Protected Mode

What Does Protected Mode Mean?

Protected mode is an operational mode of the Intel 80286-compatible CPU. It permits system software to use features such as virtual memory, paging and safe multi-tasking. It is also designed to increase the OS’s control over application software.

This term is also known as protected virtual address mode.

Techopedia Explains Protected Mode

Protected mode was incorporated into Intel’s x86 architecture in early 1982. It then evolved into a basic foundation for all further Intel x86 architectures. The initial versions did not permit a switch back to real mode or enabling the protected mode. However, an option was provided to save the stack pointers, registers and interrupt mask in RAM through a keyboard controller. Later, with the advent of the 386 processor, protected mode could be enabled easily, eliminating complex steps involved in the 286 architecture, which did not have any internal mechanism to exit the protected mode.Protected mode provides several features to enhance system stability and security. These features are:

• Privilege levels: There exist four privilege levels (also termed rings), where ring 3 is the least privileged and ring 0 is the most privileged. These rings allow system software to prevent tasks from accessing data. Generally, an application runs on ring 3 while the OS runs on ring 0.
• Virtual 8086 mode: Intel terms protected mode as virtual mode, which permits previously written code for 8086 to run on new systems (backward compatibility) without any modification, providing system stability and security.
• Real mode application compatibility: Windows 3.x, together with its successors, provides a binary compatibility with real mode to run Windows 2.x applications, also in protected mode.
• Segment addressing: In protected mode, the segment part is replaced by a 16-bit selector. The 13 upper bits contains the index of an entry inside the descriptor table. This entry contains some flags, a limit value for the segment size, and the real line address of the segment. The lowest two bits define the privilege of the request from 0 to 3. The last bit specifies whether the operation is against the GDT or a LDT.
• Multitasking: This is the ability of the OS to run multiple tasks concurrently. It can only be implemented if each task is scheduled for execution on different processors. While switching between tasks, processors save the current context information in a task state segment. When the original task has to be rescheduled for execution, the saved information is used by the processors to set their internal registers for resuming execution.
• Protection: Protection mode guards against software bugs and helps the OS perform reliable multitasking. Checks are made before the memory cycle starts and any offending memory cycle is terminated, generating an exception. The stability of all software development tools is ensured by blocking illegal memory references.
• Paging: Pages are sections of memory. The operating system can create a different virtual address for each task, deterring one task from manipulating the memory of another. Pages can also be transferred from primary to secondary storage, permitting more space for storage.
• Debugging support: As part of protected mode, 80386 provides a set of configurable debug registers. You can set a breakpoint by specifying the desired memory address in one of the debug registers and the type of cycle to trigger the breakpoint. When the breakpoint hits, an exception is generated and the debugger gains control to display information regarding the processor’s internal state.