Looking at Q35 code and Seabios SMM relocation as example, if I see it right QEMU has: - SMRAM is aliased from DRAM at 0xa0000 - and TSEG steals from the top of low RAM when configured
Now problem is that default SMBASE at 0x30000 isn't backed by anything in SMRAM address space and default SMI entry falls-through to the same location in System address space.
The later is not trusted and entry into SMM mode will corrupt area + might jump to 'random' SMI handler (hence save/restore code in Seabios).
Here is an idea, can we map a memory region at 0x30000 in SMRAM address space with relocation space/code reserved. It could be a part of TSEG (so we don't have to invent ABI to configure that)?
No, there could be real mode code using it. What we _could_ do is initialize SMBASE to 0xa0000, but I think it's better to not deviate too much from processor behavior (even if it's admittedly a 20-years legacy that doesn't make any sense).
