ST486 [STMICROELECTRONICS]
PROGRAMMING MANUAL; 编程手册
| 型号: | ST486 |
| 厂家: | 
ST |
| 描述: | PROGRAMMING MANUAL |
| 文件: | 总34页 (文件大小:156K) |
| 中文: | 中文翻译 | 下载: | 下载PDF数据表文档文件 |
ST486DX SMM
PROGRAMMING MANUAL
st
1 EDITION
NOVEMBER 1994
GENERAL INDEX
1.
2.
SMM OVERVIEW
Pages
9
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 SGS Thomson SMM Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 A Typical SMM Routine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9
9
SGS THOMSON SMM IMPLEMENTATION 13
2.1 Hardware Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 Configuration Control Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.3 SMM Instruction Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3. SMM SOFTWARECONSIDERATIONS
23
3.1 Enabling SMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.2 SMM Handler Entry State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.3 Maintaining the CPU State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.4 Initializingthe SMM Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.5 Accessing Main Memory Overlapped by SMM Memory . . . . . . . . . . . . . . . . . . . . . . 32
3.6 I/O Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.7 I/O Port Shadowing and Emulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.8 Return to HLT Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.9 Exiting the SMI Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.10 Testing and DebuggingSMM Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.
POWER MANAGEMENT FEATURES
41
4.1 Reducing the Clock Frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.2 Lowering the CPU Supply Voltage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.3 Suspend Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Appendix A Assembler Macros for SGS Thomson Instructions
45
5
ST486DX - SMM OVERVIEW
1.
SMM OVERVIEW
Introduction
1.1
This Programmer’s Guide has been written to aid programmers in the creation of software using the
SGS-Thomson System Management Mode (SMM) for ST486DX CPUs. This guide should be
used in conjunctionwith the SGS-Thomson ST486DX and ST486DX2 Processors Data Book.
SMM programming related to the ST486SLC/e is covered in the ST486SLC/e SMM Programmer’s
Guide.
SMM provides the system designer with another processor operating mode. Within this document
the standard x86 operating modes (real, v86 and protected) are referred to as normal mode. Nor-
mal mode operation can be interrupted by an SMI interrupt or special instruction that places the
processor in System Management Mode (SMM). SMM can be used to enhance the functionality of
the system by providing power management, register shadowing, peripheral emulation and other
system level functions. SMM can be totally transparent to all application software, including pro-
tected mode operating systems.
1.2
SGS-Thomson SMM Features
SMM operation within one of the SGS-Thomson ST486DX microprocessors is similar to related
operations performed by other x86 microprocessors. All processors with SMM capability, switch
into real mode upon entry into the SMM interrupt handler. Each CPU has a unique SMM code lo-
cations. However, the SMM memory region for the SGS-Thomson CPU has aprogrammable loca-
tion and size. All devices save some of the CPU registers upon entry to SMM. The SGS-Thomson
CPU automatically saves minimal register information reducing the entry and exit clock count to as
low as 100 clock cycles. This compareswith Intel’s clock overhead for a typical entry and exit of
633 clock cycles. The SGS-Thomson SMM implementation provides unique instructions that save
additional segment registers as required by the programmer. The x86 MOV instruction can be used
to save the general purpose registers.
Although all SMM capable CPUs provide I/O trapping, the SGS-Thomson CPUs simplify I/O type
identification and instruction restarting. SGS-Thomson CPUs also make available to the SMM rou-
tine information which can simplify peripheral register shadowing.
SGS-Thomson provides a method to prevent SMM configuration registers from being accessed by
applications. Access to the SMM configuration can be prevented by setting a bit in the CPU con-
figuration space. Not allowing an application to disable or alter SMM operation is usefulfor anti-
virus or security measures.
9
ST486DX - SMM OVERVIEW
1.3 Typical SMM Routines
A typical SMM routine is illustrated in the flowchart shown in Figure 1-1. Upon entry to SMM,
the CPU registers that will be used by the SMM routine, mustbe saved. The SMM environment is
initialized by setting up an Interrupt Descriptor Table, initializing segment limits and setting up a
stack. If the SMI wasa result of an I/O bus cycle, the SMM routine can monitor peripheral activ-
ity, shadowread-only ports ,and/or emulate peripherals in software. If a peripheral was powered
down, the SMM routine can power up a peripheral and reissue the I/O instruction. If the SMI was
not caused by an I/O bus cycle, non-trap SMI functions can be serviced. If the instruction execut-
ing, when an SMI occurred, was a HLTinstruction, the HLT instruction it should be restarted when
the SMM routine is complete. Before normal operation is resumed, any CPU registers modified
during the SMM routine must be restored to their previous state.
SMM Entry
Save State
Initialize SMM
Environment
Service
Non-Trap SMI
Service
Trap SMI
Y
Y
N
I/O
Trap?
Device
OFF?
N
Shadow
or Emulate
Modify State
For I/O Restart
Decrement
EIP
Y
HALT?
N
Restore
State
Resume
1727400
SMM Exit
Figure 1 - 1. Typical SMM Routine
10
ST486DX - SMM IMPLEMENTATION
2.
SGS-Thomson SMM IMPLEMENTATION
Hardware Background
2.1
2.1.1 SMM Pins
The signals at the SMI# and SMADS# pins are used to implement SMM. The SMI# pin is bi-direc-
tional. The SMI# pin is used by the chipset to signal the CPU that an SMI has occurred. While the
CPU is in the process of servicing an SMI interrupt, the SMI# pin is an output used to signal the
chipset that the SMM processing is occurring. The SMADS# address strobe signal is generated in-
stead of an ADS# address strobe signal while executing or accessing data in SMM address space.
2.1.2 SMI# Pin Timing
To enter SMM mode, the SMI# signal must be asserted for at least one CLK period (Two clocks if
SMI# is asserted asynchronously). To accomplish I/O trapping, the SMI# signal should be asserted
two clocks before the RDY# for that I/O cycle. Once the CPU recognizes the active SMI# input,
the CPU drives the SMI input low for the duration of the SMI routine. The SMI routine is termi-
nated with an SMI specific resume instruction (RSM). When the RSM instruction is executed, the
CPU drives the SMI pin high for one CLK period. The SMI# pin must be allowed to go high for
one CLK at the end of the SMI routine in order for the next SMI to be recognized. Since the SMI#
pin is bi-directional, not more than one SMI# interrupt can become active at one time.
2.1.3 Address Strobes
The CPU has two address strobes, ADS# and SMADS#. ADS# is the address strobe used during
normal operations. The SMADS# address strobe replaces ADS# during SMM for memory ac-
cesses when data is written, read, or fetched in the SMM defined region. Using a separate address
strobe increases chipset compatibility and control.
During an SMM interrupt routine, control can be transferred to main memory via a JMP, CALL,
Jcc instruction, execution of a software interrupt (INT), or a hardware interrupt (INTR or NMI).
Execution in main memory will cause ADS# to be generated for code and data outside of the de-
fined SMM address region. (It is assumed, but not required, that the chipsetultimately translates
SMADS# and a particular address to some other address.) To access data in main memory that
overlaps the SMM address space, the MMAC bit (CCR1, bit 3) must be set. This allows ADS#
strobes to be generated for data accesses in memory which overlap SMM memory while in SMM
mode. It is not possible to execute code in main memory that overlaps SMM space while in SMM
mode.
13
ST486DX - SMM IMPLEMENTATION
SMADS# can also be generated for memory reads/writes and code fetches within the defined SMM
region when the SMAC bit (CCR1, bit 2) is set while in normal mode. The generation of SMADS#
permits a program in normal mode to jump into SMM code space. The RSM instruction should not
be executed after jumping into SMM space unless valid return information is first written into the
SMM header.
2.1.4 Chipset RDY#
The SGS Thomson CPU has one RDY# input. Chipsets that implement the dual ready lines (one
for SMM and one for normal memory) can logically OR the two ready lines together to produce a
single RDY# line.
2.1.5 Cache Coherency
SMM memory is never cached in the CPU internal cache. This makes cache coherency completely
transparent to the SMM programmer. If the CPU cache is in write-back mode, all write-back cy-
cles will be directed to normal memory with the use of the ADS# signal. An INVD or WBINVD
will write dirty data out to normal memory even if it overlaps with SMM space.
SMM memory can be cached by a external cache controller, but it is up to the cache designer to be
sure to maintain a distinctionbetween SMM memory space and normal memory space.
The A20M# input to the CPU is ignored for all SMM space accesses (any accesses which uses
SMADS#).
2.2
Configuration Control Registers
This section describes how to use the Configuration Control Registers in SMM code. For a com-
plete description of the Configuration Control Registers, refer to the SGS-Thomson ST486DXand
ST486DX2 Processors Data Book.
All Configuration Control Register bits are set to 0 when RESET is asserted. Asserting WM_RST
does not affect the configuration registers.
These registers are accessed by writing the register index to I/O port 22h. I/O port 23h is used for
data transfer. Each data transfer to I/O port 23h must be preceded by an I/O port 22h register index
selection, otherwise the port 23h access will be directed off chip. Before accessing these registers,
all interrupts, including SMI, must be disabled. A problem could occur if an interrupt occurs after
writing to port 22h but before accessing port 23h. The interrupt service routine might access port
22h or 23h. After returning from the interrupt, the access to port 23h would be redirected to an-
other index or possiblyoff chip. Before accessing the Configuration Control Registers from out-
side of SMM mode, the chipset generation of SMI# interrupt must be disabled if the CPU SMI#
input is enabled.
14
ST486DX - SMM IMPLEMENTATION
The portions of the Configuration Control Registers (CCR1, CCR2, and CCR3) which apply to
SMM and power management are described in the following pages.
Table 2 - 1 CCR1 Register
Register INDEX = C1h
7
6
5
4
3
2
1
0
NO-LOCK
MMAC
SMAC
SMI
RPL
Reserved
SMI
Enable SMM Pins
SMI# input pin is ignored and SMADS# output pin floats. Execution of
SMI = 0:
SGS Thomson specific SMM instructions will generate an invalid opcode exception.
SMI = 1:
SMI# input/output pin and SMADS# output pin are enabled. SMI must be set
to 1 before any attempted access to SMM memory is made.
SMAC
System Management Memory Access
SMAC = 0:
All memoryaccesses in normal mode go to system memory with ADS# output
active. In normal mode, execution of SGS Thomson specific SMM instructions
generate an invalid opcode exception.
SMAC = 1:
Memory accesses while in normal mode that fall within the specified SMM
address region generate an SMADS# output and access SMM memory. SMI#
input is ignored.
MMAC
Main Memory Access
MMAC = 0:
All Memory accesses while in SMM mode go to SMM memory with SMADS#
output active.
MMAC = 1:
Data accesses while in SMM mode that fall within the specified SMM address
region will generate an ADS# output and access main memory. Code fetches
are not effected by the MMAC bit. Code fetches from the SMM address region
always generate an SMADS# output and access SMM memory. If both the
SMAC and MMAC bits are set to 1, the MMACbit has precedence.
15
ST486DX - SMM IMPLEMENTATION
Table 2 - 2 CCR2
Reg. INDEX = C2h
7
6
5
4
3
2
1
0
SUSP
BWRT
BARB
WT1
HALT
LOCK-NW
WBAK
COP/Reserved
HALT
Suspend on HALT.
HALT = 0:
HALT = 1:
SUSP
CPU does not enter suspend mode following execution of a HLT instruction
CPU enters suspend mode following execution of a HLT instruction.
Enable Suspend Pins.
SUSP = 0:
SUSP = 1:
SUSP# input is ignored and SUSPA# output floats.
SUSP# input and SUSPA# output are enabled.
Table 2 - 1 CCR3
Reg. INDEX = C3h
7
6
5
4
3
2
1
0
NMIEN
SMI-LOCK
Reserved
SMI_LOCK SMM Register Lock.
SMI_LOCK = 0: Any program in normal mode, as well as SMM software, has access to all
Configuration Control Registers.
SMI_LOCK = 1: The following Configuration Control Register bits can not be modified unless
operating in SMM mode:
SMI, SMAC, MMAC, NMIEN, SMI_LOCK, and SMAR register size fields.
NMIEN
NMI Enable.
NMIEN = 0:
NMI (Non-Maskable Interrupt) is not recognized during SMM. One occurrence of
NMI is latched and serviced after SMM mode is exited. The NMIEN bit should
be cleared before executing a RSM instruction to exit SMM.
NMIEN = 1:
NMI is enabled during SMM. This bit should only be set temporarily while in the
SMM routine to allow NMI interrupts to be serviced. NMIEN should not be set
16
ST486DX - SMM IMPLEMENTATION
to 1 while in normal mode. If NMIEN = 1 when an SMI occurs, an NMI could
occur before the SMM code has initialized the Interrupt Descriptor Table.
Table 2 - 3. SMAR SMM Address Region Registers
Reg. Index = CDh
Reg. Index = CEh
Reg. Index = CFh
7
0
7
0
7
4
3
0
Base Address
Size
A31
A24 A23
A16 A15
A12
see table below
Table 2 - 4. SMAR SIZE FIELD
Bits 3-0
BLOCK SIZE
Bits 3-0
BLOCKSIZE
0h
1h
2h
3h
4h
5h
6h
7h
Disable
8h
9h
Ah
Bh
Ch
Dh
Eh
Fh
512 KBytes
4 KBytes
1 MBytes
2 MBytes
4 MBytes
8 MBytes
16 MBytes
32 MBytes
8 KBytes
16 KBytes
32 KBytes
64 KBytes
128 KBytes
256 KBytes
4 KBytes (same as 1h)
17
ST486DX - SMM IMPLEMENTATION
2.3
SMM Instruction Summary
SGS-Thomson has added seven new instructions to the X86 standard instruction set to aid in SMM
programming. These instructions are only valid when:
CPL = 0 and
SMI is enabled (CCR1 bit 1 =1) and
SMAR size > 0 and
either [in SMM mode or SMAC is on (CCR1 bit 2 =1)]
The CPU will generate an undefined opcode fault when the above conditions are not met and one
of the SMM instructions are executed. The assembly language macro SMIMAC.INC listed in Ap-
pendix A will automatically generate the appropriate machine code when included in a source file
containing SGS-Thomson SMM instructions.
Most of the SGS-Thomson SMM instructions are used to access the non-programmer visible inter-
nal descriptors. Thestandard x86 instructions can not access this information inside the CPU. This
information is stored in memory in a 10 Byte area that is comprised of both the descriptor (8-Bytes)
and the segment register/selector (2 Bytes). The 8 Byte descriptor is in the same format that is
found in the GDT or LDT. If the data area is dword aligned, it will minimize the memory access
time.
Table 2 - 5. Register and Descriptor Save Format
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
0
SELECTOR or SEGMENT
+8
+6
+4
+2
+0
BASE 31 - 24
DT
G
D
0
AVL
LIMIT 19 - 16
P
DPL
TYPE
BASE 23 - 16
BASE 15 - 0
LIMIT 15 - 0
2.3.1 RSDC - Restore Register and Descriptor
Instruction
RSDC
Opcode
0F 79 [mod sreg3 r/m]
Parameters
sreg3, mem80
Core Clocks
10
RSDC loads the information at the mem80 into a segment register/selector and its associated de-
scriptor. Attempting to use this instruction to load the Code Segment or Code Selector will gener-
ate an invalid opcode instruction. Code Segment or Code Selector is restored from the SMM
header as part of the RSM instruction.
18
ST486DX - SMM IMPLEMENTATION
2.3.2 RSLDT - Restore LDT and Descriptor
Instruction
RSLDT
Opcode
Parameters
mem80
Core Clocks
10
0F 7B[mod 000 r/m]
RSLDT loads the information at the mem80 into Local Descriptor Table Register and its associated
descriptor.
2.3.3 RSM - Resume Back to Normal Mode
Instruction
RSM
Opcode
0F AA
Parameters
None
Core Clocks
76
RSM will restore the state of the CPU from the SMM header at the top of SMM space and exit
SMM. This is the last instruction executed in an SMI handler. After the CPU state is restored, the
SMI# pin is driven inactive for one clock then floated so the pin can be driven by the system.
2.3.4 RSTS - Restore TSR and Descriptor
Instruction
RSTS
Opcode
0F 7D [mod 000 r/m]
Parameters
mem80
Core Clocks
10
RSTS loads the information at the mem80 address into the Task Register and its associated
descriptor.
2.3.5 SMINT - Software SMM Interrupt
Instruction
SMINT
Opcode
0F 7E
Parameters
None
Core Clocks
24
SMINT will cause the CPU to enter SMM as though the hardware SMI# pin was sampled low.
The S bit in the SMM header is set. The SMI# signal is not driven by the CPU when SMM is en-
tered with SMINT.
19
ST486DX - SMM IMPLEMENTATION
2.3.6 SVDC - Save Register and Descriptor
Instruction
SVDC
Opcode
Parameters
Core Clocks
18
0F 78 [mod sreg3 r/m]
sreg3, mem80
SVDC saves the contents of a segment register/selector and its associated descriptor to memory at
mem80. This instruction can be used on any segment/selector including the CodeSegment.
2.3.7 SVLDT - Save LDT and Descriptor
Instruction
SVLDT
Opcode
Parameters
mem80
Core Clocks
18
0F 7A [mod 000 r/m]
SVLDT saves the Local Descriptor Table Selector and non-programmer visible descriptor informa-
tion at the address location mem80.
2.3.8 SVTS - Save TSR and Descriptor
Instruction
SVTS
Opcode
0F 7C
Parameters
mem80
Core Clocks
18
SVTS saves the Task Register and its associated descriptor to address location mem80.
20
ST486DX - SMM SOFTWARE CONSIDERATIONS
3.
SMM SOFTWARE CONSIDERATIONS
This section provides an overview of SGS-Thomson SMM coding and information helpful in devel-
oping SMM code.
3.1
Enabling SMM
Many systems have memory controllers that aid in the initialization of SMM memory. SGS-Thom-
son SMM features allow the initialization of SMM memory without external hardware memory re-
mapping.
When loading SMM memory with an SMI interrupt handler it is important that the SMI# does not
occur before the handler is loaded. This can be done by not setting SMAC=0 and SMI=1 before
the SMIhandler is installed. It is necessary to load SMAR with appropriate values before the
SMM memory is accessible. To load SMM memory with a program it is first necessary to enable
SMM memory without enabling the SMI pins by setting SMAC. Setting SMI=1 will then map the
SMM memory region over main memory. The SMM region is physically mapped by the assertion
of SMADS# to allow memory access within the SMM region. A REP MOV instruction can then
be used to transfer the program to SMM memory. After initializing SMM memory, negate SMAC
to activate potential SMI#s.
SMM space can be located anywhere in the 4-GByte address range. However, if the location of
SMM space is beyond 1 Mbyte, the value in CS will truncate the segment above 16-bits when
stored to the stack. This would prohibit doing calls or interrupts from real mode without restoring
the 32-bit features of the 486 because of the incorrect return address on the stack.
; load SMM memory from system memory
include SMIMAC.INC
SMMBASE = 68000h
SMMSIZE = 4000h
SMI = 1 shl 1
SMAC = 1 shl 2
MMAC = 1 shl 3
;SMM SIZE is 16K
mov al, 0cdh
;index SMAR, SMM baseA31-A24
;select
;set high SMM address to 00
;write value
;index SMAR,SMM baseA23-A16
;select
;set mid SMM address to 06h
;write value
;SMAR,SMM baseA15-A12 & SIZE
out 22h, al
mov al, 00h
out 23h, al
mov al, 0ceh
out 22h, al
mov al, 06h
out 23h, al
mov al, 0cfh
23
ST486DX - SMM SOFTWARE CONSIDERATIONS
out 22h, al
mov al, 083h
out 23h, al
mov al, 0c1h
out 22h, al
;select
;set SMM lower addr. 80h, 16K
;write value
;index to CCR1
;select CCR1 register
;read current CCR1 value
;save it
in
al, 23h
mov ah, al
mov al, 0c1h
out 22h, al
mov al, ah
;index to CCR1
;select CCR1 register
or
al, SMI or SMAC; set SMI and SMAC
out 23h, al
;new value now in CCR1, SMM now
;mapped in
mov ax, SMMBASE shr 4
mov es, ax
mov edi, 0
;es:di = start of the SMM area
mov esi, offset SMI_ROUTINE ;start of copy of SMM
mov ax, seg SMI_ROUTINE
mov ds, ax
mov ecx, (SMI_ROUTINE_LENGTH+3)/4 ;calc. length
;routine in main memory
; this line copies the SMM routine from DS:ESI to ES:EDI
rep
movs dword ptr es:[edi],dword ptr ds:[esi]
; now disable SMI by clearing SMAC and SMI
mov al, 0c1h
out 22h, al
mov al, ah
;index to CCR1
;select CCR1 register
;AH is still old value
and al, NOT SMAC ;disable SMAC, enable SMI#
out 23h, al
;write new value to CCR
3.2
SMM Handler Entry State
At the beginning of the SMM routine, before control is transferred to code executing at the SMM
base, certain portions of the CPU state are saved at the top of SMM memory. To optimize the
speed of SMM entry and exit, the CPU saves the minimum CPU state information necessary for an
SMI interrupt handler to execute and return to the interrupted context. The information is saved to
the SMM header at the top of the defined SMM region (starting at SMM base + size - 30h) as
shown in Figure-3-1. Of the typically used program registers only the CS, IP, EFLAGS, CR0, and
DR7 are saved upon entry to SMM. This requires that data accesses use a CS segment override to
24
ST486DX - SMM SOFTWARE CONSIDERATIONS
save other registers and access data in SMM memory. To use any other register the SMM program-
mer must first save the contents using the SVDC instruction for segment registers or MOV opera-
tions for general purpose registers (See SGS Thomson SMM instruction description Section 2.3).
It is possibleto save all the CPU registers as needed. See Section 3.3 for an example saving and re-
storing the entire CPU state.
31
0
Top of SMM
Address Space
DR7
EFLAGS
CR0
-4h
-8h
-Ch
Current IP
-10h
-14h
Next IP
16 15
31
31
0
CS Selector
Reserved
-18h
-1Ch
CS Descriptor (Bits 63-32)
CS Descriptor (Bits 31-0)
3
2
1 0
-20h
-24h
-28h
-2Ch
-30h
S
Reserved
16 15
P I
I/O Write Data Size
I/O Write Address
I/O Write Data
ESI or EDI
1713503
Figure 3 - 1. SMM Memory Space Header
25
ST486DX - SMM SOFTWARE CONSIDERATIONS
Unique to the SGS-Thomson CPU is that the CPU saves the previous EIP (CURRENT_IP), before
the SMI event, and the next EIP (NEXT_IP) that will be executed after exiting the SMI handler.
Upon execution of an RSMinstruction, control is returned to the NEXT_IP. The value of the
NEXT_IP may need to be modified for restarting I/O instructions. This modification is a simple
move (MOV) of the CURRENT_IP value to the NEXT_IP location. Execution is then returned to
the I/O instruction, rather than to the instruction after the I/O instruction. Table 3-1 lists the SMM
header information needed to restart an I/O instruction. The restarting of I/O instructions may also
require modificationsto the ESI, ECX and EDI dependingon the instruction (see Section 3.6 for an
example.)
The EFLAGS, CR0 and DR7 registers are set to their reset values upon entry to the SMIhandler.
Resetting these registers has implications for setting breakpoints using the debug registers. Break-
points can not be set prior to the SMI interrupt using debug registers. A debugger will only be able
to set a code breakpoint using INT 3 outside of the SMM handler. See Section 3.11 for restrictions
on debugging SMM code. Once the SMI has occurred and the debugger has control in SMM
space, the debug registers can be used for the remainder of the SMI handler execution.
If the S bit in the SMM header is set, the SMM entry was the result of an SMINT instruction.
Upon SMM entry, I/O trap information is stored in the SMM memory space header. This informa-
tion allows restarting of I/O instructions, as well as the easy emulation of I/O functions by the
SMM handler. This data is only valid if the instruction executing when the SMI occurred was an
I/O instruction. The three I/O Write fields (I/O Write Data, I/O Write Address and I/O Write Data
Size) are only valid when an I/O write was trapped.
Table 3 - 1 I/O Trap Information
Bit
Description
Size
P
I
REP INSx/OUTSx Indicator
1 bit
1 bit
0 = Currentinstruction has a REP prefix
1 = Currentinstruction does not have a REP prefix
IN, INSx, OUT, or OUTSx Indicator
0 = Currentinstruction performed an I/O READ
1 = Currentinstruction performed an I/O WRITE
I/O Write Data Size Indicates size of data for the trapped I/O write
2 Bytes
01h = byte
03h = word
0fh = dword
I/O Write Address
I/O Write Date
ESI or EDI
Address of the trapped I/O write
2 Bytes
4 Bytes
4 Bytes
Data written during I/O trapped write
Value of appropriate index register before the trapped I/O instruction
26
ST486DX - SMM SOFTWARE CONSIDERATIONS
The values found in the I/O trap information fields are specified below for all cases.
Table 3 - 2 Valid I/O Trap Cases
I/O Write
Data Size
I/O Write
Address
I/O Write
Data
ESI or
EDI
Valid Cases
P
I
not an I/O ins.
IN
x
0
0
1
0
0
0
0
0
0
1
1
1
x
0
0
0
1
1
1
1
1
1
1
1
1
x
x
x
x
x
x
x
x
x
x
x
x
x
EDI
EDI
EDI
ESI
ESI
ESI
ESI
ESI
ESI
ESI
ESI
ESI
INS
REP INS
OUT al
01h
03h
0Fh
01h
03h
0Fh
01h
03h
0Fh
I/O Address
I/O Address
I/O Address
I/O Address
I/O Address
I/O Address
I/O Address
I/O Address
I/O Address
xxxxxxdd
xxxxdddd
dddddddd
xxxxxxdd
xxxxdddd
dddddddd
xxxxxxdd
xxxxdddd
dddddddd
OUT ax
OUT eax
OUTSB
OUTSW
OUTSD
REP OUTSB
REP OUTSW
REP OUTSD
x: invalid
Upon SMM entry, the CPU enters the following state:
Table 3 - 3 SMM Entry State
CS
SMM base specified by SMAR, CS limitis set to 4 GBytes
0000 0000h; Begins execution at the base of SMM memory
EIP
EFLAGS
CR0
0000 0002h; Reset State
6000 0010h; Real Mode, Cache in Write Through
0000 0400h; Traps disabled
DR7
27
ST486DX - SMM SOFTWARE CONSIDERATIONS
3.3
Maintaining the CPU State
The following registers are not automatically saved/restored on SMM entry/exit.
General Purpose Registers: EAX, EBX, ECX, EDX
Pointer and Index Registers: EBP, ESI, EDI, ESP
Selector/Segment Registers: DS, ES, SS, FS, GS
Descriptor Table Registers:
Control Registers:
GDTR, IDTR, LDTR, TR
CR2, CR3
Debug Registers:
Configuration Registers:
FPU Registers:
DR0, DR1, DR2, DR3, DR6
CCR1, CCR2, CCR3, SMAR
Entire FPU state.
If any of these registers need to be used by the SMM routine, the registers need to be saved after en-
try to the SMM routine and then restored prior to exit from SMM. Additionally, if power is to be
removed from the CPU and the system is required to return to the same system state after power is
reapplied, then the entire CPU state must be saved to a non-volatile memory subsystem such as a
hard disk.
3.3.1 Maintaining Common CPU Registers
The following is an example of the instructions needed to save the entire CPU state and restore it.
This code sequence will work from real mode if the conditions needed to execute SGS-Thomson
SMM instructions are met (see Section 2.3).
; Save and Restore the common CPU registers.
; The information automatically saved in the
; header on entry to SMM is not saved again.
include SMIMAC.INC
.386P
mov
;required for SMIMAC.INC macro
cs:save_eax,eax
mov
cs:save_ebx,ebx
cs:save_ecx,ecx
cs:save_edx,edx
cs:save_esi,esi
cs:save_edi,edi
cs:save_ebp,ebp
cs:save_esp,esp
cs:,save_ds,ds
cs:,save_es,es
cs:,save_fs,fs
cs:,save_gs,gs
cs:,save_ss,ss
mov
mov
mov
mov
mov
mov
svdc
svdc
svdc
svdc
svdc
svldt cs:,save_ldt
;sldt is not valid in real mode
28
ST486DX - SMM SOFTWARE CONSIDERATIONS
svts
db
sgdt
db
sidt
cs:,save_tsr
66h
;str is not valid in real mode
;32bit version saves everything
fword ptr cs:[save_gdt]
66h
;32bit version saves everything
fword ptr cs:[save_idt]
; at the end of the SMM routine the following code
; sequence will reload the entire CPU state
mov
eax,cs:save_eax
ebx,cs:save_ebx
ecx,cs:save_ecx
edx,cs:save_edx
esi,cs:save_esi
edi,cs:save_edi
ebp,cs:save_ebp
esp,cs:save_esp
ds,cs:,save_ds
es,cs:,save_es
fs,cs:,save_fs
gs,cs:,save_gs
ss,cs:,save_ss
mov
mov
mov
mov
mov
mov
mov
rsdc
rsdc
rsdc
rsdc
rsdc
rsldt cs:,save_ldt
rsts
db
cs:,save_tsr
66h
sgdt
db
sidt
fword ptr cs:[save_gdt]
66h
fword ptr cs:[save_idt]
; the data space to save the CPU state is in
; the Code Segment for this example
save_ds
dt
dt
dt
dt
dt
dt
dt
dd
dd
dd
dd
dd
dd
dd
dd
df
df
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
save_es
save_fs
save_gs
save_ss
save_ldt
save_tsr
save_eax
save_ebx
save_ecx
save_edx
save_esi
save_edi
save_ebp
save_esp
save_gdt
save_idt
29
ST486DX - SMM SOFTWARE CONSIDERATIONS
3.3.2 Maintaining Control Registers
CR0 is maintained in the SMM header. CR2 and CR3 need only be saved if the SMM routine will
be entering protected mode and enabling paging. Most SMM routines will not need to enable pag-
ing. However, if the CPU is going to be powered off, these registers like all the others need to be
saved.
3.3.3 Maintaining Debug Registers
DR7 is maintained in the SMM Header. Since DR7 is automatically initialized to the reset state on
entry to SMM, the Global Disable bit (DR7 bit 13) will be cleared. This allows the SMM routine
to access all of the Debug Registers. Returning from the SMM handler will reload DR7 with its
previous value. In most cases, SMM routines will not make use of the Debug Registers and they
will only need to be saved if the CPU needs to be powered down.
3.3.4 Maintaining Configuration Control Registers
The SMM routine should be written so that it maintains the Configuration Control Registers in the
state that they were initialized to by the BIOS at power-up.
3.3.5 Maintaining FPU State
If power will be removed from the FPU, or if the SMM routine will execute FPU instructions, then
the FPU state needs to be maintained for the application running before SMM was entered. If the
FPU state is to be saved and restored from within SMM, there are certain guidelines that must be
followed to make SMM completely transparent to the application program.
The complete state of the FPU can be saved and restored with the FNSAVE and FNRSTOR instruc-
tions. FNSAVE is used instead of the FSAVE because FSAVE will wait for the FPU to check for
existing error conditions before storing the FPU state. If there is a unmaskedFPU exception condi-
tion pending, the FSAVE instruction will wait until the exception condition is serviced. In order to
be transparent to the application program, the SMM routine should not service the exception. If the
FPU state is restored with the FNRSTOR instruction before returning to normal mode, the applica-
tion program can correctly service the exception. Any FPU instructions can be executed within
SMM once the FPU state has been saved.
The information saved with the FSAVE instruction varies depending on the operating mode of the
CPU. To save and restore all FPU information, the 32-bit protected mode version of the FPU save
30
ST486DX - SMM SOFTWARE CONSIDERATIONS
and restore instruction should be used. This can be accomplished by using the following code
example:
; Save the FPU state
mov
or
mov
jmp
db
eax,CR0
eax,00000001h
CR0,eax
$+2
;set the PE bit in CR0
;clear the prefetch que
;do 32bit version of fnsave
;saves fpu state to
66h
fnsave [save_fpu]
;the address DS:[save_fpu]
mov
and
mov
eax,CR0
eax, 0FFFFFFFEh ;clear PE bit in CR0
CR0,eax ;return to real mode
;now the SMM routine can do any FPU instruction.
;Restore the FPU state before executing a RSM
mov
or
mov
jmp
db
eax,CR0
eax,00000001h
CR0,eax
$+2
;set the PE bit in CR0
;clear the prefetch que
66h
;do 32bit version of fnsave
;restore the FPU state
frstor [save_fpu]
;Some assemblers may require
;use of the fnrstor instruction
eax,CR0
eax, 0FFFFFFFEh ;clear PE bit in CR0
CR0,eax ;return to real mode
mov
and
mov
Be surethat all interrupts are disabled before using this method for entering protected mode. Any
attempt to load a selector register while in protected mode will shutdown the CPU since no GDT is
set up. Settingup a GDT and doing a long jump to enter protected mode will also work correctly.
3.4
Initializing the SMM Environment
After entering SMM and saving the CPU registers that will be used by the SMM routine, afew
registers need to be initialized.
Segment registers need to be initialized if the CPU was operating in protected mode when the SMI
interrupt occurred. Segment registers that will be used by the SMM routine need to be loaded with
known limits before they are used. The protected mode application could have set a segment limit
to less than 64K. To avoid a protection error, all segment registers can be given limits of 4 GBytes.
This can be done with the SGS Thomson RSDC instruction and will allow access to the
31
ST486DX - SMM SOFTWARE CONSIDERATIONS
full 4-GBytes of possiblesystem memory without entering protected mode. Once the limits of a
segment register are set, the base can be changed by use of the MOV instruction.
An Interrupt Descriptor Table (IDT) needs to be set up in SMM memory before any interrupts or
exceptions occur. Once initialized, the SMI handler can execute calls, jumps, and other changes of
flow and will generate software interrupts and faults. TheInterrupt Descriptor Table Register can
be loaded with an LIDT instruction to point to a small IDT in SMM memory that can handle the
possibleinterrupts and exceptions that might occur while in the SMM routine.
A stack should always be set up in SMM memory so that stack operations done within SMM do not
affect the system memory.
; SMM environment initialization example
rsdc
rsdc
rsdc
rsdc
rsdc
lidt
ds,cs:,seg4G
es,cs:,seg4G
fs,cs:,seg4G
gs,cs:,seg4G
ss,cs:,seg4G
cs:smm_idt
;DS is a 4GByte segment, base=0
;ES is a 4GByte segment, base=0
;FS is a 4GByte segment, base=0
;GS is a 4GByte segment, base=0
;SS is a 4GByte segment, base=0
;load IDT base and limit for
;SMM’s IDT
mov
jmp
esp, smm_stack
continue_smm_code
;
;descriptor of 4GByte data segment for use by rsdc
seg4G
dw 0ffffh
; limit 4G
dw
db
0
0
; base = 0
; base = 0
db 10010011B
db 8fh
; data segment, DPL=0,P=1
; limit = 4G,
; base = 0
db 0h
dw
0
; segment register = 0
smm_idt
dw smm_idt_limit
dd smm_idt_base
3.5
AccessingMain Memory Overlapped by SMM Memory
When in SMM mode there are instances where the program needs access to the system memory
that is overlapping with SMM memory. This need most commonly occurs when the SMM routine
is trying to save the entire memory image to disk before powering down the system. To access
main memory overlapping the SMMspace (i.e., generate ADS# for memory MOV instructions
rather than SMADS#) set the MMAC bit in CCR1. The following code will enable and then disable
MMAC:
32
ST486DX - SMM SOFTWARE CONSIDERATIONS
; Set MMAC to access main memory
MMAC = 1 shl 3
mov
out
in
al, 0c1h
;select CCR1
22h, al
al, 23h
ah, al
;get CCR1 current value
;save it
;select CCR1 again
mov
mov
out
mov
or
al, 0c1h
22h, al
al, ah
al, MMAC
23h, al
;set MMAC
;write new value to CCR1
out
;Now all data memory access will use ADS#, Code fetches
;will continue to be done with SMADS# from SMM memory.
;
;Disable MMAC
mov
out
mov
out
al, 0c1h
22h, al
al, ah
;select CCR1
;get old value of CCR1
;and restore it
23h, al
3.6
I/O Restart
When implementing power management into a system it is common to want to power down periph-
erals when they are not in use. When an I/O instruction is issued to a powered down device, the
SMM routine is called to power up the peripheral and then reissue the I/O instruction. SGS-Thom-
son CPUs make it easy to restart the I/O instruction that has generated an SMI interrupt.
The system will generate an SMI interrupt when an I/O bus cycle to a powered-down peripheral is
detected. The SMM routine should interrogate the system hardware to find out if the SMI was
caused by an I/O trap. By checking the SMM header information, the SMM routine can determine
the typeof I/O instruction that was trapped. If the I/O instruction has a REP prefix, the ECX regis-
ter needs to be incremented before restarting the instruction. If the I/O trap was on a string I/O in-
struction, the ESI or EDI registers must be restored to their previous value before restarting the
instruction.
The following code exampleshows how easy I/O restart is with the SGS Thomson CPU.
;Restart the interrupted instruction
mov
mov
mov
eax,dword ptr cs:[SMI_CURRENTIP]
dword ptr cs:[SMI_NEXTIP],eax
al,byte ptr cs:[SMI_BITS]
;test for REP instruction
33
ST486DX - SMM SOFTWARE CONSIDERATIONS
bt
ax,2
;rep instruction?
;(result to Carry)
;if so, increment ecx
;test bit 1 to see
;if an OUTS or INS
adc
test
ecx,0
al,1 shl 1
jnz
out_instr
; A port read (INS or IN) instruction caused the
; chipset to generate an SMI instruction.
; Restore EDI from SMM header.
mov
jmp
edi, dword ptr cs:[SMI_ESIEDI]
common1
; A port write (OUTS or OUT) instruction caused the
; chipset to generate an SMI instruction.
; Restore ESI from SMM header.
out_instr:
mov
esi, dword ptr cs:[SMI_ESIEDI]
common1:
3.7
I/O Port Shadowing and Emulation
Some system peripherals contain write-only ports. In a system that does power management, these
peripherals need to be powered off and then reinitialized when their functions are needed later. The
SGS Thomson SMM implementation makes it very easy to monitor the last value written to spe-
cific I/O ports. This process is known as shadowing. If the system can generate an SMI whenever
specific I/O addresses get accessed, the SMM routine can, transparently to the system, monitor the
port activity. The SMM header contains the address of the I/O write as well as the data. In addi-
tion, information is saved which indicates whether it is a byte, word or dword write. With this in-
formation, shadowing system write-only ports becomes trivial.
Some peripheral componentscontain registers that must be programmed in a specific order. If an
SMI interrupt occurs while an application is accessing this type of peripheral, the SMI routine must
be sure to reload the peripheral registers to the same stage before returning to normal mode. If the
SMM routine needs to access such a peripheral, the previous normal mode state must be restored.
The previous accesses that were shadowed by previous SMM calls can be used to reload the periph-
eral registers back to the stage where the application was interrupted. The application can then con-
tinue where it left off accessing the peripheral.
In a similar way, the SGS-Thomson SMM implementation allows the SMM routine to emulatethe
function of peripheral componentsin software.
34
ST486DX - SMM SOFTWARE CONSIDERATIONS
3.8
Return to HLT Instruction
To make an SMI interrupt truly transparent to the system, an SMI interrupt from a HLT instruction
should return to the HLT instruction. There are known cases with DOS software where returning
from an SMI handler to the instruction following the HLT will cause a system error. To determine
if a HLT instruction was interrupted by the SMI, the opcode from memory needs to be interrogated.
This code example describes how to determine if the current instruction is a HLT and how to
restart it.
;This is the start of specific code to check if the SMI
;occurred while in a HLT instruction. If it did, then
;return back to the HLT instruction when SMI is finished.
rsdc
fs,cs:,[seg4G]
;FS is base=0 limit=4G data
;segment to be used to check if
;HLT instruction was executing
;on a SGS Thomson part, if the SMI occurred while in a HLT
;instruction, the CURRENT IP and the NEXT IP will both
;point to the instruction following the HLT.
mov
cmp
jne
eax,cs:dword ptr[SMI_CURRENTIP]
eax,cs:dword ptr[SMI_NEXTIP]
;can’t be a HLT but could be
;a LOOP or REP
;load EAX with CS base from the SMM header
not_hlt
mov
mov
shl
mov
ax,cs:word ptr [SMI_CSSELH+2]
al,cs:byte ptr [SMI_CSSELH]
eax,10h
ax,cs:word ptr[SMI_CSSELL+2]
;calculate linear address
add
dec
mov
mov
eax,cs:dword ptr [SMI_CURRENTIP]
eax
;decrement to HLT instruction
;save lin addr in edx
edx,eax
eax,cs:dword ptr [SMI_CR0] ;check if paging on
test eax,80000000h
je no_paging
;if no paging then linear
;address = physical address
;set MMAC to get access to Main memory
mov
out
in
mov
mov
out
al,0c1h
22h,al
al,23h
cl,al
al,0c1h
22h,al
;save old CCR1 value in cl
35
ST486DX - SMM SOFTWARE CONSIDERATIONS
mov
or
al,cl
al,08h
;set MMAC bit in CCR1
mov
out
mov
and
mov
shr
al,0c1h
23h,al
eax,CR3
eax,0fffff000h
ebx,edx
ebx,22
;get Page Directory Base Reg
;linear address
;get 10 byte Directory Entry
;read Directory Table
mov
and
mov
shr
and
mov
and
mov
and
eax,dword ptr fs:[eax+ebx*4]
eax,0fffff000h
ebx,edx
;linear address
ebx,12
ebx,03ffh
;get 10 byte Page Table Entry
eax,dword ptr fs:[eax+ebx*4]
eax,0fffff000h
ebx,edx
ebx,0fffh
;linear address
;get 12 byte offset into page
;Get the physical address of the instruction before the
;Current IP. Save in BL.
mov
mov
out
mov
out
jmp
bl,byte ptr fs:[eax+ebx]
al,0c1h
22h,al
al,cl
;set MMAC back to normal
23h,al
got_inst
;MMAC = 0
;If paging is not enabled then checking for the HLT
;instruction is easy since the linear address equals
;the physical address.
no_paging:
mov
out
in
al,0c1h
22h,al
al,23h
ah,al
al,0c1h
22h,al
al,ah
;set MMAC
mov
mov
out
mov
or
al,08h
23h,al
out
;get instruction interrupted by SMI
mov
mov
out
bl,byte ptr fs:[edx]
al,0c1h
22h,al
;store it in BL
36
ST486DX - SMM SOFTWARE CONSIDERATIONS
mov
out
al,ah
23h,al
;set MMAC back to normal
got_inst:
cmp
bl,0f4h
not_hlt
;was it a HLT instruction?
;if not a F4 then not a HLT
;set up SMM header to return
;to the HLT instruction
jne
dec
cs:dword ptr [SMI_NEXTIP]
not_hlt:
jmp
continue_SMI_routine
; data within the SMM Space Code Segment
seg4G dw
0ffffh
;limit 15-0
dw
db
db
db
db
dw
0
;base
0
;base
10010011B
;data segment, DPL=0, present
;high limit =f, Gran =4K, 16 bit
;base
8Fh
0
0
3.9
Exiting the SMI Handler
When the RSM instruction is executed at the end of the SMI handler, the EIP is loaded from the
SMM header at the address (SMMbase + SMMsize - 14h) called NEXT_IP. This permits the in-
struction to be restarted if NEXT_IP was modified by the SMM program. The values of ECX, ESI,
and EDI, prior to the execution of the instruction that was interrupted by SMI, can be restored from
information in the header which pertains to the INx and OUTx instructions. See Section 3.6 for an
example program to restart an I/O instruction. The only registers that are restored from the SMM
header are CS, NEXT_IP, EFLAGS, CR0, and DR7. All other registers which were modified by
the SMM program need to be restored before executing the RSM instruction.
37
ST486DX - SMM SOFTWARE CONSIDERATIONS
3.10
Testing and Debugging SMM Code
An SMI routine can be debugged with standard debugging tools (such as DOS DEBUG) if the
following requirements are met:
1. The debugger will only be able to set a code break point using INT 3 outside of the SMI han-
dler. The debug control register DR7 is setto the reset value upon entry to the SMI handler.
Therefore, any break conditions in DR0-3 will be disabled after entry to SMM. Debug regis-
ters can be used if set after entry to the SMI handler and DR0-3 are saved.
2. The debugger needs to be running in real mode and the SMM routine can not enter protected
mode. This insures that normal system interrupts, BIOS calls and the debugger will work
correctly from SMM mode.
3. Before an INT 3 break point is executed, all segment registers should have their limits modi-
fied to 64K, or larger, within the SMM routine.
38
ST486DX - SMM POWER MANAGEMENT FEATURES
4.
Power Management Features
The SGS-Thomson CPU provides several methods and levels of power management. The fully
static design allows clock stopping. Suspend Mode, SMM and 3.3 volt operation can be used to
achieve optimum CPU and system power management. Table 4-1 summarizes the various power
management options for the SGS-Thomson CPU.
Table 4 - 1 Power Management Options
Option
Typical CurrentOptions
Reduced Clock Frequency
(13 x fCLK(MHz)) + 150 mA @ 5.0 V
5.0V operation
610 mA @ 33 MHz, 765 mA @ 50 MHz
3.3V operation
360 mA @ 33 MHz
150 mA
Remove Clock
Suspend Mode clock operating
Suspend Mode and Remove Clock
RemovePower
15 mA
450 µA
0 mA
Note: Values listed areapproximations. Refer to the appropriate SGS-Thomson data book for DC specifications.
4.1
Reducing the Clock Frequency
The SGS-Thomson CPU is a fully static design meaning the input clock frequency can be reduced
or stopped without a loss of internal CPU data or state. The system designer can make decisions to
reduce the clock frequency by usingSGS-Thomson SMM capabilities, Advanced Power Manage-
ment (APM) software API and/or chipset capabilities. When the clock is removed and then reas-
serted, execution will begin with the instruction where the clock was removed from the CPU.
4.2
Lowering the CPU Supply Voltage
SGS-Thomson CPUs are available that operate at either 3.3 or 5.0 volts. Parts rated at 3.3 volts
have the letter ’V’ included in the part number (Refer the appropriate SGS-Thomson data book for
complete ordering information). The typical current (Icc) drawn by the SGS-Thomson CPU is re-
duced by approximately 50% when operating at 3.3 instead of 5.0 volts. Operating the CPU at3.3
volts can reduce CPU power consumption by over 70%, as the power consumption increases as the
square of the power supply voltage (P-=-V2/R and P-=-CV2F).
41
ST486DX - SMM POWER MANAGEMENT FEATURES
4.3
Suspend Mode
The SGS-Thomson CPU allows suspend mode to be entered either through software or hardware.
The software initiates suspend mode through execution of a HLT instruction if CCR2 bit 3 (HALT)
is set. After the HLT instruction is executed, the CPU enters suspend mode and asserts the suspend
acknowledge (SUSPA#) pin (if the SUSP bit in CCR2 was set to enable the SUSPA# pin).
Hardware initiates suspend mode by using two new pins on the CPU, SUSP# and SUSPA#. When
SUSP# is asserted, the CPU first completes any pending instructions and bus cycles, and then enters
suspend mode. Once in suspend mode, the SUSPA# pin is asserted by the CPU.
42
ST486DX - ASSEMBLER MACROS FOR SGS-THOMSON INSTRUCTIONS
ASSEMBLER MACROS FOR SGS-THOMSON INSTRUCTIONS
A.
The include file SMICAM.INC provides a complex set of macros which generate SMM opcodes
along with the appropriate mod/rm bytes. In order to function, the macros require that the labels
which are accessed correspond to the specified segment. Thus segment overrides must be passed to
the macro as an argument.
Do not specify a segment override if the default segment for an address is being used. If an address
size override is used, a final argument of ‘1’ must be passed to the macro as well. Address size
overrides must be presented explicitly to prevent the assembler from generating them automatically
and breaking the macros.
;SMM Instruction Macros - SMIMAC.INC
;Macros which generate mod/rm automatically
svdc
rsdc
svldt
rsldt
svts
rsts
rsm
MACRO
domac
ENDM
MACRO
domac
ENDM
MACRO
domac
ENDM
MACRO
domac
ENDM
MACRO
domac
ENDM
MACRO
domac
ENDM
MACRO
db
ENDM
segover,addr,reg,adover
segover,addr,reg,adover,78h
reg,segover,addr,adover
segover,addr,reg,adover,79h
segover,addr,adover
segover,addr,es,adover,7ah
segover,addr,adover
segover,addr,es,adover,7bh
segover,addr,adover
segover,addr,es,adover,7ch
segover,addr,adover
segover,addr,es,adover,7dh
0fh,0aah
;Sub-Macro used by the above macro
domac
MACRO
local
count
ifnb
segover,addr,reg,adover,op
place1,place2,count
= 0
< adover >
count=count+1
endif
ifnb
< segover >
45
ST486DX - ASSEMBLER MACROS FOR SGS-THOMSON INSTRUCTIONS
count=count+1
endif
if
(count eq 0)
nop
;expanding the opcode one byte
endif
place1 = $
;pull off the proper prefix byte count
mov
org
mov
word ptr segover addr,reg
place1+count
word ptr segover addr,reg
place2 = $
;patch the opcode
org
db
org
place1+(count*2)-1
0Fh,op
place2
ENDM
;Offset Definition for access into SMM space
SMI_SAVE STRUC
$ESIEDI
$IOWDATA
$IOWADDR
$IOWSIZE
$BITS
DD
DD
DW
DW
DD
DD
DD
DW
DW
DD
DD
DD
DD
DD
?
?
?
?
?
?
?
?
?
?
?
?
?
?
$CSSELL
$CSSELH
$CS
$RES1
$NEXTIP
$CURRENTIP
$CR0
$EFLAGS
$DR7
SMI_SAVE ENDS
SMI_ESIEDI
SMI_IOWDATA
SMI_IOWADDR
SMI_IOWSIZE
SMI_BITS
SMI_CSSELL
SMI_CSSELH
SMI_CS
EQU ($ESIEDI + SMMSIZE - SIZE SMI_SAVE)
EQU ($IOWDATA+ SMMSIZE - SIZE SMI_SAVE)
EQU ($IOWADDR+ SMMSIZE - SIZE SMI_SAVE)
EQU ($IOWSIZE+ SMMSIZE - SIZE SMI_SAVE)
EQU ($BITS
+ SMMSIZE - SIZE SMI_SAVE)
EQU ($CSSELL + SMMSIZE - SIZE SMI_SAVE)
EQU ($CSSELH + SMMSIZE - SIZE SMI_SAVE)
EQU ($CS
EQU ($RES1
+ SMMSIZE - SIZE SMI_SAVE)
+ SMMSIZE - SIZE SMI_SAVE)
SMI_RES1
SMI_NEXTIP
SMI_CURRENTIP
EQU ($NEXTIP + SMMSIZE - SIZE SMI_SAVE)
EQU ($CURRENTIP+ SMMSIZE -SIZE SMI_SAVE)
46
ST486DX - ASSEMBLER MACROS FOR SGS-THOMSON INSTRUCTIONS
SMI_CR0
SMI_EFLAGS
SMI_DR7
EQU ($CR0
+ SMMSIZE - SIZE SMI_SAVE)
EQU ($EFLAGS + SMMSIZE - SIZE SMI_SAVE)
EQU ($DR7
+ SMMSIZE - SIZE SMI_SAVE)
SMM Instruction macro example: TEST.ASM
.MODEL SMALL
.386
;SMM Macro Examples
; by Dean C. Wills
include smimac.inc
.DATA
there
.CODE
0000
0000 0A*(??)
db
10 dup (?)
000A
0000 2E 0F 78 1E 004E
0006 2E 0F 79 1E 004E
000C 2E 0F 79 2E 004E
svdc
rsdc
rsdc
cs:,hello,ds
ds,cs:,hello
gs,cs:,hello
0012 2E 67 2E 0F 78 9C 58 0000004E
svdc cs:,[eax+ebx*2+hello],1
001D 67| 0F 78 23
svdc
,[ebx],fs,1
0021 0F 78 2E 0000
0026 2E 0F 7A 06 004E
002C 2E 0F 7B 06 004E
svdc
svldt
rsldt
,there,gs
cs:,hello
cs:,hello
0032 2E 0F 7D 06 004E
rsts
cs:,hello
0038 2E 67 2E 0F 7C 84 58 0000004E
svts cs:,[eax+ebx*2+hello],1
0043 67| 0F 7A 03
0047 0F 7C 06 0000
004C 0F AA
svldt
svts
rsm
,[ebx],1
,there
004E 0A*(??)
end
hello
db
10 dup (?)
47
Information furnished is believed to be accurate and reliable. However, SGS-THOMSON Microelectronics assumes no responsibility for the
consequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use. No
license is granted by implicationor otherwise under any patentor patentrights of SGS-THOMSON Microelectronics. Specification mentioned in
thispublication are subject to changewithoutnotice. Thispublication supersedes and replacesallinformation previouslysupplied. SGS-THOMSON
Microelectronicsproducts are notauthorized for use as critical componentsin life support devices or systems without express written approval of
SGS-THOMSON Microelectronics.
1995 SGS-THOMSON Microelectronics – Printed in Italy– All Rights Reserved
SGS-THOMSONMicroelectronics GROUP OF COMPANIES
Australia - Brazil- China- France - Germany - Hong Kong - Italy- Japan- Korea - Malaysia - Malta - Morocco - The Netherlands -
Singapore - Spain - Sweden - Switzerland- Taiwan - Thailand- United Kingdom - U.S.A.
相关型号:
©2020 ICPDF网 联系我们和版权申明