US 11,948,008 B2
System management memory coherency detection
Mason Gunyuzlu, Spring, TX (US); Valiuddin Ali, Spring, TX (US); Robert Craig, Spring, TX (US); Tevin Richards, Spring, TX (US); Richard Bramley, Mansfield, MA (US); and Endrigo Nadin Pinheiro, Spring, TX (US)
Assigned to Hewlett-Packard Development Company, L.P., Spring, TX (US)
Appl. No. 17/293,015
Filed by Hewlett-Packard Development Company, L.P., Spring, TX (US)
PCT Filed Apr. 30, 2019, PCT No. PCT/US2019/029928
§ 371(c)(1), (2) Date May 11, 2021,
PCT Pub. No. WO2020/222804, PCT Pub. Date Nov. 5, 2020.
Prior Publication US 2022/0043683 A1, Feb. 10, 2022
Int. Cl. G06F 9/50 (2006.01)
CPC G06F 9/5016 (2013.01) 15 Claims
OG exemplary drawing
 
1. A computing device comprising:
a memory including:
a system management (SM) memory segment to store information regarding a processor in normal operation of an operating system of the computing device;
an operating system memory segment to store a set of signatures of known process pool tags, wherein a known process pool tag identifies a process implemented in normal operation of the operating system; and
a firmware controller communicatively coupled to the memory, wherein the firmware controller is to:
initiate a SM execution mode of the computing device in response to an interruption to the normal operation of the operating system;
scan the operating system memory segment to detect a process pool tag;
generate a signature for the process pool tag that is detected;
compare the signature generated for the process pool tag to the set of signatures of known process pool tags;
detect a coherency discrepancy from comparing the signature generated for the process pool tag and the set of signatures of known process pool tags, wherein the coherency discrepancy indicates a presence of malware on the computing device;
store the coherency discrepancy in the operating system memory segment for access by the operating system following exit from the SM execution mode; and
exit the SM execution mode.