SGS Thomson Microelectronics ST486SMM Datasheet

ST486DX SMM

PROGRAMMING MANUAL

1stEDITION

NOVEMBER 1994

1. SMM OVERVIEW Pages 9

1.1 Introduction . . ............................................ 9

1.2 SGSThomson SMM Features . . . . . . . . . . . . . . . . . . . . . . . . ............ 9

1.3 ATypical SMM Routine . . . . . . . . . . . . . . . . . . . . . . . . . ..............10

2. SGS THOMSONSMM IMPLEMENTATION 13

2.1 HardwareBackground . . . . . . . . . . . . . . . . . . . . . . . . . . .............. 13

2.2 Configuration Control Registers . . . . . . . . . .......................... 14

2.3 SMMInstruction Summary . . . . . . . . . . . . . . . . ......................18

3. SMM SOFTWARECONSIDERATIONS 23

3.1 EnablingSMM . . ....................................... ... 23

3.2 SMM Handler Entry State . . . . . . . . . . . . . . . . . . . . . . ................ 24

3.3 Maintainingthe CPU State . . . . . . . . . . . . .......................... 28

3.4 Initializingthe SMM Environment . . . . . . . . . . . . . . . . . . . . . . . . ..........31

3.5 AccessingMain Memory Overlappedby SMM Memory . . . . .................. 32

3.6 I/ORestart . . . . . . . . . . . . . . . . . . . . . . ........................ 33

3.7 I/OPort Shadowing and Emulation . . . . . . . . . . . . . . . . . . . . . . . . . ........ 34

3.8 Returnto HLT Instruction . . . . . . . . . . . . . . . . . . . . . . ................ 35

3.9 Exitingthe SMI Handler . . . .................................... 37

3.10 Testing and DebuggingSMM Code . . . ..............................38

4. POWER MANAGEMENT FEATURES 41

4.1 Reducingthe Clock Frequency . . . . . . . . . . .......................... 41

4.2 Loweringthe CPU Supply Voltage . . . . . . . . . . . . . . . . . . . . .............. 41

4.3 SuspendMode . . . . ........................................ 42

Appendix A Assembler Macros for SGS Thomson Instructions 45

GENERAL INDEX

5

1. SMM OVERVIEW

1.1 Introduction

This Programmer’s Guide has been written to aidprogrammers in the creation of software using the
SGS-ThomsonSystem Management Mode (SMM)for ST486DX CPUs. This guide shouldbe
used in conjunctionwith the SGS-ThomsonST486DX and ST486DX2 Processors Data Book.
SMM programming related to the ST486SLC/eis covered in the ST486SLC/e SMM Programmer’s
Guide.

SMM provides the system designer withanother processor operating mode. Withinthis document
the standard x86 operating modes (real, v86and protected) are referred to as normal mode. Nor­mal mode operation can be interrupted by an SMI interrupt orspecial instructionthatplaces the
processorin System Management Mode (SMM). SMM can beused to enhance the functionality of
the systemby providing power management,register shadowing,peripheral emulationand other
system level functions. SMM can be totally transparentto all application software, including pro­tected mode operating systems.

1.2 SGS-ThomsonSMM Features

SMM operation within one of the SGS-Thomson ST486DX microprocessors is similar to related
operations performed by other x86 microprocessors. All processorswith SMM capability, switch
into real mode upon entry into the SMM interrupt handler. Each CPU has a unique SMM codelo­cations. However, theSMM memoryregion for the SGS-Thomson CPU has aprogrammable loca­tion and size. All devices save some of the CPU registers upon entry to SMM. The SGS-Thomson
CPU automatically saves minimalregister information reducing the entry andexit clock count to as
low as 100 clock cycles. Thiscompareswith Intel’s clock overhead for a typical entry and exitof
633 clock cycles. TheSGS-Thomson SMM implementationprovides unique instructionsthat save
additionalsegment registers as required by the programmer. The x86 MOV instruction can be used
to save the general purpose registers.

Althoughall SMMcapable CPUs provide I/O trapping, the SGS-Thomson CPUs simplify I/O type
identification and instruction restarting. SGS-ThomsonCPUs also make available to the SMM rou­tine informationwhich can simplifyperipheral register shadowing.

SGS-Thomsonprovides a method to preventSMM configurationregisters from being accessed by
applications. Accessto the SMM configuration can be preventedby setting a bit in the CPU con­figuration space. Not allowing an application to disable or alter SMM operation is usefulfor anti­virus or security measures.

ST486DX - SMM OVERVIEW

9

Figure 1 - 1. TypicalSMM Routine

SMM Entry

Save State

Initialize SMM

Environment

Trap?

Service

Non-Trap SMI

HALT?

Decrement

EIP

Device

OFF?

Shadow

Service

Trap SMI

Modify State

For I/O Restart

Restore

State

Resume

I/O

SMMExit

N

Y

Y

Y

N

N

or Emulate

1727400

ST486DX - SMMOVERVIEW

10

1.3 TypicalSMM Routines

A typical SMM routine is illustrated in the flowchart shown in Figure1-1. Upon entry to SMM,
the CPU registers that will be used by the SMM routine, must be saved. TheSMM environment is
initialized by setting up an Interrupt Descriptor Table,initializing segment limits and setting up a
stack. If the SMI wasa resultof an I/O bus cycle, the SMM routine can monitor peripheral activ­ity, shadowread-only ports ,and/or emulate peripherals in software. If a peripheral was powered
down, the SMM routine can power up a peripheral and reissue theI/O instruction. If the SMI was
not caused by an I/O bus cycle, non-trap SMI functionscan be serviced. Ifthe instruction execut­ing, when an SMI occurred,wasa HLT instruction, the HLT instructionit should be restarted when
the SMM routine is complete. Beforenormal operation is resumed,any CPU registers modified
during the SMM routine must be restored to their previous state.

2. SGS-ThomsonSMM IMPLEMENTATION

2.1 Hardware Background

2.1.1 SMM Pins

The signals at the SMI# and SMADS# pins are used to implement SMM. The SMI# pin is bi-direc­tional. The SMI# pin is used by the chipset to signal theCPU that an SMI has occurred. While the
CPU is inthe process of servicing an SMI interrupt,the SMI# pin is an outputused to signal the
chipset that the SMM processing is occurring. The SMADS# address strobe signal is generated in­stead of an ADS# address strobe signal while executingor accessing data in SMMaddress space.

2.1.2 SMI# Pin Timing

To enter SMM mode, the SMI# signal must be asserted for at least one CLK period (Two clocks if
SMI# is asserted asynchronously). To accomplish I/O trapping, the SMI# signal should be asserted
two clocks before the RDY# for that I/O cycle. Once theCPU recognizesthe active SMI# input,
the CPU drives the SMI input low for theduration of the SMI routine. The SMI routine is termi­nated with an SMI specific resume instruction (RSM). When the RSM instructionis executed, the
CPU drives the SMI pin highfor one CLKperiod. The SMI# pin must be allowed to gohigh for
one CLK at the end of theSMI routine in order for the next SMI to be recognized. Since the SMI#
pin is bi-directional, not more than one SMI#interrupt can become active at one time.

2.1.3 Address Strobes

The CPU has two address strobes, ADS# and SMADS#. ADS# is the address strobe used during
normaloperations. The SMADS# address strobe replaces ADS# during SMM for memory ac­cesses when data is written, read,or fetchedin the SMM defined region. Using a separate address
strobe increases chipset compatibility and control.

During an SMM interruptroutine, control can be transferred to main memoryvia a JMP,CALL,
Jcc instruction, executionof a software interrupt (INT), or a hardware interrupt (INTR or NMI).
Executionin mainmemory will cause ADS# to be generatedfor code anddata outside of the de­fined SMM address region. (It is assumed, but not required, that the chipsetultimately translates
SMADS#and a particular address to some other address.) To accessdata in main memory that
overlaps theSMM addressspace, the MMAC bit (CCR1, bit 3)must be set. This allowsADS#
strobes to be generated for data accesses in memory which overlapSMM memory while in SMM
mode. It is not possible to execute code in main memorythat overlaps SMM space while in SMM
mode.

ST486DX - SMMIMPLEMENTATION

13

ST486DX - SMMIMPLEMENTATION

14

SMADS#can also be generated for memory reads/writes and code fetches within the defined SMM
region when the SMAC bit (CCR1, bit 2) is set while in normal mode. Thegeneration of SMADS#
permits a program in normal mode to jump into SMM code space. The RSM instruction should not
be executed after jumpinginto SMMspace unless valid return information is first writteninto the
SMM header.

2.1.4 Chipset RDY#

The SGS ThomsonCPU has one RDY#input. Chipsets that implement the dual ready lines (one
for SMM and one for normalmemory) can logically OR the two ready lines togetherto produce a
single RDY#line.

2.1.5 Cache Coherency

SMM memory is never cached in the CPUinternal cache. Thismakes cache coherencycompletely
transparentto the SMM programmer. If the CPU cache is in write-back mode, all write-back cy­cles will be directed to normalmemory withthe use of the ADS# signal. An INVD or WBINVD
will write dirtydata out to normal memory even if it overlaps with SMM space.

SMM memory canbe cachedby a externalcache controller, but it is up to the cachedesigner to be
sure to maintain a distinctionbetween SMM memory space and normal memory space.

The A20M# input to the CPU is ignoredfor all SMMspace accesses (any accesseswhich uses
SMADS#).

2.2 Configuration ControlRegisters

This section describes how to use the Configuration Control Registers in SMM code. For a com­plete description of the ConfigurationControl Registers, refer to the SGS-Thomson ST486DX and

ST486DX2Processors Data Book.

All Configuration Control Register bitsare set to 0 when RESET is asserted. Asserting WM_RST
does not affect the configuration registers.

These registers areaccessed by writing the register index to I/O port 22h. I/Oport 23h is used for
data transfer. Each data transfer to I/O port 23h must be preceded by an I/O port 22h register index
selection, otherwise the port 23h access will be directed off chip. Before accessing these registers,
all interrupts, includingSMI, must be disabled. A problem could occur if an interrupt occurs after
writing to port 22h but before accessing port 23h. The interruptservice routine might access port
22h or 23h. After returning from the interrupt, the access to port 23h would be redirected to an­other index or possibly off chip. Before accessing the ConfigurationControl Registers from out­side of SMM mode, the chipset generation of SMI# interrupt must be disabled if the CPU SMI#
input is enabled.

RegisterINDEX = C1h

76543210

NO-LOCK MMAC SMAC SMI RPL

Reserved

Table 2 - 1 CCR1 Register

ST486DX - SMMIMPLEMENTATION

15

The portions of the ConfigurationControl Registers(CCR1, CCR2, and CCR3)which applyto
SMM and power management are described in the following pages.

SMI Enable SMM Pins
SMI = 0: SMI# input pin is ignored and SMADS# output pin floats. Executionof

SGS Thomson specific SMM instructions willgenerate an invalidopcode exception.

SMI = 1: SMI# input/outputpin and SMADS# output pin are enabled.SMI must be set

to 1 before any attempted accessto SMMmemory is made.

SMAC SystemManagement Memory Access
SMAC = 0: All memoryaccesses in normal mode go to system memory with ADS# output

active. In normal mode, execution of SGS Thomson specific SMM instructions
generate an invalid opcode exception.

SMAC = 1: Memory accesseswhile in normal mode that fall within the specifiedSMM

address region generatean SMADS#output and access SMM memory. SMI#
input is ignored.

MMAC MainMemory Access
MMAC = 0: All Memory accesseswhile in SMM mode go to SMM memory with SMADS#

output active.

MMAC = 1: Data accesses while in SMM mode that fall within the specified SMM address

region will generate an ADS# output and access mainmemory. Code fetches
are not effected by the MMAC bit. Code fetches from the SMMaddress region
always generate an SMADS#output and access SMM memory. If both the
SMAC and MMAC bits are set to 1,the MMAC bit has precedence.

HALT Suspendon HALT.
HALT = 0: CPU does not entersuspend mode following execution of aHLT instruction
HALT = 1: CPU enters suspend mode following execution of a HLT instruction.
SUSP Enable Suspend Pins.
SUSP = 0: SUSP# input isignored and SUSPA#output floats.
SUSP = 1: SUSP# input and SUSPA# output are enabled.

Reg. INDEX = C2h

76543 2 1 0

SUSP BWRT BARB WT1 HALT LOCK-NW WBAK COP/Reserved

Table 2 - 2 CCR2

Reg. INDEX = C3h

76543 2 1 0

NMIEN SMI-LOCK

Reserved

Table 2 - 1 CCR3

ST486DX - SMMIMPLEMENTATION

16

SMI_LOCKSMM Register Lock.
SMI_LOCK = 0: Any program in normal mode,as well as SMM software, has access to all

ConfigurationControl Registers.

SMI_LOCK = 1: The following ConfigurationControl Register bits can not bemodified unless

operating inSMM mode:
SMI, SMAC, MMAC, NMIEN, SMI_LOCK, and SMAR registersize fields.

NMIEN NMIEnable.
NMIEN = 0: NMI (Non-MaskableInterrupt) is not recognized during SMM. One occurrence of

NMI is latched and serviced after SMM mode is exited. TheNMIEN bit should
be cleared before executing a RSM instruction to exitSMM.

NMIEN = 1: NMI is enabled during SMM. This bit should onlybe set temporarilywhile in the

SMM routine to allow NMI interrupts to be serviced. NMIENshould not be set

Reg. Index = CDh Reg.Index = CEh Reg. Index = CFh

70707430

BaseAddress Size

A31 A24 A23 A16 A15 A12 see table below

Table 2 - 3. SMAR SMM Address RegionRegisters

Bits 3-0 BLOCK SIZE Bits 3-0 BLOCK SIZE

0h Disable 8h 512 KBytes
1h 4 KBytes 9h 1MBytes
2h 8 KBytes Ah 2MBytes
3h 16 KBytes Bh 4 MBytes
4h 32 KBytes Ch 8 MBytes
5h 64 KBytes Dh 16MBytes
6h 128 KBytes Eh 32MBytes
7h 256 KBytes Fh 4 KBytes (same as 1h)

Table2 - 4. SMARSIZE FIELD

ST486DX - SMMIMPLEMENTATION

17

to 1 while in normal mode. If NMIEN = 1 when an SMI occurs, an NMI could
occur before the SMMcode has initialized the Interrupt Descriptor Table.

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

SELECTOR or SEGMENT +8

BASE 31 - 24 G D 0 AVL LIMIT 19 - 16 +6

P DPL DT TYPE BASE 23 - 16 +4

BASE 15 - 0 +2
LIMIT 15 - 0 +0

Table 2 - 5. Register and Descriptor Save Format

Instruction Opcode Parameters Core Clocks

RSDC 0F 79 [mod sreg3 r/m] sreg3,mem80 10

ST486DX - SMMIMPLEMENTATION

18

2.3 SMM Instruction Summary

SGS-Thomsonhas added seven new instructions to the X86 standard instruction set to aid in SMM
programming. These instructions are only valid when:

CPL = 0 and
SMI is enabled(CCR1 bit 1 = 1) and
SMAR size > 0 and
either [in SMM mode or SMAC is on (CCR1 bit 2 =1)]
The CPU will generate an undefined opcode fault when the aboveconditions are not met and one

of the SMM instructions are executed. The assembly languagemacro SMIMAC.INC listed in Ap­pendix A will automatically generate the appropriate machine code when included in a source file
containing SGS-Thomson SMM instructions.

Most of the SGS-Thomson SMM instructions are used to access the non-programmer visibleinter­nal descriptors. Thestandard x86 instructionscan not access this information inside the CPU. This
information is stored in memory in a 10 Byte area that is comprised of both the descriptor (8-Bytes)
and the segment register/selector (2 Bytes). The 8 Byte descriptor is in the same format that is
found in the GDTor LDT. If the data area is dword aligned,it will minimize the memory access
time.

2.3.1 RSDC - RestoreRegister and Descriptor

RSDC loads the informationat the mem80 into a segment register/selector and its associated de­scriptor. Attemptingto use this instruction to load theCode Segment or CodeSelector will gener­ate an invalid opcode instruction. Code Segment or Code Selector is restored from the SMM
header as part of the RSM instruction.

Instruction Opcode Parameters Core Clocks

RSM 0F AA None 76

Instruction Opcode Parameters Core Clocks

RSTS 0F 7D [mod 000 r/m] mem80 10

Instruction Opcode Parameters Core Clocks

SMINT 0F 7E None 24

Instruction Opcode Parameters Core Clocks

RSLDT 0F 7B[mod 000 r/m] mem80 10

2.3.2 RSLDT - Restore LDT and Descriptor

ST486DX - SMMIMPLEMENTATION

19

RSLDT loads the information at the mem80 into Local Descriptor Table Registerand its associated
descriptor.

2.3.3 RSM - Resume Back to Normal Mode

RSM will restore the state of the CPU from the SMM header at the top of SMM space and exit
SMM. This is the last instruction executed in an SMI handler. After theCPU state is restored,the
SMI#pin is driven inactivefor one clock then floated so the pin can be driven by the system.

2.3.4 RSTS - Restore TSR and Descriptor

RSTSloads the information at themem80 address into the Task Register and its associated
descriptor.

2.3.5 SMINT - SoftwareSMM Interrupt

SMINT will cause the CPU to enter SMM as though the hardwareSMI# pin was sampledlow.
The S bit in the SMMheader is set. The SMI# signal is not driven by the CPU when SMM is en­tered with SMINT.