>> How were you planning to use SMM ? It's only used by the power management
>> hardware...
>
>I only skimmed the articles on it, but I noticed you can mess
>with the fields in the descriptor cache and make the DPL
>different then expected. Was wondering if we could virtualize
>ring0 code by having the selector actually be RPL0, but freek
>the descriptor cache to be DPL3. That way seg pushes will
>push the right RPL value, but accesses will be protected.
I'm not sure what you're referring to (I don't know all that much about SMM),
but what I remember from reading about it, you *can't* get into SMM using
software ! You have to assert the signal on a pin on the pentium. As we
cannot do that, using SMM tricks don't sound like an option. Unless I'm
missing something...
-- Ramon
