Non SMRAM access in SMM
Besides the SMRAM, the SMM memory protection also limits the access to the non-SMRAM region.
First, the non-SMRAM region must be set to be non-executable because the SMM entities should not call any code outside SMRAM. Code outside of SMRAM might be controlled by malicious software.
This protection work is done by InitPaging() at https:\/\/github.com\/tianocore\/edk2\/blob\/master\/UefiCpuPkg\/PiSmmCpuDxeSmm\/SmmProfile.c
Second, because of the security concerns regarding SMM entities accessing VMM memory, [WindowsWSMT], [Wsmt.docx] and [MicrosoftHV] introduced the Windows SMM Security Mitigations Table (WSMT). A platform needs to report the WSMT table in order to declare that the SMI handler will validate the SMM communication buffer.
As we discussed in [SecureSmmComm], the SMI handler should check if the SMM communication buffer is from a fixed region, (EfiReservedMemoryType\/ EfiACPIMemoryNVS\/ EfiRuntimeServicesData\/ EfiRuntimeServicesCode). However, this is a passive check. If a SMI handler does not include such a check, it is hard to detect.
A better way is to use an active check. The PiSmmCpu driver sets the non-fixed DRAM region (EfiLoaderCode\/ EfiLoaderData\/ EfiBootServicesCode\/ EfiBootServicesData\/ EfiConventionalMemory\/ EfiUnusableMemory\/ EfiACPIReclaimMemory) to be not-present in the page tables after the SmmReadyToLock event.
As such, if a platform SMI handler does not include the check recommended in [SecureSmmComm], the system will get #PF exception within SMM on such an attack.
This protection work is done by SetUefiMemMapAttributes() at https:\/\/github.com\/tianocore\/edk2\/blob\/master\/UefiCpuPkg\/PiSmmCpuDxeSmm\/SmmCpuMemoryManagement.c.
Figure 3 shows final image layout.
Figure 3 Page table enforced memory layout
The assumption for non-SMRAM access in SMM is described in [SecureSmmComm].
Besides that, this solution assumes that all DRAM regions are added to the Global Coherency Domain (GCD) management before EndOfDxe, so that the UEFI memory map can return all DRAM regions. If there are more regions added to the GCD after EndOfDxe, those regions are not set to not-present in the page table.
NOTE: The SMM does not set the not-present bit for the GCD EfiGcdMemoryTypeNonExistent memory, because this type of memory may be converted to the other types, such as EfiGcdMemoryTypeReserved, or EfiGcdMemoryTypeMemoryMappedIo, which might be accessed by the SMM later.