setting of "enable EPT" VM-execution control | No        |
| 7ED8H  |                                     | Value of EPTP VM-execution control field     | No        |
|        | 7ED7H - 7EA0H                       | Reserved                                     | No        |
|        | 7E9CH                               | LDT Base (lower 32 bits)                     | No        |
|        | 7E98H                               | Reserved                                     | No        |
|        | 7E94H                               | IDT Base (lower 32 bits)                     | No        |
|        | 7E90H                               | Reserved                                     | No        |
|        | 7E8CH                               | GDT Base (lower 32 bits)                     | No        |
|        | 7E8BH - 7E44H                       | Reserved                                     | No        |
|        | 7E40H                               | CR4                                          | No        |
|        | 7E3FH - 7DF0H                       | Reserved                                     | No        |
|        | 7DE8H                               | IO_RIP                                       | Yes       |
|        | 7DE7H - 7DDCH                       | Reserved                                     | No        |
|        | 7DD8H                               | IDT Base (Upper 32 bits)                     | No        |
|        | 7DD4H                               | LDT Base (Upper 32 bits)                     | No        |
|        | 7DDOH                               | GDT Base (Upper 32 bits)                     | No        |
|        | 7DCFH - 7C00H                       | Reserved                                     | No        |

• SMBASE field for both 64-bit and 32-bit architectures is always located at the same offset from SMBASE (FEF8h)



- The remaining area is free for use as SMI handler code and data
- Total size of SMRAM region is defined by the BIOS when it configures SMM



- Each core will have its own SMBASE address offset from the other core(s) SMBASE addresses
  - Like 1000h bytes per the above 32-bit example
- Another core could define its SMBASE in a completely separate memory address
  - In this diagram I show them sharing the same SMRAM memory range
  - In practice, some cores will simply execute a dead loop

### **SMRAM** Location

- SMRAM can be located anywhere in the 4GB memory address space
- SMBASE can be overwritten by the SMI handler
- Typically SMRAM is relocated at least once:
  - On system startup, the first time the system enters SMM, SMBASE is at 0x30000
  - SMI handler starts executing at 0x38000
  - There is no reason it needs to stay at that address
- Intel defines a few locations for SMRAM
  - But it really is a flexible system and can be put anywhere
  - I think these guidelines are provided to make configuration easier for the BIOS developers and to avoid areas where SMRAM may overlap with other regions
  - This is all part of building that memory map

### Standard SMRAM Locations

#### SMM Space Definition Summary

| SMM Space<br>Enabled | Transaction Address Space                                  | DRAM Space (DRAM)                                          |
|----------------------|------------------------------------------------------------|------------------------------------------------------------|
| Compatible (Adr C)   | 000A_0000h to 000B_FFFFh                                   | 000A_0000h to 000B_FFFFh                                   |
| High (Adr H)         | FEDA_0000h to FEDB_FFFFh                                   | 000A_0000h to 000B_FFFFh                                   |
| TSEG (Adr T)         | (TOLUD minus STOLEN minus<br>TSEG) to (TOLUD minus STOLEN) | (TOLUD minus STOLEN minus<br>TSEG) to (TOLUD minus STOLEN) |

- On ICH/MCH chipsets there are 3 standard locations for SMRAM
- On PCH chipsets the High Address (HSEG) is no longer supported (so 2 locations)
- Technically the base address of SMRAM can be relocated by the SMI handler
  - But there are reasons these guidelines should be followed and for all practical purposes SMRAM will be in TSEG

### Compatible SMRAM (Legacy Video Area)

|                          |                                                | 1 MB   |
|--------------------------|------------------------------------------------|--------|
| 000F_FFFFh<br>000F_0000h | System BIOS (Upper)<br>64 KB                   | 960 KB |
| 000E_FFFFh<br>000E_0000h | Extended System BIOS (Lower)<br>64 KB (16KBx4) |        |
| 000D_FFFFh               |                                                | 896 KB |
|                          | Expansion Area<br>128 KB (16KBx8)              |        |
| 000C_0000h               |                                                | 768 KB |
| 000B_FFFFh               | Legacy Video Area<br>(SMM Memory)<br>128 KB    |        |
| 000A_0000h               |                                                | 640 KB |
| 0009_FFFFh               | DOS Area                                       |        |
| 0000_0000h               |                                                |        |

Legacy (DOS) Compatibility Range

- Fixed address space
- Legacy VGA space (A\_0000 -B\_FFFFh)
- When compatible SMM space is enabled, SMM-mode processor accesses to this range are routed to physical system memory at this address.
- Non-SMM-mode processor accesses to this range are considered to be to the video buffer area.

### Enabling Compatible SMRAM

| 3 R/W/L | ОЬ | Global SMRAM Enable (G_SMRARE): If set to a 1, then<br>Compatible SMRAM functions are enabled, providing 128 KB<br>of DRAM accessible at the A0000h address while in SMM<br>(ADSB with SMM decode). To enable Extended SMRAM<br>function this bit has be set to 1. Refer to the section on SMM<br>for more details.<br>This register is locked in Intel TXT mode (RO in Intel TXT<br>mode). It also locks when D_LCK bit is set. |
|---------|----|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|---------|----|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

- This address space is enabled by asserting the G\_SMRAME bit
  - I believe G\_SMRARE is a typo in the datasheet
- The register (SMRAMC) containing this bit will be located in a different place depending on the architecture
  - On our E6400 it is located in the DRAM Controller (D0:F0) at offset
     9Dh
  - On a Haswell system, for example, it is also located in the DRAM controller but at offset 88h

# TSEG (Top of Main Memory Segment)



### **Enabling TSEG**

#### ESMRAMC - Extended System Management RAM Control

| B/D/F/Type:     | 0/0/0/PCI       |
|-----------------|-----------------|
| Address Offset: | 9Eh             |
| Default Value:  | 38h             |
| Access:         | R/W/L; R/WC; RO |
| Size:           | 8 bits          |
|                 |                 |

| 0 | R/W/L | Оb | TSEG Enable (T_EN): Enabling of SMRAM memory for<br>Extended SMRAM space only. When G_SMRAME =1 and<br>TSEG_EN = 1, the TSEG is enabled to appear in the<br>appropriate physical address space.<br>This register is locked in Intel TXT mode (RO in Intel TXT<br>mode). It also locks when D_LCK bit is set. |
|---|-------|----|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|---|-------|----|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

- TSEG is enabled differently depending on the architecture
- On MCH chipsets, it was defined in the ESMRAMC register
- Either 1, 2, or 8MB in size for TSEG (defined in bits 2:1)
- On our E6400 it's in D0:F0, offset 9Eh
- Newer systems offer more flexibility in TSEG size and location

### Enabling TSEG on new platforms

#### 3.1.36 TSEGMB—TSEG Memory Base

This register contains the base address of TSEG DRAM memory. BIOS determines the base of TSEG memory which must be at or below Graphics Base of GTT Stolen Memory (PCI Device 0 Offset B4 bits 31:20). NOTE: BIOS must program TSEGMB to a 8MB naturally aligned boundary.

|           | B/D/F/Type:    | 0/0/0/CFG                                                                                                                                                                                                                                                                                                 | Access:         | RW_KL;<br>RW_L |
|-----------|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------|----------------|
| Size: 32  | Default Value: | 0000000h                                                                                                                                                                                                                                                                                                  | Address Offset: | B8h            |
| Bit Range | Acronym        | Description                                                                                                                                                                                                                                                                                               | Default         | Access         |
| 31:20     | TSEGMB         | This register contains the base address of TSEG DRAM<br>memory. BIOS determines the base of TSEG memory which<br>must be at or below Graphics Base of GTT Stolen Memory<br>(PCI Device 0 Offset B4 bits 31:20). BIOS must program<br>the value of TSEGMB to be the same as BGSM when TSEG<br>is disabled. | 000h            | RW_L           |
| 19:1      | RSVD           | Reserved.                                                                                                                                                                                                                                                                                                 | 00000h          | RO             |
| 0         | LOCK           | This bit will lock all writeable settings in this register, including itself.                                                                                                                                                                                                                             | 0h              | RW_KL          |

- On newer systems the size of TSEG is more flexible in its programming
- The offset of this register and its method of programming is dependent on the memory controller (which exists either in the MCH or the processor)

# HSEG (High SMM Memory Space)



- Fixed address space
- FEDA\_0000 to FEDB\_FFFFh
- When enabled (if supported), A\_0000h to B\_FFFFh are remapped to high memory
- Not supported in PCH chipsets
- Note: TSEG is located under TOLUD which is located at the bottom of this diagram

### Enabling HSEG

#### ESMRAMC - Extended System Management RAM Control

| B/D/F/Type:<br>Address Offset:<br>Default Value:<br>Access:<br>Size: |       |    | 0/0/0/PCI<br>9Eh<br>38h<br>R/W/L; R/WC; RO<br>8 bits                                                                                                                                                                                                                         |
|----------------------------------------------------------------------|-------|----|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 7                                                                    | R/W/L | Оb | Enable High SMRAM (H_SMRAME): Controls the SMM<br>memory space location (i.e., above 1 MB or below 1 MB)<br>When G_SMRAME is 1 and H_SMRAME this bit is set to 1,<br>the high SMRAM memory space is enabled. SMRAM<br>accesses within the range OFEDA0000h to OFEDBFFFFh are |

HSEG is enabled when bit 7 of the ESMRAMC bit is set

000A0000h to 000BFFFFh.

remapped to DRAM addresses within the range

mode). It also locks when D\_LCK bit is set.

This register is locked in Intel® TXT mode (RO in Intel TXT

Not supported on PCH systems and later •

### SMRAM Combinations (MCH-based)

#### SMM Space Table

| Global Enable<br>G_SMRAME | High Enable<br>H_SMRAM_EN | TSEG Enable<br>TSEG_EN | Adr C Range | <b>Adr</b> H<br>Range | <b>Adr</b> T<br>Range |
|---------------------------|---------------------------|------------------------|-------------|-----------------------|-----------------------|
| 0                         | Х                         | х                      | Disable     | Disable               | Disable               |
| 1                         | 0                         | 0                      | Enable      | Disable               | Disable               |
| 1                         | 0                         | 1                      | Enable      | Disable               | Enable                |
| 1                         | 1                         | 0                      | Disabled    | Enable                | Disable               |
| 1                         | 1                         | 1                      | Disabled    | Enable                | Enable                |

- Up to two memory locations can be used for SMRAM on a system
- There is still only one SMBASE per core
- Global Enable means that SMM compatible space is turned on
- Disabling the C-range disables all other ranges
- So if you're using TSEG, there is guaranteed to be either the Crange or the H-range also present
  - I removed H-range discussion from this class for time reasons. It's pretty straightforward, and you can see the manuals if you're interested. But you probably mostly all have PCHbased systems so...

### SMRAM Combinations (PCH-based)

#### SMM Space Table

| Global Enable<br>G_SMRAME | High Enable<br>H_SMRAM_FN | TSEG Enable<br>TSEG_EN | Adr C Range | Adr H<br>Range | Adr T<br>Range |
|---------------------------|---------------------------|------------------------|-------------|----------------|----------------|
| 0                         | X                         | х                      | Disable     | Disable        | Disable        |
| 1                         | X                         | 0                      | Enable      | Dis ole        | Disable        |
| 1                         | 0                         | 1                      | Enable      | Disable        | Enable         |
| 1                         |                           | 0                      | Disabled    |                | Disable        |
| 1                         |                           | 1                      | Disabled    | Enable         | Epoble         |
|                           |                           |                        |             |                |                |

- Up to two memory locations can be used for SMRAM on a system
  - Which is good since on PCH there is only the Compatible and TSEG ranges; HSEG is no longer supported
- As you can see, this means that the Compatible range is always enabled if TSEG is enabled
- So the only question is whether or not you use TSEG

### **Demo: Locating SMRAM**

| 🖺 RW     | - Re     | ad & \  | Write       | Utility  | / v1.6   | .5.9     |               |                           |           |               |                            |      |          |            |            |    |
|----------|----------|---------|-------------|----------|----------|----------|---------------|---------------------------|-----------|---------------|----------------------------|------|----------|------------|------------|----|
| Access   | s S      | pecific | : W         | indow    | He       | lp       |               |                           |           |               |                            |      |          |            |            |    |
|          |          | index   |             |          |          |          | )(<br>(index) | (SI<br>801                |           | Ъ             | SPD                        |      |          | ASR ×      | 72<br>ACPI |    |
| 📕 PC     | I        |         |             |          |          |          |               |                           |           |               |                            |      |          |            |            |    |
|          | E        | Ì       | bin)<br>DTI | ß        | <u>ê</u> |          |               | byte<br><mark>8bit</mark> | wo<br>161 | rd d<br>bit 3 | word<br><mark>2 bit</mark> | <br> |          |            | ì          | 2  |
| Bus 0    | 0, D     | evice   | 00, Fi      | unctio   | n 00 -   | - Intel  | Corp          | oratio                    | n Ho      | st Bri        | dge                        |      |          |            |            | •  |
| 157      | 00       | 01      | 02          | 03       | 04       | 05       | 06            | 07                        | 08        | 09            | 0A                         | 0B   | 0C       | 0D         | 0E         | 0F |
| 00       | 86       | 80      | 40          | 2A       | 06       | 00       | 90            | 20                        | 07        | 00            | 00                         | 06   | 00       | 00         | 00         | 00 |
| 10       | 00       | 00      | 00          | 00       | 00       | 00       | 00            | 00                        | 00        | 00            | 00                         | 00   | 00       | 00         | 00         | 00 |
| 20       | PC       | I 00,0  | 0,00 F      | Reg 09   | D (15    | 57)      |               |                           |           | x             | 00                         | 00   | 28       | 10         | 33         | 02 |
| 30       |          |         |             |          |          |          |               |                           |           |               | 00                         | 00   | 00       | 00         | 00         | 00 |
| 40       |          | 7 E     | 6 5         | 4        | 3 2      | 1        | 0             |                           | Done      |               | DA                         | FE   | 00       | 00         | 00         | 00 |
| 50       |          | 0 0     | ) ()        | 0        | 1 0      | 1        | 0             | <b>'</b>                  | Jone      |               | 80                         | 00   | 00       | 00         | 00         | 00 |
| 60       |          | ſ       |             | - 0A     |          | •••••    | ·····         |                           | ancel     |               | DA                         | FE   | 00       | 00         | 00         | 00 |
| 70       |          |         |             |          |          |          |               |                           |           |               | 00                         | 00   | 00       | 00         | 00         | 00 |
| 80       | 00       | 00      | 00          | 00       | 00       | 00       | 00            | 00                        | 00        | 00            | 00                         | 00   | 00       |            | 00         | 00 |
| 90       | 10       | 11      | 11          | 01       | 00       | 00       | 00            | 00                        | 40        | 00            | 47                         | 00   |          | <b>0</b> A | 39         | 00 |
| A0       | 20       | 00      | 00          | 12       | 00       | 00       | 00            | 00                        | 00        | 00            | 00                         | 00   | 00       | 00         | 00         | 00 |
| BO       | 00       | E0      | 00          | 00       | 00       | 00       | 00            | 00                        | 00        | 00            | 00                         | 00   | 00       | 00         | 00         | 00 |
| C0       | 00       | 00      | 00          | 00       | 00       | 00       | 00            | 00                        | 00        | 00            | 00                         | 00   | 00       | 00         | 00         | 00 |
| D0<br>E0 | 00<br>09 | 00      | 00<br>0A    | 00<br>11 | 00<br>86 | 00<br>7C | 00<br>40      | 00<br>1E                  | 00<br>01  | 00<br>90      | 00                         | 00   | 78<br>00 | 02<br>00   | 01<br>00   | 00 |
| F0       | 09       | 00      | 00          | 00       | 00       | 00       | 40<br>00      | 00                        | 01<br>A0  | 90<br>0F      | 00                         | 00   | 00       | 00         | 00         | 00 |
| Hardw    |          | 00      | 00          | 00       | 00       | 00       | 00            | 00                        | AU        | UP            | 07                         | 00   | 00       | 00         | 00         | 00 |
| Hardw    | die      |         |             |          |          |          |               |                           |           |               |                            |      |          |            |            |    |

- First let's see what address ranges are enabled on our system for SMRAM
- Open RW-Everything and select PCI devices, device 0, function 0 (the DRAM Controller)
- Look at offset 9Dh (SMRAMC register)
- See if bit 3 (G\_SMRAME) bit is set
- Compatible SMRAM at A\_0000 to B\_FFFFh is set

### **Demo: Locating SMRAM**

| 🕌 RW   | - Rea | ad & \  | Write  | Utility    | y v1.6        | .5.9  |                |                           |          |               |                            |                |          |      |            |    |
|--------|-------|---------|--------|------------|---------------|-------|----------------|---------------------------|----------|---------------|----------------------------|----------------|----------|------|------------|----|
| Access | s Sp  | pecific | : Wi   | ndow       | He            | lp    |                |                           |          |               |                            |                |          |      |            |    |
|        |       | ndex    |        |            | <b>L</b> U /~ |       | 10.<br>(index) | (SI<br>0 01               |          | $\mathcal{V}$ | SPD                        |                |          | ISR) | 74<br>ACPI |    |
| 📕 PC   | I     |         |        |            |               |       |                |                           |          |               |                            |                |          |      |            |    |
|        | ſ     |         | bin Ì  | đ          | Å             |       |                | byte<br><mark>8bit</mark> | wo<br>16 | rd d<br>bit 3 | word<br><mark>2 bit</mark> | <br> -0<br> -0 | <b>C</b> |      | ì          | •  |
| Bus 0  | 0, D  | evice   | 00, Fi | Inctio     | n 00 -        | Intel | Corp           | oratio                    | n Ho     | st Bri        | dge                        |                |          |      |            | •  |
| 157    | 00    | 01      | 02     | 03         | 04            | 05    | 06             | 07                        | 08       | 09            | 0A                         | 0B             | 0C       | 0D   | 0E         | 0F |
| 00     | 86    | 80      | 40     | 2A         | 06            | 00    | 90             | 20                        | 07       | 00            | 00                         | 06             | 00       | 00   | 00         | 00 |
| 10     | 00    | 00      | 00     | 00         | 00            | 00    | 00             | 00                        | 00       | 00            | 00                         | 00             | 00       | 00   | 00         | 00 |
| 20     | PC    | 1 00,0  | 0,00 F | Reg 09     | 9E (15        | 8)    |                |                           |          | x             | 00                         | 00             | 28       | 10   | 33         | 02 |
| 30     |       |         |        |            |               |       |                |                           |          |               | 00                         | 00             | 00       | 00   | 00         | 00 |
| 40     | 11    | 7 6     | 5 5    | 4          | 3 2           | 1     | 0              |                           | Done     |               | DA                         | FE             | 00       | 00   | 00         | 00 |
| 50     |       | 0 0     | 1      | 1          | 1 0           | 0     | 1              | Ľ                         | Jone     |               | <b>5</b> 9                 | 00             | 00       | 00   | 00         | 00 |
| 60     |       | K       |        | - 39       |               |       | X              |                           | ancel    |               | DA                         | PE             | 00       | 00   | 00         | 00 |
| 70     |       |         |        |            |               |       |                |                           |          |               | 00                         | 00             | 08       | 00   | 00         | 00 |
| 80     | 00    | 00      | 00     | 00         | 00            | 00    | 00             | -00                       | 00       | 00            | 00                         | 00             | 00       | 08   | 00         | 00 |
| 90     | 10    | 11      | 11     | 01         | 00            | 00    | 00             | 00                        | 40       | 00            | 47                         | 00             | 00       | 0A   | 39         | 00 |
| A0     | 20    | 00      | 00     | 12         | 00            | 00    | 00             | 00                        | 00       | 00            | 00                         | 00             | 00       | 00   | 00         | 00 |
| BO     | 00    | I F     | ISE    | <b>G</b> N | lo            | 00    | 00             | T                         | SEC      | i Ye          | es l                       | 00             | 00       | 00   | 00         | 00 |
| C0     | 00    |         |        |            |               | 00    | 00             |                           |          |               | _                          | 00             | 00       | 00   | 00         | 00 |
| DO     | 00    | 00      | 00     | 00         | 00            | 00    | 00             | 00                        | 00       | 00            | 00                         | 00             | 78       | 02   | 01         | 00 |
| E0     | 09    | 00      | 0A     | 11         | 86            | 7C    | 40             | 1E                        | 01       | 90            | 00                         | 00             | 00       | 00   | 00         | 00 |
| F0     | 00    | 00      | 00     | 00         | 00            | 00    | 00             | 00                        | A0       | 0F            | 07                         | 00             | 00       | 00   | 00         | 00 |
| Hardw  | are   |         |        |            |               |       |                |                           |          |               |                            |                |          |      |            |    |

- Let's now check to see if TSEG (or HSEG) is enabled
- We know we cannot be using both along side the compatible C range
- Look at the register at offset 9Eh (ESMRAMC)
- Notice that TSEG Enable bit 0 is asserted
  - By default then, HSEG is not enabled, but we can also see that bit 7 is not asserted

### Example: Find TSEG Base/Limit



- So we know that Compatible SMRAM is enabled, and that is always at a fixed address A\_0000 to B\_FFFFh
- But TSEG is dependent on other addresses
- The TSEG location can be calculated (if you are analyzing a system that does not have an explicit TSEG register):
- From the manual, TSEG Range *for this machine* is calculated as:

### (TOLUD – STOLEN – TSEG\_SZ) to (TOLUD – STOLEN)

### Example: Find TSEG: TOLUD

| 🔢 PCI  |               |            |              |              |            |                |        |             |                               |
|--------|---------------|------------|--------------|--------------|------------|----------------|--------|-------------|-------------------------------|
|        |               | 1 🚰 (      | M -          | byte<br>8bit | word dwi   | ord 9<br>bit 8 | 63     | i   😮       |                               |
|        | Device 00     |            |              |              |            |                |        |             |                               |
| Bus ou | ), Device 00, | Function 0 | 0 - Intel Co | orporation   | Host Bridg | ge             |        | •           |                               |
| 150    | 0100          | 0302       | 0504         | 0706         | 0908       | 0B0A           | 0D0C   | 0F0E        |                               |
| 00     | 8086          | 2A40       | 0006         | 2090         | 0007       | 0600           | TOI    |             | Top of Low Used DRAM Perioter |
| 10     | 0000          | 0000       | 0000         | 0000         | 0000       | 0000           | IUL    | <b>UD</b> - | Top of Low Used DRAM Register |
| 20     | 0000          | 0000       | 0000         | 0000         | 0000       | 0000           | B/D/F  | /Type:      | 0/0/0/PCI                     |
| 30     | 0000          | 0000       | 00E0         | 0000         | 0000       | 0000           |        | ss Offse    |                               |
| 40     | 5001          | FEDA       | 0000         | 0000         | 0001       | FEDA           |        | lt Value    |                               |
| 50     | 0000          | 0002       | 0343         | 0000         | 0000       | 0000           | Access | s:          | R/W/L; RO                     |
| 60     | 0005          | F800       | 0000         | 0000         | 4001       | FEDA           | Size:  |             | 16 bits                       |
| 70     | 0000          | 0000       | 0000         | 0000         | 1001       | 0000           | 0000   | 0000        |                               |
| 80     | 0000          | 0000       | 0000         | 0000         | 0000       | 0000           | 0000   | 0000        |                               |
| 90     | 1110          | 0111       | 0000         | 0000         | 0040       | 0047           | 0A00   | 0039        |                               |
| A0     | 0020          | 1200       | 0000         | 0000         | 0000       | 0000           | 0000   | 0000        | → TOLUD = E000 0000h          |
| BO     | E000          | 0000       | 0000         | 0000         | 0000       | 0000           | 0000   | 0000        |                               |
| C0     | 0000          | 0000       | 0000         | 0000         | 0000       | 0000           | 0000   | 0000        |                               |

- (TOLUD STOLEN TSEG\_SZ) to (TOLUD STOLEN)
- (E0000000 ? ?) to (E0000000 ?)

### Lab: Find TSEG: STOLEN

#### GGC - (G)MCH Graphics Control Register (Device 0)

|     | Device 00, I |      |      | byte<br>8bit | B/D/F/Ty<br>Address<br>Default V<br>Access:<br>Size:<br>All the bi | Óffset:<br>/alue:     | register a | 0/0/0/PCI<br>52-53h<br>0030h<br>RO; R/W/L<br>16 bits<br>are Intel TXT locked. In Intel TXT mode, R/W bits are RO.             |
|-----|--------------|------|------|--------------|--------------------------------------------------------------------|-----------------------|------------|-------------------------------------------------------------------------------------------------------------------------------|
| 150 | 0100         | 0302 | 0504 | 1            |                                                                    |                       |            | GTT Graphics Memory Size (GGMS): This field is used to select                                                                 |
| 00  | 8086         | 2A40 | 0006 |              |                                                                    |                       |            | the amount of Main Memory that is pre-allocated to support the                                                                |
| 10  | 0000         | 0000 | 0000 |              |                                                                    |                       |            | Internal Graphics Translation Table. The BIOS ensures that                                                                    |
| 20  | 0000         | 0000 | 0000 |              |                                                                    |                       |            | memory is pre-allocated only when Internal graphics is enabled.<br>GSM is assumed to be a contiguous physical DRAM space with |
| 30  | 0000         | 0000 | 00E0 |              |                                                                    |                       |            | DSM, and BIOS needs to allocate a contiguous memory chunk.                                                                    |
| 40  | 5001         | FEDA | 0000 |              |                                                                    |                       |            | Hardware will drive the base of GSM from DSM only using the GSM                                                               |
| 50  | 0000         | 0002 | 0343 |              |                                                                    |                       |            | size programmed in the register.                                                                                              |
| 60  | 0005         | Foul | 0000 |              |                                                                    |                       |            | 0000 = No memory pre-allocated.                                                                                               |
| 70  | 0000         | 0000 | 0000 |              |                                                                    |                       |            | 0001 = No VT mode, 1 MB of memory pre-allocated for GTT.                                                                      |
| 80  | 0000         | 0000 | 0000 | 11.0         | D (M/)                                                             | Oh                    | Coro       | 0011 = No VT mode, 2 MB of memory pre-allocated for GTT                                                                       |
| 90  | 1110         | 0111 | 0000 | 11:8         | R/W/L                                                              | un                    | Core       | 1001 = VT mode, 2 MB of memory pre-allocated for 1 MB of Global                                                               |
| A0  | 0020         | 1200 | 0000 |              | I                                                                  | ll                    |            | GTT and 1 MB for Shadow GTT                                                                                                   |
| ST  | OLE          | EN = | = Oł | 000<br>000   |                                                                    | 0000 0000<br>000 0000 |            |                                                                                                                               |

- Next is to find the amount of memory (if any) that has been stolen from graphics
- Bits 11:8 determine the amount of graphics memory stolen
- In this case it is 0
- (TOLUD STOLEN TSEG\_SZ) to (TOLUD STOLEN)
- (E000000 0 ?) to (E000000 0)

### Lab: Find TSEG: TSEG\_SZ

| PC R     |                 |                 | bin Î           | ß        | ġ,       |          |                 | byte<br>8bit    | wo<br>16        | rd d<br>bit 3 | word<br>2 bit |          | 100      |              | ì         | 0   |   |                                                                                                       |
|----------|-----------------|-----------------|-----------------|----------|----------|----------|-----------------|-----------------|-----------------|---------------|---------------|----------|----------|--------------|-----------|-----|---|-------------------------------------------------------------------------------------------------------|
| Bus 0    | 0, De           | evice           | 00, Fi          | unctio   | n 00 ·   | - Intel  | Corp            | oratio          | n Ho            | st Bri        | dge           |          |          |              |           | •   |   |                                                                                                       |
| 157      | 00              | 01              | 02              | 03       | 04       | 05       | 06              | 07              | 08              | 09            | 0A            | 0 ES     | 5M       | RAI          | MC        | - E | X | tended System Management RAM Control                                                                  |
| 00<br>10 | <b>86</b><br>00 | <b>80</b><br>00 | <b>40</b><br>00 | 2A<br>00 | 06<br>00 | 00<br>00 | <b>90</b><br>00 | <b>20</b><br>00 | <b>07</b><br>00 | 00<br>00      | 00<br>00      |          |          | Type<br>s Of |           | :   |   | 0/0/0/PCI<br>9Eh                                                                                      |
| 20<br>30 | PCI             | [ 00,0          | 0,00 F          | Reg 09   | 9E (15   | 8)       |                 |                 |                 | x             | 00<br>00      | 0        | cess     | t Val<br>:   | ue:       |     |   | 38h<br>R/W/L; R/WC; RO<br>8 bits                                                                      |
| 40       |                 | 7 6             | 6 5             | 4        | 3 2      | 1        | 0               |                 | Done            |               | DA            | Fe       | 00       | 00           | 00        | 00  |   |                                                                                                       |
| 50<br>60 | ſ               | 0 (             | ) 1             | 1        | 1 0      | 0        | 1               |                 | ancel           |               | DA<br>DA      | 00<br>FE | 00       | 00<br>00     | 00<br>00  | 00  |   | 00 = 1 MB Tseg. (TOLUD:Graphics Stolen Memory Size -<br>1M) to (TOLUD - Graphics Stolen Memory Size). |
| 70<br>80 |                 |                 |                 |          |          |          |                 |                 | ancer           |               | 00            | 00       | 08<br>00 | 00<br>03     | 00        | 00  |   | 01 = 2 MB Tseg (TOLUD:Graphics Stolen Memory Size -<br>2M) to (TOLUD - Graphics Stolen Memory Size).  |
| 90<br>A0 | 10<br>20        | 11<br>00        | 11<br>00        | 01       | 00       | 00       | 00              | 00              | <b>40</b>       | 00            | 47<br>00      | 00       | 00       | 0A<br>00     | <b>39</b> | 00  |   | 10 = 8 MB Tseg (TOLUD:Graphics Stolen Memory Size -<br>8M) to (TOLUD - Graphics Stolen Memory Size).  |
|          | 20              | 00              | 00              |          | 00       |          | 00              |                 | 00              | 00            |               |          |          |              |           |     |   | 11 = Reserved.                                                                                        |

- And lastly we need to determine the size of TSEG
- This will differ based on architecture but for our system it's 8 bits
- (TOLUD STOLEN TSEG\_SZ) to (TOLUD STOLEN)
- (E000\_0000 0 10\_0000) to (E0000000 0)

### Calculate TSEG Base/Limit



- We plug our known values into:
- (TOLUD STOLEN TSEG\_SZ) to (TOLUD STOLEN)
- (E000\_0000h − 0 − 1 MB) to (E000\_0000 − 0)
- Provides us the range:
- DFF0\_0000h to E000\_0000h
  - Technically it's DFF0\_0000 to DFFF\_FFFh
- This \*should\* be the SMBASE address (which is relocatable of course but in all likelihood will be here)
- You can also read the SMRR PHYSBASE MSR if it's supported or on a newer system read the TSEG Base/Limit from the TSEG register
  - SMRRs covered in a little bit

### Calculate TSEG Base/Limit



- The TSEG base address marks the beginning of the protected SMRAM range
- Therefore the TSEG base \*should\* equate to SMBASE
  - Or the lowest SMBASE value in a multi-core system, assuming shared SMRAM range
- We'll see in a bit that this isn't necessarily the case

# **TSEG STOLEN varies**

- For the MCH 4, the TSEG range is defined as (TOLUD – STOLEN – TSEG\_SZ) to (TOLUD – STOLEN)
- But different systems will have different values, and you have to look it up in the datasheets. E.g. on a 4<sup>th</sup> gen Haswell:
- (TOLUD DSM SIZE GSM SIZE TSEG SIZE) to (TOLUD – DSM SIZE – GSM SIZE)

# Homework heads up

- Determine if your system's TSEG/TOLUD are locked, or if they could be moved by an attacker
- On some systems they will be locked by D\_LCK, and on some TSEGMB will have its own lock bit. You need to determine which is the case for your hardware.

### **Memory Map Protection**



- The location of TSEG is dependent on the values of TOLUD and Stolen Memory
- Modifying this value is something that an attacker could try, to shift the TSEG region
- However these registers can be locked down by D\_LCK bit in the SMRAM register (a key-bit)

### SMRAM Lock-Down

#### SMRAM - System Management RAM Control

| B/D/F/Type:     | 0/0/0/PCI      |
|-----------------|----------------|
| Address Offset: | 9Dh            |
| Default Value:  | 02h            |
| Access:         | RO; R/W/L; R/W |
| Size:           | 8 bits         |

The SMRAMC register controls how accesses to Compatible and Extended SMRAM spaces are treated. The Open, Close, and Lock bits function only when G\_SMRAME bit is set to a 1. Also, the OPEN bit must be reset before the LOCK bit is set.

| <ul> <li>SMM Space Locked (D_LCK): When D_LCK is set to a 1<br/>then D_OPEN is reset to 0 and D_LCK, D_OPEN, G_SMRARE,<br/>C_BASE_SEG, H_SMRAM_EN, GMS, TOLUD, TOM, TSEG_SZ<br/>and TSEG_EN become read only. D_LCK can be set to 1 via a<br/>normal configuration space write but can only be cleared by<br/>a Full Reset. The combination of D_LCK and D_OPEN provide<br/>convenience with security. The BIOS can use the D_OPEN<br/>function to initialize SMM space and then use D_LCK to "lock<br/>down" SMM space in the future so that no application<br/>software (or BIOS itself) can violate the integrity of SMM<br/>space, even if the program has knowledge of the D_OPEN<br/>function.<br/>This bit when set locks itself.</li> </ul> |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |

- D\_LCK is pretty much a necessity and is rarely left unset (5% or so of measured BIOS have D\_LCK not set)
- When set prevents changes to a lot of registers

# Where can you find the all-important D\_LCK bit?

- MCH3 & 4 = "SMRAM" register 0/0/0/9D
- 2<sup>nd</sup> Gen (Sandy Bridge) CPU and newer = "SMRAMC" register 0/0/0/88

# D\_OPEN

#### SMRAM - System Management RAM Control

| B/D/F/Type:     |  |
|-----------------|--|
| Address Offset: |  |
| Default Value:  |  |
| Access:         |  |
| Size:           |  |

0/0/0/PCI 9Dh 02h RO; R/W/L; R/W 8 bits

The SMRAMC register controls how accesses to Compatible and Extended SMRAM spaces are treated. The Open, Close, and Lock bits function only when G\_SMRAME bit is set to a 1. Also, the OPEN bit must be reset before the LOCK bit is set.

| Bit | Access | Default<br>Value | Description                                                                                                                                                                                                                                                                                                                                                                              |
|-----|--------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 7   | RO     | 0b               | Reserved                                                                                                                                                                                                                                                                                                                                                                                 |
| 6   | R/W/L  | Оb               | SMM Space Open (D_OPEN): (When D_OPEN=1 and<br>D_LCK=0, the SMM space DRAM is made visible even when<br>SMM decode is not active. This is intended to help BIOS<br>initialize SMM space. Software should ensure that<br>D_OPEN=1 and D_CLS=1 are not set at the same time.<br>This register is locked in Intel® TXT mode (RO in Intel TXT<br>mode). It also locks when D_LCK bit is set. |

- To help the BIOS configure SMRAM, the chipset provides a means for leaving SMRAM open even when the processor is not in SMM
- D\_LCK prevents this bit from being asserted



- If SMRAM is properly locked down this isn't possible
- Assert the D\_OPEN bit in the SMRAMC register (D0:F0, offset 9Dh)
- Since it's unlocked, let's take a look at SMRAM
- According to our TSEG calculations it should be located at DFF0\_0000h
- This should be SMBASE...but is it? Let's see...

| 📕 PC  | I      |       |        |        |          |         |      |                           |          |               |                            |               |     |    |    |    |           |      |      |     |      |       |          |      |    |                           |          |               |               |       |          |               |    |    |
|-------|--------|-------|--------|--------|----------|---------|------|---------------------------|----------|---------------|----------------------------|---------------|-----|----|----|----|-----------|------|------|-----|------|-------|----------|------|----|---------------------------|----------|---------------|---------------|-------|----------|---------------|----|----|
|       | E      |       | bin Ì  | đ      | <b>Å</b> |         |      | byte<br><mark>8bit</mark> | wo<br>16 | rd d<br>bit 3 | word<br><mark>2 bit</mark> | <br> -0<br> 0 | No. |    | ì  | 0  | Í 🔢       | Men  | nory | ,   |      |       |          |      |    |                           |          |               |               |       |          |               |    |    |
| Bus ( | 00, De | evice | 00, Fi | unctio | n 00 ·   | - Intel | Corp | oratio                    | n Ho     | st Bri        | dge                        |               |     |    |    | -  |           |      | bin  |     |      |       | <u>a</u> |      |    | byte<br><mark>8bit</mark> | wo<br>16 | rd d<br>bit 3 | word<br>2 bit | 1     |          |               |    |    |
| 157   | 00     | 01    | 02     | 03     | 04       | 05      | 06   | 07                        | 08       | 09            | 0A                         | 0B            | 0C  | 0D | 0E | 0F | · · · · · |      |      |     |      | _     |          |      |    |                           |          |               |               |       |          | $\overline{}$ |    |    |
| 00    | 86     | 80    | 40     | 2A     | 06       | 00      | 90   | 20                        | 07       | 00            | 00                         | 06            | 00  | 00 | 00 | 00 |           |      |      | Add | ires | 5 = L | DFF(     | 0000 | )0 |                           |          |               |               |       |          |               |    |    |
| 10    | 00     | 00    | 00     | 00     | 00       | 00      | 00   | 00                        | 00       | 00            | 00                         | 00            | 00  | 00 | 00 | 00 | 3         | 6 0  | 00   | 01  | 02   | 03    | 04       | 05   | 06 | 07                        | 08       | 09            | 0A            | 0B    | 0C       | 0D            | 0E | OF |
| 20    | 00     | 00    | 00     | 00     | 00       | 00      | 00   | 00                        | 00       | 00            | 00                         | 00            | 28  | 10 | 33 | 02 |           |      | B    | 38  | 8D   | 0.0   | 00       | 00   | 00 | 00                        | F9       | EE            | 00            | 05    | 00       | 00            | 00 |    |
| 30    | 00     | 00    | 00     | 00     | E0       | 00      | 00   | 00                        | 00       | 00            | 00                         | 00            | 00  | 00 | 00 | 00 | Ż         |      |      | 7D  | 01   | 90    | 00       | 00   | 00 | 00                        | 00       | 00            | 00            | 00    | 8D       | 64            | 24 | 00 |
| 40    | 01     | 50    | DA     | FE     | 00       | 00      | 00   | 00                        | 01       | 00            | DA                         | FE            | 00  | 00 | 00 | 00 |           |      | 18   | 00  | 00   | 54    | 00       | 00   | 50 | 00                        | 01       | 50            | 00            | 00    |          | 10            | 01 | 88 |
| 50    | 00     | 00    | 02     | 00     | 43       | 03      | 00   | 00                        | 00       | 00            | 00                         | 00            | 00  | 00 | 00 | 00 |           |      |      | 00  | 10   | 24    | 00       | 00   | 10 | 00                        | 10       | 20            | 00            | 66    | 06<br>2E | 10<br>0F      | 01 |    |
| 60    | 05     | 00    | 00     | F8     | 00       | 00      | 00   | 00                        | 01       | 40            | DA                         | FE            | 00  | 00 | 00 | 00 |           |      | 10   | 00  | 10   | 20    | 00       | B0   | 10 | 00                        | 10       | 30            | -FA           | 66    |          |               |    | 1E |
| 70    | 00     | 00    | 00     | 00     | 00       | 00      | 00   | 00                        | 01       | 10            | 00                         | 00            | 00  | 00 | 00 | 05 | -         | -    | 8    | 80  | 00   | ZE    | 0        | 01   | 10 | 20                        | 80       | 0             | 20            | C3    | 80       | CB            | 01 | 0F |
| 80    | 00     | 00    | 00     | 00     | 00       | 00      | 00   | 00                        | 00       | 00            | 00                         | 00            | 00  | 00 | 20 | 00 |           |      | 22   | C3  | 66   | EA    | 00       | 32   | FU | DF                        | 80       | 00            | 8B            | FF 00 | 80       | 00            | 68 | 00 |
| 90    | 10     | 11    | 11     | 01     | 00       | 00      | 00   | 00                        | 40       | 00            | 47                         | 00            | 00  | 4A | 79 | 00 |           | _    | =0   | DF  | 80   | 9B    | 00       | 00   | 00 | 00                        | 00       | 00            | 00            | 00    | 00       | 00            | 00 | 00 |
| A0    | 20     | 00    | 00     | 12     | 00       | 00      | 00   | 00                        | 00       | 00            | 00                         | 00            | 00  | 00 | 00 | 00 |           |      | F    | FF  | 00   | 00    | 00       | 9F   | CF | 00                        | FF       | FF            | 00            | 00    | 00       | 93            | CF | 00 |
|       |        |       |        |        |          |         |      |                           |          |               |                            |               |     |    |    |    |           | ~    | 00   | 10  | 00   | 00    | C8       | 93   | 00 | FE                        | FF       | FF            | 00            | 00    | 00       | 93            | CF | 00 |
|       |        |       |        |        |          |         |      |                           |          |               |                            |               |     |    |    |    |           | 00   |      | FF  | 00   | 00    | 00       | 93   | 00 | 00                        | FF       | FF            | 00            | 00    | 0F       | 9F            | 05 | 00 |
|       |        |       |        |        |          |         |      |                           |          |               |                            |               |     |    |    |    |           |      | F    | F   | 00   | 00    | 00       | 93   | 00 | 00                        | FF       | FF            | 00            | 00    | 00       | 93            | 00 | 00 |
|       |        |       |        |        |          |         |      |                           |          |               |                            |               |     |    |    |    | B         | 80 F | F    | FF  | 20   | 00    | 00       | 93   | 00 | 00                        | FF       | FF            | 00            | 00    | 00       | 93            | 00 | 00 |

- Well, there is some binary at DFF0\_0000h
- EB 38 is a JMP instruction which would take us to DFF0\_003Ah
- But shouldn't our code enter at SMBASE + 8000h (DFF0\_8000h) instead? Maybe this is just random bits.

| 🌉 Me  | emoŋ | y   |      |       |     |      |    |              |           |    |                            |    |    |    |    |    |
|-------|------|-----|------|-------|-----|------|----|--------------|-----------|----|----------------------------|----|----|----|----|----|
|       | bir  |     |      | đ     | ġ,  |      |    | byte<br>8bit | wo<br>161 |    | word<br><mark>2 bit</mark> | ì  |    |    |    |    |
|       |      | Add | dres | s = [ | DFF | 0800 | 00 |              |           |    |                            |    |    |    |    |    |
| 2     | 00   | 01  | 02   | 03    | 94  | 05   | 06 | 07           | 08        | 09 | 0A                         | 0B | 0C | 0D | 0E | 0F |
| 00    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 10    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 20    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 30    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 40    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 50    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 60    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 70    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 80    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| 90    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| A0    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| BO    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| C0    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| DO    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| E0    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| F0    | 00   | 00  | 00   | 00    | 00  | 00   | 00 | 00           | 00        | 00 | 00                         | 00 | 00 | 00 | 00 | 00 |
| Hardw | are  |     |      |       |     |      |    |              |           |    |                            |    |    |    |    |    |

- Let's look at address DFF0\_8000h
- Definitely <u>not</u> executable code
- Call it a hunch but let's look at address DFF0\_7EF8h
- Recall that the SMBASE field in the state save register is located at offset SMBASE + 8000h + 7EF8h
- Let's see what that shows us

| 📕 Memory |              |                      |           |          |
|----------|--------------|----------------------|-----------|----------|
|          | - 🐴 👫        | byte wor<br>8bit 16b | d dword 1 | 2        |
| Addr     | ess = DFF07E | EF8                  |           |          |
| 156      | 03020100     | 07060504             | 0B0A0908  | 0F0E0D0C |
| 00       | DFEF8000     | 00030100             | 00000000  | 00000000 |
| 10       | 00000000     | 00000000             | 00000000  | 80000048 |
| 20       | 00186001     | 00000000             | 00000000  | 00000000 |
| 30       | 00000000     | 00000000             | 00000000  | 00000000 |
| 40       | 00000000     | 00000000             | 00000000  | 00000000 |
| 50       | 00000000     | 00000000             | 00000000  | 00000000 |
| 60       | 00000000     | 00000050             | 00000000  | 0000001  |
| 70       | 00000000     | 00000000             | 00000000  | 8556A998 |
| 80       | 00000000     | 8293EC98             | 00000000  | 8293ED20 |
| 90       | 00000000     | 8556AB60             | 00000000  | 82941D20 |
| A0       | 00000000     | 00000000             | 00000000  | 10000014 |
| BO       | 00000023     | 0000008              | 00000010  | 0000023  |
| C0       | 00000030     | 00000000             | 00000000  | 0000028  |
| D0       | 00000400     | 00000000             | FFFF0FF0  | 00000000 |
| E0       | 923D1F88     | 00000000             | 00000800  | 00000000 |
| F0       | 00000046     | 00000000             | 00185000  | 00000000 |
| Hardware |              |                      |           |          |

- This is the SMBASE value and its value is DFEF\_8000h
- So SMBASE + 8000h is DFF0\_0000h which is our TSEG base
- Technically, the SMRAM range is outside of the TSEG protected area



- We can see that it's outside the range if we go to an address just under DFF0\_000h and write some bytes
- Then we can toggle the D\_OPEN bit off and on and see that the bytes we just wrote are still present whether SMRAM is open or closed



- It's definitely not good! But...
- In \*this\* case the SMI handler neither references nor calls anything in this unprotected range
- So it's "okay" in this case, but could be catastrophic in another
- The moral of the story: Ensure that all SMI handler accessed code/data is within the protected memory range
  - ITL found multiple bugs in Intel's SMM code where it was accessing data outside the protected ranges, which could consequently be attacker controlled (which led to simple "change a function pointer to jump to my code" type attacks, and could lead to buffer overflow attacks)

# TODO

• Needs a discussion of TSEG as DMA protection