Hacker News new | past | comments | ask | show | jobs | submit login

Except for the parts in SMM (often considered "ring -2", below virtualization) that are installed by UEFI to implement stuff like Authenticated Variables (the thing that makes UEFI Secure Boot work and requires a rather complete crypto library for it). See https://firmware.intel.com/sites/default/files/resources/A_T...



That's not really UEFI though per se. Having an oracle in SMM is one option, but sticking them in the Management Engine/PSP or an expanded TPM are other options.

And SMM is way older that UEFI. We'll almost certainly still have SMM after UEFI is gone.


> That's not really UEFI though per se. Having an oracle in SMM is one option, but sticking them in the Management Engine/PSP or an expanded TPM are other options.

It's UEFI code that's linked into a separate module. But it's the same code architecture (and largely the same code), just running in a different CPU mode.

> And SMM is way older that UEFI. We'll almost certainly still have SMM after UEFI is gone.

There are experiments at hardware vendors to get rid of SMM. While that will take approximately as long as the age-old attempts to retire legacy PC components (such as the RTC), it's not universally loved by vendors anymore.


I mean, the management engine these days is the same code architecture, also loaded by UEFI. Is it the same thing?

And yeah I'm sure places like Google that control the whole stack have the ability and will to get rid of SMM for their own systems but that doesn't make sense for the vast majority of systems, particularly from white box vendors. As an example, new archs like AArch64 and RISC-V have equivalents in EL3/PSCI and Monitor Mode (mandated in all chips) respectively. The concept of a piece of code shipped by your board vendor running under the OS and hypervisor for system management tasks is just too useful of a concept.


The Management Engine is very a different beast, if only because its code runs long before the main x86 CPU is even started (and UEFI can run). It also seems to run Minix these days (and before they moved the ME to the tiny Quark-style x86 core, some RTOS on an ARC core).

Unlike the ME firmware, SMM code is usually built with, shipped with and loaded by the x86 firmware.


Pardon the interruption, but I know what all these term are (UEFI, ME, SMM) on a very cursory level, but this thread is sparking g my curiosity. Do you know of any good books / websites / etc. That docs good job of explaining how all these pieces work together in modern processors and firmware?


Perhaps I'm missing something but isn't the RTC still used for time keeping when the computer is powered off? Legacy? Perhaps - but I don't know that there is a 1:1 replacement on PCs?




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: