34-10 Vol. 3C
SYSTEM MANAGEMENT MODE
•
Near jumps and calls can be made to anywhere in the 4-GByte address space if a 32-bit operand-size override
prefix is used. Due to the real-address-mode style of base-address formation, a far call or jump cannot transfer
control to a segment with a base address of more than 20 bits (1 MByte). However, since the segment limit in
SMM is 4 GBytes, offsets into a segment that go beyond the 1-MByte limit are allowed when using 32-bit
operand-size override prefixes. Any program control transfer that does not have a 32-bit operand-size override
prefix truncates the EIP value to the 16 low-order bits.
•
Data and the stack can be located anywhere in the 4-GByte address space, but can be accessed only with a 32-
bit address-size override if they are located above 1 MByte. As with the code segment, the base address for a
data or stack segment cannot be more than 20 bits.
The value in segment register CS is automatically set to the default of 30000H for the SMBASE shifted 4 bits to the
right; that is, 3000H. The EIP register is set to 8000H. When the EIP value is added to shifted CS value (the
SMBASE), the resulting linear address points to the first instruction of the SMI handler.
The other segment registers (DS, SS, ES, FS, and GS) are cleared to 0 and their segment limits are set to 4 GBytes.
In this state, the SMRAM address space may be treated as a single flat 4-GByte linear address space. If a segment
register is loaded with a 16-bit value, that value is then shifted left by 4 bits and loaded into the segment base
(hidden part of the segment register). The limits and attributes are not modified.
Maskable hardware interrupts, exceptions, NMI interrupts, SMI interrupts, A20M interrupts, single-step traps,
breakpoint traps, and INIT operations are inhibited when the processor enters SMM. Maskable hardware interrupts,
exceptions, single-step traps, and breakpoint traps can be enabled in SMM if the SMM execution environment
provides and initializes an interrupt table and the necessary interrupt and exception handlers (see Section 34.6).
34.5.2
SMI Handler Operating Mode Switching
Within SMM, an SMI handler may change the processor's operating mode (e.g., to enable PAE paging, enter 64-bit
mode, etc.) after it has made proper preparation and initialization to do so. For example, if switching to 32-bit
protected mode, the SMI handler should follow the guidelines provided in Chapter 9, “Processor Management and
Initialization”. If the SMI handler does wish to change operating mode, it is responsible for executing the appro-
priate mode-transition code after each SMI.
It is recommended that the SMI handler make use of all means available to protect the integrity of its critical code
and data. In particular, it should use the system-management range register (SMRR) interface if it is available (see
Section 11.11.2.4). The SMRR interface can protect only the first 4 GBytes of the physical address space. The SMI
handler should take that fact into account if it uses operating modes that allow access to physical addresses beyond
that 4-GByte limit (e.g. PAE paging or 64-bit mode).
Execution of the RSM instruction restores the pre-SMI processor state from the SMRAM state-state map (see
Section 34.4.1) into which it was stored when the processor entered SMM. (The SMBASE field in the SMRAM state-
save map does not determine the state following RSM but rather the initial environment following the next entry to
SMM.) Any required change to operating mode is performed by the RSM instruction; there is no need for the SMI
handler to change modes explicitly prior to executing RSM.
34.6
EXCEPTIONS AND INTERRUPTS WITHIN SMM
When the processor enters SMM, all hardware interrupts are disabled in the following manner:
DS, ES, FS, GS, SS Bases
000000000H
DS, ES, FS, GS, SS Limits
0FFFFFFFFH
CR0
PE, EM, TS, and PG flags set to 0; others unmodified
CR4
Cleared to zero
DR6
Undefined
DR7
00000400H
Table 34-4. Processor Register Initialization in SMM