This post showed me how to see stuff in SMM. And I notice that Simics shows other normally "hidden" registers like the segment descriptor shadow values, which only get updated indirectly. So is it possible to see the "smbase" register in Simics?
To read one MSR, currently you need to use interface calls on the processor. The "%" operator reads named registers on the current processor. Calling the iface inspects any processor object, and works for-only-has-a-number MSRs.
Use online help to figure out how to use the interface. For example:
simics> @conf.board.mb.cpu0.core[0][0].iface.x86_msr.get_number("IA32_TSC_DEADLINE")
1760
simics> api-help x86_msr_interface_t
Help on API keyword "x86_msr_interface_t":
DESCRIPTION
SIM_INTERFACE(x86_msr) {
void (*register_handlers)(
conf_object_t *cpu,
int64 number,
x86_msr_getter_func_t getter,
lang_void *getter_data,
x86_msr_setter_func_t setter,
lang_void *setter_data,
...
Adding a command for inspection is on the wish list.
UPDATE.
The interface also provides the ability to look up from number to name. For the case of MSR 0x9E, IA32_SMBASE, on the "client" core in Public Simics, looking up the name yields this:
simics> @conf.board.mb.cpu0.core[0][0].iface.x86_msr.get_name(158)
'msr_ia32_smbase'
simics> @conf.board.mb.cpu0.core[0]0].iface.x86_msr.get_number("msr_ia32_smbase")
158
For historical reasons, the register is called msr_ia32_smbase, and not IA32_SMBASE from the manual. In general, looking things up by number is a bit more robust. Esp since many MSRs just have numbers in the Simics model as it is currently set up.