Intel + Microsoft Continue Work On Replacing More SMM "Black Boxes" With PRM
Given all the headaches and concerns from the early days of UEFI SecureBoot, for longtime Linux users hearing Microsoft is working on another firmware-level standard in the name of security may raise concerns... Microsoft in conjunction with Intel has been spearheading the Platform Runtime Mechanism (PRM) that is about moving more code out of the System Management Mode (SMM) and executing it within the OS/VMM context. PRM remains a work-in-progress but the Windows support is already ready within Windows Insiders builds while the Linux support will come after the ACPI specification around it has been finalized.
The Platform Runtime Mechanism effort has been going on for over a year now in an effort to move more code out of the "lurking black box" that is the System Management Mode (SMM) and into the PRM that can be executed by the OS/VMM context. Yes, Microsoft complaining of "black boxes" is a bit ironic but the System Management Mode has long been a concern for many due to the possibility of malicious rootkits and other genuine issues.
But besides the security concerns around SMM, there are also possible performance implications and other factors that make having less code running in SMM ideal, so Intel and Microsoft have been driving the push to move some SMI handlers that do not require SMM privileges out of that mode and into the operating system execution context via the tentative Platform Runtime Mechanism implementation. System Management Mode though will remain for privileged handlers, etc.
The open-source generic infrastructure implementation of PRM has been stabilizing via TianoCore's edk2-staging PlatformRuntimeMechanisms branch. There are also open-source sample PRM modules available plus documentation.
The actual PRM specifications though are still being settled within the ACPI and UEFI working groups but sounds like that will be settled in 2021. The latest Windows Insider builds already have the initial Microsoft support in place while the Linux support for PRM will come after the PRM specification has been published and the kernel code undergoes its usual review process for upstreaming.
For those wanting to learn more about the ongoing work around the Platform Runtime Mechanism, Microsoft's Michael Kubacki was at the virtual Open-Source Firmware Conference (OSFC 2020) this week talking up PRM. See this slide deck (PDF) for the latest on PRM.
The Platform Runtime Mechanism effort has been going on for over a year now in an effort to move more code out of the "lurking black box" that is the System Management Mode (SMM) and into the PRM that can be executed by the OS/VMM context. Yes, Microsoft complaining of "black boxes" is a bit ironic but the System Management Mode has long been a concern for many due to the possibility of malicious rootkits and other genuine issues.
But besides the security concerns around SMM, there are also possible performance implications and other factors that make having less code running in SMM ideal, so Intel and Microsoft have been driving the push to move some SMI handlers that do not require SMM privileges out of that mode and into the operating system execution context via the tentative Platform Runtime Mechanism implementation. System Management Mode though will remain for privileged handlers, etc.
The open-source generic infrastructure implementation of PRM has been stabilizing via TianoCore's edk2-staging PlatformRuntimeMechanisms branch. There are also open-source sample PRM modules available plus documentation.
The actual PRM specifications though are still being settled within the ACPI and UEFI working groups but sounds like that will be settled in 2021. The latest Windows Insider builds already have the initial Microsoft support in place while the Linux support for PRM will come after the PRM specification has been published and the kernel code undergoes its usual review process for upstreaming.
For those wanting to learn more about the ongoing work around the Platform Runtime Mechanism, Microsoft's Michael Kubacki was at the virtual Open-Source Firmware Conference (OSFC 2020) this week talking up PRM. See this slide deck (PDF) for the latest on PRM.
46 Comments