Laboratory for Advanced Cybersecurity Research, US National Security Agency
The implementation of SMI transfer monitor (STM) support for Coreboot, will be described in this talk.
An STM is a hypervisor that executes in x86 system management mode (SMM) and functions as a peer to the hypervisor or operating system. The STM constrains the SMI handler, by hosting the handler in a virtual machine (VM). Otherwise, the SMI handler holds unconstrained access to the platform, which could undermine the assurance provided by DRTM or TXT.
We have enhanced the base STM to provide a protected execution capability by extending the STM to support additional VMs (PE/VM) in SMM (STM-PE). These enhancements utilize the existing capabilities of the x86 processor and, thus, require no additional hardware.
The focus of this talk will be on describing the requirements needed to load and start the STM and how those requirements are met in the Coreboot STM support. Some low level issues encountered during the testing will also be covered.
We will also provide a brief description how we are utilizing STM-PE to protect kernel introspection in an internal pilot project.