Opcode | Instruction | Description |
---|---|---|
NP 0F 37 (EAX=5) | GETSEC[SEXIT] | Exit measured environment. |
The GETSEC[SEXIT] instruction initiates an exit of a measured environment established by GETSEC[SENTER]. The SEXIT leaf of GETSEC is selected with EAX set to 5 at execution. This instruction leaf sends a message to all logical processors in the platform to signal the measured environment exit.
There are restrictions enforced by the processor for the execution of the GETSEC[SEXIT] instruction:
Failure to abide by the above conditions results in the processor signaling a general protection violation.
This instruction initiates a sequence to rendezvous the RLPs with the ILP. It then clears the internal processor flag indicating the processor is operating in a measured environment.
In response to a message signaling the completion of rendezvous, all RLPs restart execution with the instruction that was to be executed at the time GETSEC[SEXIT] was recognized. This applies to all processor conditions, with the following exceptions:
Prior to completion of the GETSEC[SEXIT] operation, both the ILP and any active RLPs unmask the response of the external event signals INIT#, A20M, NMI#, and SMI#. This unmasking is performed unconditionally to recognize pin events which are masked after a GETSEC[SENTER]. The state of A20M is unmasked, as the A20M pin is not recognized while the measured environment is active.
On a successful exit of the measured environment, the ILP re-locks the Intel® TXT-capable chipset private configuration space. GETSEC[SEXIT] does not affect the content of any PCR.
At completion of GETSEC[SEXIT] by the ILP, execution proceeds to the next instruction. Since EFLAGS and the debug register state are not modified by this instruction, a pending trap condition is free to be signaled if previously enabled.
(* The state of the internal flag ACMODEFLAG and SENTERFLAG persist across instruction boundary *)
GETSEC[SEXIT] (ILP only):
IF (CR4.SMXE=0)
THEN #UD;
ELSE IF (in VMX non-root operation)
THEN VM Exit (reason=”GETSEC instruction”);
ELSE IF (GETSEC leaf unsupported)
THEN #UD;
ELSE IF ((in VMX root operation) or
(CR0.PE=0) or (CPL>0) or (EFLAGS.VM=1) or
(IA32_APIC_BASE.BSP=0) or
(TXT chipset not present) or
(SENTERFLAG=0) or (ACMODEFLAG=1) or (IN_SMM=1))
THEN #GP(0);
SignalTXTMsg(SEXIT);
DO
WHILE (no SignalSEXIT message);
TXT_SEXIT_MSG_EVENT (ILP & RLP):
Mask and clear SignalSEXIT event;
Clear MONITOR FSM;
Unmask SignalSENTER event;
IF (in VMX operation)
THEN TXT-SHUTDOWN(#IllegalEvent);
SignalTXTMsg(SEXITAck);
IF (logical processor is not ILP)
THEN GOTO RLP_SEXIT_ROUTINE;
(* ILP waits for all logical processors to ACK *)
DO
DONE← READ(LT.STS); WHILE (NOT DONE);
SignalTXTMsg(SEXITContinue);
SignalTXTMsg(ClosePrivate);
SENTERFLAG← 0; Unmask SMI, INIT, A20M, and NMI external pin events;
END;
RLP_SEXIT_ROUTINE (RLPs only):
Wait for SignalSEXITContinue message;
Unmask SMI, INIT, A20M, and NMI external pin events;
IF (prior execution state = HLT)
THEN reenter HLT state;
IF (prior execution state = SENTER sleep)
THEN
IA32_APIC_BASE.BSP← 0; Clear pending SIPI state;
Call INIT_PROCESSOR_STATE;
Unmask SIPI event;
GOTO WAIT-FOR-SIPI;
FI;
END;
ILP: None.
RLPs: all flags are modified for an RLP. returning to wait-for-SIPI state, none otherwise.
LOCK Causes #UD.
REP* Cause #UD (includes REPNE/REPNZ and REP/REPE/REPZ).
Operand size Causes #UD.
NP 66/F2/F3 prefixes are not allowed.
Segmentoverrides Ignored.
Address size Ignored.
REX Ignored.
#UD | If CR4.SMXE = 0. |
If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES]. | |
#GP(0) | IfCR0.PE=0orCPL>0orEFLAGS.VM=1. |
If in VMX root operation. | |
If the initiating processor is not designated via the MSR bit IA32_APIC_BASE.BSP. | |
If an Intel® TXT-capable chipset is not present. | |
If a protected partition is not already active or the processor is already in authenticated code mode. | |
If the processor is in SMM. |
#UD | If CR4.SMXE = 0. |
If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES]. | |
#GP(0) | GETSEC[SEXIT] is not recognized in real-address mode. |
#UD | If CR4.SMXE = 0. |
If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES]. | |
#GP(0) | GETSEC[SEXIT] is not recognized in virtual-8086 mode. |
All protected mode exceptions apply.
All protected mode exceptions apply.
Reason (GETSEC) IF in VMX non-root operation.