Talk:System Management Mode

Is System Management Mode a rootkit?
Should the article be added to Category:Rootkits? I think that SMM technically is a rootkit because it executes at a higher privilege level than both hypervisors and operating systems are able to attain, and the user has no choice on whether or not this is installed in his or her computer.

Unfortunately, SMM is now used by motherboards to handle power and thermal management when such management should be handled by an OS or a hypervisor driver. Jesse Viviano (talk) 06:30, 30 November 2010 (UTC)


 * Technically this is a special mode of motherboard firmware (SMI defined by BIOS Firmware, user selects motherboard with BIOS firmware included and he can't uninstall BIOS from board without breaking it). SMM was created at time when 80486 was fastest CPU and no OS (e.g. DOS) or hypervisor (there were none) was able to do motherboard management. It can be used to hide rootkits, but any BOOT ROM can has rootkit stored inside it (both BIOS rootkits and PCI Boot Rom rootkits). BIOS itself and PCI boot roms are not a rootkits, it is just a place, where attacker can store a rootkit. So, no category of Rootkit is here will. `a5b (talk) 13:36, 4 August 2011 (UTC)

Intel protection from cache poisoning a SMI handlers
United States Patent 7698507 "Protecting system management mode (SMM) spaces against cache attacks" http://www.google.com/patents?id=8ULOAAAAEBAJ& `a5b (talk) 13:36, 4 August 2011 (UTC)

Neutrality
In the second paragraph under the main heading, i noticed the phrasing "AMD copied Intel's SMM with the Enhanced Am486 processors in 1994.".

I'm not sure wether the use of the word "copied" is actually justified. It strikes me as not being particularly neutral. It sounds to me like a word chosen by a fanboy, or someone who otherwise does not like AMD.

In similar articles, the word "implemented" is often used instead.

109.246.13.74 (talk) 01:16, 30 January 2016 (UTC)


 * ✅, thanks. In the future, feel free to edit the page yourself. -- intgr [talk] 22:09, 2 February 2016 (UTC)

SMM and Rootkits
Read a post online just now about SMM being used as a vulnerability for rootkits. Post also said some rootkits taking advantage of SMM vulnerabilities have been found "in the wild". Came here to find out if this is true. Was looking for a special section here dedicated to the idea that SMM is a security vulnerability (or not) and that rootkits have been found to take advantage of this weakness (if it exists). It would be nice of the article had a section discussing this.2605:6000:6947:AB00:D4DE:D7CD:2EEE:6220 (talk) 04:42, 13 March 2018 (UTC)