Page 1277

Vol. 3C 34-27

SYSTEM MANAGEMENT MODE

•

The 32 bits at the MSEG base address (used as a physical address) must contain the processor’s MSEG revision
identifier.

•

Bits 31:1 of the SMM-transfer monitor features field in the MSEG header (see Table 34-10) must be 0. Bit 0 of
the field (the IA-32e mode SMM feature bit) must be 0 if the processor does not support Intel 64 architecture.

If either of these checks fail, execution of VMCALL fails.

34.15.6.3 Updating the Current-VMCS and Executive-VMCS Pointers

Before performing the steps in Section 34.15.2.2, SMM VM exits that activate the dual-monitor treatment begin by
loading the SMM-transfer VMCS pointer with the value of the current-VMCS pointer.

34.15.6.4 Saving Guest State

As noted in Section 34.15.2.4, SMM VM exits save the contents of the SMBASE register into the corresponding field
in the guest-state area. While this is true also for SMM VM exits that activate the dual-monitor treatment, the
VMCS used for those VM exits exists outside SMRAM.
The SMM-transfer monitor (STM) can also discover the current value of the SMBASE register by using the RDMSR
instruction to read the IA32_SMBASE MSR (MSR address 9EH). The following items detail use of this MSR:

•

The MSR is supported only if IA32_VMX_MISC[15] = 1 (see Appendix A.6).

•

A write to the IA32_SMBASE MSR using WRMSR generates a general-protection fault (#GP(0)). An attempt to
write to the IA32_SMBASE MSR fails if made as part of a VM exit or part of a VM entry.

•

A read from the IA32_SMBASE MSR using RDMSR generates a general-protection fault (#GP(0)) if executed
outside of SMM. An attempt to read from the IA32_SMBASE MSR fails if made as part of a VM exit that does not
end in SMM.

34.15.6.5 Saving MSRs

The VM-exit MSR-store area is not used by SMM VM exits that activate the dual-monitor treatment. No MSRs are
saved into that area.

34.15.6.6 Loading Host State

The VMCS that is current during an SMM VM exit that activates the dual-monitor treatment was established by the
executive monitor. It does not contain the VM-exit controls and host state required to initialize the STM. For this
reason, such SMM VM exits do not load processor state as described in Section 27.5. Instead, state is set to fixed
values or loaded based on the content of the MSEG header (see Table 34-10):

•

CR0 is set to as follows:
— PG, NE, ET, MP, and PE are all set to 1.
— CD and NW are left unchanged.
— All other bits are cleared to 0.

•

CR3 is set as follows:
— Bits 63:32 are cleared on processors that support IA-32e mode.
— Bits 31:12 are set to bits 31:12 of the sum of the MSEG base address and the CR3-offset field in the MSEG

header.

— Bits 11:5 and bits 2:0 are cleared (the corresponding bits in the CR3-offset field in the MSEG header are

ignored).

— Bits 4:3 are set to bits 4:3 of the CR3-offset field in the MSEG header.

•

CR4 is set as follows:
— MCE and PGE are cleared.
— PAE is set to the value of the IA-32e mode SMM feature bit.