The Full Wiki

System Management Mode: Wikis


Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.


From Wikipedia, the free encyclopedia

x86 processor modes
Mode First supported
Intel 8086
Intel 80286
Intel 80386
Intel 80386
  • System Management Mode
Intel 386SL
AMD Opteron

System Management Mode (SMM) is an operating mode in which all normal execution (including the operating system) is suspended, and special separate software (usually firmware or a hardware-assisted debugger) is executed in high-privilege mode. It first released with the Intel 386SL. While initially special SL versions were required for SMM, Intel incorporated SMM in its mainline 486 and Pentium processors in 1993. AMD copied Intel's SMM with the Enhanced Am486 processors in 1994. It is available in all later microprocessors in the x86 architecture.



Some uses of SMM are:

  • Primarily to handle system events like memory or chipset errors.
  • System safety functions, such as shutdown on high CPU temperature.
  • Power management operations, such as turning on fans.
  • To emulate motherboard hardware that is unimplemented or buggy.
  • To emulate a PS/2 mouse or keyboard from a USB one.
  • System configuration, such as on Toshiba and IBM notebook computers.
  • To run high-privileged rootkits as shown at Black Hat 2008.[1]
  • To emulate or forward calls to a Trusted Platform Module (TPM).[2]

Entering SMM

SMM is entered via the SMI (system management interrupt), which is caused by:

  • Motherboard hardware or chipset signaling via a designated pin of the processor chip. This signal can be an independent event.
  • Software SMI triggered by the system software via an I/O access to a location considered special by the motherboard logic (port 0B2h is common).
  • An IO write to a location which the firmware has requested that the processor chip act on.


  • By design, the operating system cannot override or disable the SMI.
  • Since the SMM code (SMI handler) is installed by the system firmware (BIOS), the OS and the SMM code may have expectations about hardware settings that are incompatible, such as different ideas of how the Advanced Programmable Interrupt Controller (APIC) should be set up.
  • Operations in SMM take CPU time away from the OS, since the CPU state must be stored to memory (SMRAM) and any write-back caches must be flushed. This can destroy real-time behavior and cause clock ticks to get lost. The Windows and Linux kernels define an ‘SMI Timeout’ setting a period within which SMM handlers must return control to the operating system or it will ‘hang’ or ‘crash’.
  • The SMM may disrupt the behavior of real-time applications with constrained timing requirements.
  • A digital logic analyser may be required to determine if the CPU has entered SMM.
  • Recovering the SMI handler code to analyse it for bugs, vulnerabilities and secrets requires a logic analyser or disassembly of the system firmware.


  1. ^ Hackers find a new place to hide rootkits
  2. ^ Google Tech Talks - Coreboot - 00:34:30 ---see Trusted_Platform_Module

See also

External links

Got something to say? Make a comment.
Your name
Your email address