Page 1278

34-28 Vol. 3C

SYSTEM MANAGEMENT MODE

— If the IA-32e mode SMM feature bit is clear, PSE is set to 1 if supported by the processor; if the bit is set,

PSE is cleared.

— All other bits are unchanged.

•

DR7 is set to 400H.

•

The IA32_DEBUGCTL MSR is cleared to 00000000_00000000H.

•

The registers CS, SS, DS, ES, FS, and GS are loaded as follows:
— All registers are usable.
— CS.selector is loaded from the corresponding field in the MSEG header (the high 16 bits are ignored), with

bits 2:0 cleared to 0. If the result is 0000H, CS.selector is set to 0008H.

— The selectors for SS, DS, ES, FS, and GS are set to CS.selector+0008H. If the result is 0000H (if the CS

selector was FFF8H), these selectors are instead set to 0008H.

— The base addresses of all registers are cleared to zero.
— The segment limits for all registers are set to FFFFFFFFH.
— The AR bytes for the registers are set as follows:

•

CS.Type is set to 11 (execute/read, accessed, non-conforming code segment).

•

For SS, DS, FS, and GS, the Type is set to 3 (read/write, accessed, expand-up data segment).

•

The S bits for all registers are set to 1.

•

The DPL for each register is set to 0.

•

The P bits for all registers are set to 1.

•

On processors that support Intel 64 architecture, CS.L is loaded with the value of the IA-32e mode SMM

feature bit.

•

CS.D is loaded with the inverse of the value of the IA-32e mode SMM feature bit.

•

For each of SS, DS, FS, and GS, the D/B bit is set to 1.

•

The G bits for all registers are set to 1.

•

LDTR is unusable. The LDTR selector is cleared to 0000H, and the register is otherwise undefined (although the
base address is always canonical)

•

GDTR.base is set to the sum of the MSEG base address and the GDTR base-offset field in the MSEG header
(bits 63:32 are always cleared on processors that support IA-32e mode). GDTR.limit is set to the corre-
sponding field in the MSEG header (the high 16 bits are ignored).

•

IDTR.base is unchanged. IDTR.limit is cleared to 0000H.

•

RIP is set to the sum of the MSEG base address and the value of the RIP-offset field in the MSEG header
(bits 63:32 are always cleared on logical processors that support IA-32e mode).

•

RSP is set to the sum of the MSEG base address and the value of the RSP-offset field in the MSEG header
(bits 63:32 are always cleared on logical processor that supports IA-32e mode).

•

RFLAGS is cleared, except bit 1, which is always set.

•

The logical processor is left in the active state.

•

Event blocking after the SMM VM exit is as follows:
— There is no blocking by STI or by MOV SS.
— There is blocking by non-maskable interrupts (NMIs) and by SMIs.

•

There are no pending debug exceptions after the SMM VM exit.

•

For processors that support IA-32e mode, the IA32_EFER MSR is modified so that LME and LMA both contain
the value of the IA-32e mode SMM feature bit.

If any of CR3[63:5], CR4.PAE, CR4.PSE, or IA32_EFER.LMA is changing, the TLBs are updated so that, after
VM exit, the logical processor does not use translations that were cached before the transition. This is not neces-