Published In

HASP '20: Hardware and Architectural Support for Security and Privacy

Document Type


Publication Date



Virtual computer systems -- Security measures, Rootkits (Computer software)


Recent years have seen a growing concern over System Management Mode (SMM) and its broad access to platform resources. The SMI Transfer Monitor (STM) is Intel’s most powerful executing CPU context. The STM is a firmware-based hypervisor that applies the principle of least privilege to powerful System Management Interrupt (SMI) handlers that control runtime firmware. These handlers have traditionally had full access to memory as well as the register state of applications and kernel code even when their functionality did not require it. The STM has been been enabled for UEFI and, most recently, coreboot firmware, adding protection against runtime SMM-based attacks as well as establishing a firmware-based Trusted Execution Environment (TEE) capability. We provide a detailed overview of the STM architecture, evaluate its protections, and quantify its performance. Our results show the STM can protect against published SMM vulnerabilities with tolerable performance overhead


© 2020 Association for Computing Machinery.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

© 2020 Association for Computing Machinery.


HASP '20, October 17, 2020, Virtual, Greece



Persistent Identifier