Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
The Intel sign-in experience has changed to support enhanced security controls. If you sign in, click here for more information.
1078 Discussions

Switching to protected mode clarification



I'm trying to understand a line in the Intel Architecture manual. It's a description of a possible failure situation when switching to protected mode.

Section 9.9.1 gives a recommended procedure for switching to protected mode. Step 3 is the mode switch, and step 4 is to immediately make a far transfer to initialize CS and cause serialization. The final paragraph says failures can occur if there are instructions between steps 3 and 4.

The final sentence is the one I'm not clear on. It says:
Failures will be readily seen in some situations, such as when instructions that reference memory are inserted between steps 3 and 4 while in system management mode.

Does this mean system management mode is reaching out and modifying the code of the program it interrupted, in this scenario? Does anyone know when this might be seen?

0 Kudos
4 Replies
Black Belt

AFAIK no OS be it user mode or kernel mode code will run in system menagement mode.

Black Belt

What it means is the code that you write to setup your protected mode of execution, generally cannot be done in one instruction. You usually have a series of setup instructions (programming Selectors, and Page Table entries, etc...) and the questionable part is there is no uniform certainty as to when these setup instructions take effect other than _after_ making a far transfer. The CPU has an instruction pipeline. This pipeline is filled under the presumption (precluding a far transfer) that the state of the Selectors and Page Table, etc do not change between the load of the pipeline and the execution of the operands. IOW the instructions that make the state change(s) are deferred until the far transfer.

System management mode is only run immediately following the POST at startup. Once this code transitions into Protected Mode there is not way out (other than by power down or on later CPUs by entry into the HyperViser mode).

Jim Dempsey

Black Belt

According to Chapter 34 of Volume 3 of the SDM, SMM can be entered at any time if the processor receives an SMI interrupt. 

Section 34.1 describes the functionality, which makes it clear that this is meant to be available at any time (in a way that is invisible to user or OS code):

SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code. It is intended for use only by system firmware, not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.

When SMM is invoked through a system management interrupt (SMI), the processor saves the current state of the processor (the processor’s context), then switches to a separate operating environment defined by a new address space.[...] While in SMM, the processor executes SMI handler code to perform operations such as powering down unused disk drives or monitors, executing proprietary code, or placing the whole system in a suspended state. When the SMI handler has completed its operations, it executes a resume (RSM) instruction. This instruction causes the processor to reload the saved context of the processor, switch back to protected or real mode, and resume executing the interrupted application or operating-system program or task.


Agreed that SMM can be entered any time. It's kind of external to normal operation. Meant to be used by firmware for eg power management.

The procedure also specifies a mode switch, then immediate far transfer. One instruction enters protected mode. The very next instruction performs a far transfer.

The manual is saying a failure can occur between these 2 instructions. All preceding preparation for entering protected mode has already completed at this point. Not really clear on what exactly can fail here, or why.

I don't fully understand SMM yet. Wonder if the SMM entry doesn't cause serialization the way normal far transfers do. Maybe that leaves open the possibility that normal operations in SMM can cause problems if it was entered between these 2 instructions.