SYSTEM-MANAGEMENT MODE Release 61 Last change 16jul00 Copyright (c) 1997,1998,1999,2000 Ralf Brown --------------------------------------------- SMM Am486 Format of Am486 SMM State-Save Map: Offset Size Description (Table S0001) FE00h reserved FEE4h DWORD DR3 FEE8h DWORD DR2 FEECh DWORD DR1 FEF0h DWORD DR0 FEF4h DWORD CR2 FEF8h DWORD SMM state dump base address fEFCh DWORD SMM revision ID (see #S0004) FF00h WORD I/O restart (set to 00FFh to re-execute trapped I/O) FF02h WORD halt auto restart (bit 0 set on entry if SMI during HLT) (set to 00FFh to restart from HLT) FF04h DWORD I/O trap word (see #S0002) FF08h DWORD reserved FF0Ch DWORD reserved FF10h DWORD previous EIP FF14h 5 DWORDs ??? FF28h DWORD reserved FF2Ch DWORD reserved FF30h DWORD ES limit FF34h DWORD ES base FF38h DWORD ES attributes FF3Ch DWORD CS limit FF40h DWORD CS base FF44h DWORD CS attributes FF48h DWORD SS limit FF4Ch DWORD SS base FF50h DWORD SS attributes FF54h DWORD DS limit FF58h DWORD DS base FF5Ch DWORD DS attributes FF60h DWORD FS limit FF64h DWORD FS base FF68h DWORD FS attributes FF6Ch DWORD GS limit FF70h DWORD GS base FF74h DWORD GS attributes FF78h DWORD LDT limit FF7Ch DWORD LDT base FF80h DWORD LDT attribute FF84h DWORD GDT limit FF88h DWORD GDT base FF8Ch DWORD GDT attribute FF90h DWORD IDT limit FF94h DWORD IDT base FF98h DWORD IDT attribute FF9Ch DWORD TSS limit FFA0h DWORD TSS base FFA4h DWORD TSS attribute FFA8h WORD ES FFAAh WORD unused??? FFACh WORD CS FFAEh WORD unused??? FFB0h WORD SS FFB2h WORD unused??? FFB4h WORD DS FFB6h WORD unused??? FFB8h WORD FS FFBAh WORD unused??? FFBCh WORD GS FFBEh WORD unused??? FFC0h DWORD LDTR FFC4h DWORD TR FFC8h DWORD DR7 FFCCh DWORD DR6 FFD0h DWORD EAX FFD4h DWORD ECX FFD8h DWORD EDX FFDCh DWORD EBX FFE0h DWORD ESP FFE4h DWORD EBP FFE8h DWORD ESI FFECh DWORD EDI FFF0h DWORD EIP FFF4h DWORD EFLAGS FFF8h DWORD CR3 FFFCh DWORD CR0 SeeAlso: #S0003 Bitfields for AMD Am486 I/O trap word: Bit(s) Description (Table S0002) 31-16 I/O address 15-2 reserved 1 valid I/O instruction 0 direction SeeAlso: #S0001 --------------------------------------------- SMM AMD-K5 Format of AMD K5 SMM State-Save Area: Offset Size Description (Table S0003) FE00h reserved FEF8h DWORD SMM base address (may be set to any multiple of 32K; initially 00030000h) FEFCh DWORD SMM revision identifier (see #S0004) FF00h WORD I/O trap restart slot (see #S0007) FF02h WORD HLT restart slot (see #S0005) FF04h DWORD I/O restart EDI FF08h DWORD I/O restart ECX FF0Ch DWORD I/O restart ESI FF10h DWORD CR4 FF14h DWORD CR2 FF18h 3 DWORDs reserved FF24h DWORD ES limit FF28h DWORD ES base FF2Ch DWORD ES attributes FF30h DWORD CS limit FF34h DWORD CS base FF38h DWORD CS attributes FF3Ch DWORD SS limit FF40h DWORD SS base FF44h DWORD SS attributes FF48h DWORD DS limit FF4Ch DWORD DS base FF50h DWORD DS attributes FF54h DWORD FS limit FF58h DWORD FS base FF5Ch DWORD FS attributes FF60h DWORD GS limit FF64h DWORD GS base FF68h DWORD GS attributes FF6Ch DWORD LDT limit FF70h DWORD LDT base FF74h DWORD LDT attributes FF78h DWORD TSS limit FF7Ch DWORD TSS base FF80h DWORD TSS attributes FF84h DWORD GDT limit FF88h DWORD GDT base FF8Ch DWORD IDT limit FF90h DWORD IDT base FF94h 2 DWORDs reserved FF9Ch DWORD I/O trap EIP FFA0h DWORD reserved FFA4h DWORD I/O trap DWORD (see #S0006) FFA8h WORD ES FFAAh WORD unused??? FFACh WORD CS FFAEh WORD unused??? FFB0h WORD SS FFB2h WORD unused??? FFB4h WORD DS FFB6h WORD unused??? FFB8h WORD FS FFBAh WORD unused??? FFBCh WORD GS FFBEh WORD unused??? FFC0h DWORD LDTR FFC4h DWORD TR FFC8h DWORD DR7 FFCCh DWORD DR6 FFD0h DWORD EAX FFD4h DWORD ECX FFD8h DWORD EDX FFDCh DWORD EBX FFE0h DWORD ESP FFE4h DWORD EBP FFE8h DWORD ESI FFECh DWORD EDI FFF0h DWORD EIP FFF4h DWORD EFLAGS FFF8h DWORD CR3 FFFCh DWORD CR0 SeeAlso: #S0001 Bitfields for AMD K5 SMM Revision Identifier: Bit(s) Description (Table S0004) 31-18 reserved (0) 17 SMM base address relocation available (always 1 [enabled] on K5) 16 I/O trap restart supported (always 1 on K5) 15-0 SMM revision level (currently 0000h) SeeAlso: #S0003 Bitfields for AMD K5 Halt Restart Slot: Bit(s) Description (Table S0005) 15-1 undefined 0 (on SMM entry) entered SMM from Halt state (at RSM) return to Halt state instead of state in SMM state-save area SeeAlso: #S0003 Bitfields for AMD K5 I/O Trap DWORD: Bit(s) Description (Table S0006) 31-16 I/O port address 15 I/O was string operation (INS,OUTS,etc.) 14-2 reserved 1 valid I/O instruction 0 direction (0 = output, 1 = input) SeeAlso: #S0003,#S0007 Bitfields for AMD K5 I/O Trap Restart Slot: Bit(s) Description (Table S0007) 31-16 reserved 15-0 I/O instruction restart on RSM 0000h resume at next instruction following trapped I/O instruction (default on SMM entry) 00FFh re-execute the trapped I/O instruction Note: before changing the restart value, check that the I/O instruction is actually valid (see #S0006) SeeAlso: #S0003,#S0006 --------------------------------------------- SMM Pentium Format of Pentium State Dump record: Offset Size Description (Table S0008) FE00h 248 BYTEs officially reserved, actually unused FEF8h DWORD state dump base address (must be multiple of 32K) FEFCh DWORD SMM revision identifier bits 15-0: SMM revision level bit 16: I/O trap extension is present (offset FF00h) bit 17: SMM base relocation supported (offset FEF8h) bits 31-18: reserved FF00h WORD I/O Trap restart (set to 00FFh to re-execute trapped I/O) FF02h WORD Halt auto-restart (bit 0 set on entry if SMI during HLT; if handler clears it, the CPU returns to the instruction after the interrupted HLT rather than to the HLT instruction) FF04h DWORD (undoc) I/O restart EDI / CR0 FF08h DWORD (undoc) I/O restart ECX FF0Ch DWORD (undoc) I/O restart ESI FF10h DWORD (undoc) I/O restart EIP FF14h 16 BYTEs unused FF24h WORD (undoc) alternate DR6 FF26h WORD (undoc) RSM control if bit 0 set on return, the low word of DR6 is loaded from FF26h instead of FFCCh FF28h DWORD (undoc) CR4 FF2Ch DWORD unused FF30h 12 BYTEs (undoc) ES descriptor cache DWORD limit DWORD base address DWORD type FF3Ch 12 BYTEs (undoc) CS descriptor cache FF48h 12 BYTEs (undoc) SS descriptor cache FF54h 12 BYTEs (undoc) DS descriptor cache FF60h 12 BYTEs (undoc) FS descriptor cache FF6Ch 12 BYTEs (undoc) GS descriptor cache FF78h 12 BYTEs (undoc) LDT descriptor cache FF84h 12 BYTEs (undoc) GDT descriptor cache FF90h 12 BYTEs (undoc) IDT descriptor cache FF9Ch 12 BYTEs (undoc) TSS descriptor cache FFA8h WORD ES FFAAh WORD reserved FFACh WORD CS FFAEh WORD reserved FFB0h WORD SS FFB2h WORD reserved FFB4h WORD DS FFB6h WORD reserved FFB8h WORD FS FFBAh WORD reserved FFBCh WORD GS FFBEh WORD reserved FFC0h DWORD LDTR FFC4h DWORD TR FFC8h DWORD DR7 FFCCh DWORD DR6 FFD0h DWORD EAX FFD4h DWORD ECX FFD8h DWORD EDX FFDCh DWORD EBX FFE0h DWORD ESP FFE4h DWORD EBP FFE8h DWORD ESI FFECh DWORD EDI FFF0h DWORD EIP FFF4h DWORD EFLAGS FFF8h DWORD CR3 FFFCh DWORD CR0 SeeAlso: #S0003 --------!---Admin---------------------------- Highest Table Number = S0008 --------!---FILELIST------------------------- Please redistribute all of the files comprising the interrupt list (listed at the beginning of the list and in INTERRUP.1ST) unmodified as a group, in a quartet of archives named INTER61A through INTER61D (preferably the original authenticated PKZIP archives), and the utility and hypertext conversion programs in two additional archives called INTER61E.ZIP and INTER61F.ZIP. Copyright (c) 1989-1999,2000 Ralf Brown --------!---CONTACT_INFO--------------------- E-mail: ralf@pobox.com (currently forwards to ralf@telerama.lm.com)