GETSEC[CAPABILITIES] — Report the SMX Capabilities

Opcode Instruction Description
NP 0F 37 (EAX = 0) GETSEC[CAPABILITIES] Report the SMX capabilities. The capabilities index is input in EBX with the result returned in EAX.

Description

The GETSEC[CAPABILITIES] function returns a bit vector of supported GETSEC leaf functions. The CAPABILITIES leaf of GETSEC is selected with EAX set to 0 at entry. EBX is used as the selector for returning the bit vector field in EAX. GETSEC[CAPABILITIES] may be executed at all privilege levels, but the CR4.SMXE bit must be set or an undefined opcode exception (#UD) is returned.

With EBX = 0 upon execution of GETSEC[CAPABILITIES], EAX returns the a bit vector representing status on the presence of a Intel® TXT-capable chipset and the first 30 available GETSEC leaf functions. The format of the returned bit vector is provided in Table 6-3.

If bit 0 is set to 1, then an Intel® TXT-capable chipset has been sampled present by the processor. If bits in the range of 1-30 are set, then the corresponding GETSEC leaf function is available. If the bit value at a given bit index is 0, then the GETSEC leaf function corresponding to that index is unsupported and attempted execution results in a #UD.

Bit 31 of EAX indicates if further leaf indexes are supported. If the Extended Leafs bit 31 is set, then additional leaf functions are accessed by repeating GETSEC[CAPABILITIES] with EBX incremented by one. When the most significant bit of EAX is not set, then additional GETSEC leaf functions are not supported; indexing EBX to a higher value results in EAX returning zero.

Field Bit position Description
Chipset Present 0 Intel® TXT-capable chipset is present.
Undefined 1 Reserved
ENTERACCS 2 GETSEC[ENTERACCS] is available.
EXITAC 3 GETSEC[EXITAC] is available.
SENTER 4 GETSEC[SENTER] is available.
SEXIT 5 GETSEC[SEXIT] is available.
PARAMETERS 6 GETSEC[PARAMETERS] is available.
SMCTRL 7 GETSEC[SMCTRL] is available.
WAKEUP 8 GETSEC[WAKEUP] is available.
Undefined 30:9 Reserved
Extended Leafs 31 Reserved for extended information reporting of GETSEC capabilities.
Table 6-3. GETSEC Capability Result Encoding (EBX = 0)

Operation

IF (CR4.SMXE=0)
    THEN #UD;
ELSIF (in VMX non-root operation)
    THEN VM Exit (reason=”GETSEC instruction”);
IF (EBX=0) THEN
        BitVector← 0;
        IF (TXT chipset present)
            BitVector[Chipset present]← 1;
        IF (ENTERACCS Available)
            THEN BitVector[ENTERACCS]← 1;
        IF (EXITAC Available)
            THEN BitVector[EXITAC]← 1;
        IF (SENTER Available)
            THEN BitVector[SENTER]← 1;
        IF (SEXIT Available)
            THEN BitVector[SEXIT]← 1;
        IF (PARAMETERS Available)
            THEN BitVector[PARAMETERS]← 1;
        IF (SMCTRL Available)
            THEN BitVector[SMCTRL]← 1;
        IF (WAKEUP Available)
            THEN BitVector[WAKEUP]← 1;
        EAX← BitVector;
ELSE
    EAX← 0;
END;;

Flags Affected

None

Use of Prefixes

LOCK Causes #UD.

REP* Cause #UD (includes REPNE/REPNZ and REP/REPE/REPZ).

Operand size Causes #UD.

NP 66/F2/F3 prefixes are not allowed.

Segmentoverrides Ignored.

Address size Ignored.

REX Ignored.

Protected Mode Exceptions

#UD IF CR4.SMXE = 0.

Real-Address Mode Exceptions

#UD IF CR4.SMXE = 0.

Virtual-8086 Mode Exceptions

#UD IF CR4.SMXE = 0.

Compatibility Mode Exceptions

#UD IF CR4.SMXE = 0.

64-Bit Mode Exceptions

#UD IF CR4.SMXE = 0.

VM-exit Condition

Reason (GETSEC) IF in VMX non-root operation.