GETSEC[SEXIT] — Exit Measured Environment

Opcode Instruction Description
NP 0F 37 (EAX=5) GETSEC[SEXIT] Exit measured environment.

Description

The GETSEC[SEXIT] instruction initiates an exit of a measured environment established by GETSEC[SENTER]. The SEXIT leaf of GETSEC is selected with EAX set to 5 at execution. This instruction leaf sends a message to all logical processors in the platform to signal the measured environment exit.

There are restrictions enforced by the processor for the execution of the GETSEC[SEXIT] instruction:

Failure to abide by the above conditions results in the processor signaling a general protection violation.

This instruction initiates a sequence to rendezvous the RLPs with the ILP. It then clears the internal processor flag indicating the processor is operating in a measured environment.

In response to a message signaling the completion of rendezvous, all RLPs restart execution with the instruction that was to be executed at the time GETSEC[SEXIT] was recognized. This applies to all processor conditions, with the following exceptions:

Prior to completion of the GETSEC[SEXIT] operation, both the ILP and any active RLPs unmask the response of the external event signals INIT#, A20M, NMI#, and SMI#. This unmasking is performed unconditionally to recognize pin events which are masked after a GETSEC[SENTER]. The state of A20M is unmasked, as the A20M pin is not recognized while the measured environment is active.

On a successful exit of the measured environment, the ILP re-locks the Intel® TXT-capable chipset private configuration space. GETSEC[SEXIT] does not affect the content of any PCR.

At completion of GETSEC[SEXIT] by the ILP, execution proceeds to the next instruction. Since EFLAGS and the debug register state are not modified by this instruction, a pending trap condition is free to be signaled if previously enabled.

Operation in a Uni-Processor Platform

(* The state of the internal flag ACMODEFLAG and SENTERFLAG persist across instruction boundary *)

GETSEC[SEXIT] (ILP only):

IF (CR4.SMXE=0)

THEN #UD;

ELSE IF (in VMX non-root operation)

THEN VM Exit (reason=”GETSEC instruction”);

ELSE IF (GETSEC leaf unsupported)

THEN #UD;

ELSE IF ((in VMX root operation) or

(CR0.PE=0) or (CPL>0) or (EFLAGS.VM=1) or

(IA32_APIC_BASE.BSP=0) or

(TXT chipset not present) or

(SENTERFLAG=0) or (ACMODEFLAG=1) or (IN_SMM=1))

THEN #GP(0);

SignalTXTMsg(SEXIT);

DO

WHILE (no SignalSEXIT message);

TXT_SEXIT_MSG_EVENT (ILP & RLP):

Mask and clear SignalSEXIT event;

Clear MONITOR FSM;

Unmask SignalSENTER event;

IF (in VMX operation)

THEN TXT-SHUTDOWN(#IllegalEvent);

SignalTXTMsg(SEXITAck);

IF (logical processor is not ILP)

THEN GOTO RLP_SEXIT_ROUTINE;

(* ILP waits for all logical processors to ACK *)

DO

DONE← READ(LT.STS); WHILE (NOT DONE);

SignalTXTMsg(SEXITContinue);

SignalTXTMsg(ClosePrivate);

SENTERFLAG← 0; Unmask SMI, INIT, A20M, and NMI external pin events;

END;

RLP_SEXIT_ROUTINE (RLPs only):

Wait for SignalSEXITContinue message;

Unmask SMI, INIT, A20M, and NMI external pin events;

IF (prior execution state = HLT)

THEN reenter HLT state;

IF (prior execution state = SENTER sleep)

THEN

IA32_APIC_BASE.BSP← 0; Clear pending SIPI state;

Call INIT_PROCESSOR_STATE;

Unmask SIPI event;

GOTO WAIT-FOR-SIPI;

FI;

END;

Flags Affected

ILP: None.

RLPs: all flags are modified for an RLP. returning to wait-for-SIPI state, none otherwise.

Use of Prefixes

LOCK Causes #UD.

REP* Cause #UD (includes REPNE/REPNZ and REP/REPE/REPZ).

Operand size Causes #UD.

NP 66/F2/F3 prefixes are not allowed.

Segmentoverrides Ignored.

Address size Ignored.

REX Ignored.

Protected Mode Exceptions

#UD If CR4.SMXE = 0.
If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].
#GP(0) IfCR0.PE=0orCPL>0orEFLAGS.VM=1.
If in VMX root operation.
If the initiating processor is not designated via the MSR bit IA32_APIC_BASE.BSP.
If an Intel® TXT-capable chipset is not present.
If a protected partition is not already active or the processor is already in authenticated code mode.
If the processor is in SMM.

Real-Address Mode Exceptions

#UD If CR4.SMXE = 0.
If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].
#GP(0) GETSEC[SEXIT] is not recognized in real-address mode.

Virtual-8086 Mode Exceptions

#UD If CR4.SMXE = 0.
If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].
#GP(0) GETSEC[SEXIT] is not recognized in virtual-8086 mode.

Compatibility Mode Exceptions

All protected mode exceptions apply.

64-Bit Mode Exceptions

All protected mode exceptions apply.

VM-Exit Condition

Reason (GETSEC) IF in VMX non-root operation.