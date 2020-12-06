Given all the headaches and concerns from the early days of UEFI SecureBoot, for longtime Linux users hearing Microsoft is working on another firmware-level standard in the name of security may raise concerns... Microsoft in conjunction with Intel has been spearheading the Platform Runtime Mechanism (PRM) that is about moving more code out of the System Management Mode (SMM) and executing it within the OS/VMM context. PRM remains a work-in-progress but the Windows support is already ready within Windows Insiders builds while the Linux support will come after the ACPI specification around it has been finalized.The Platform Runtime Mechanism effort has been going on for over a year now in an effort to move more code out of the "lurking black box" that is the System Management Mode (SMM) and into the PRM that can be executed by the OS/VMM context. Yes, Microsoft complaining of "black boxes" is a bit ironic but the System Management Mode has long been a concern for many due to the possibility of malicious rootkits and other genuine issues.

But besides the security concerns around SMM, there are also possible performance implications and other factors that make having less code running in SMM ideal, so Intel and Microsoft have been driving the push to move some SMI handlers that do not require SMM privileges out of that mode and into the operating system execution context via the tentative Platform Runtime Mechanism implementation. System Management Mode though will remain for privileged handlers, etc.