Hardware-assisted integrity monitor

摘要

A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.

主权项

1. An apparatus, comprising:
a hardware processor of a target machine, the hardware processor configured to implement a Basic Input/Output System (BIOS) level management operating mode, the hardware processor including (1) an acquiring module configured to execute within the BIOS level management operating mode and (2) a network module configured to execute within the BIOS level management operating mode, the acquiring module configured to acquire an indication of a memory state of a memory of the target machine in response to the hardware processor entering the BIOS level management operating mode, the network module configured to send the indication of the memory state to an analysis module in response to (1) the hardware processor entering the BIOS level management operating mode and (2) the acquiring module acquiring the indication of the memory state, the hardware processor configured to remain in the BIOS level management operating mode until the network module has completed sending the indication of the current memory state to the analysis module.