GETSEC[SEXIT] — Exit Measured Environment

Description ¶

The GETSEC[SEXIT] instruction initiates an exit of a measured environment established by GETSEC[SENTER]. The SEXIT leaf of GETSEC is selected with EAX set to 5 at execution. This instruction leaf sends a message to all logical processors in the platform to signal the measured environment exit.

There are restrictions enforced by the processor for the execution of the GETSEC[SEXIT] instruction:

• Execution is not allowed unless the processor is in protected mode (CR0.PE = 1) with CPL = 0 and EFLAGS.VM = 0.
• The processor must be in a measured environment as launched by a previous GETSEC[SENTER] instruction, but not still in authenticated code execution mode.
• To avoid potential interoperability conflicts between modes, the processor is not allowed to execute this instruction if it currently is in SMM or in VMX operation.
• To ensure consistent handling of SIPI messages, the processor executing the GETSEC[SEXIT] instruction must also be designated the BSP (bootstrap processor) as defined by the register bit IA32_APIC_BASE.BSP (bit 8).

Failure to abide by the above conditions results in the processor signaling a general protection violation.

This instruction initiates a sequence to rendezvous the RLPs with the ILP. It then clears the internal processor flag indicating the processor is operating in a measured environment.

In response to a message signaling the completion of rendezvous, all RLPs restart execution with the instruction that was to be executed at the time GETSEC[SEXIT] was recognized. This applies to all processor conditions, with the following exceptions:

• If an RLP executed HLT and was in this halt state at the time of the message initiated by GETSEC[SEXIT], then execution resumes in the halt state.
• If an RLP was executing MWAIT, then a message initiated by GETSEC[SEXIT] causes an exit of the MWAIT state, falling through to the next instruction.
• If an RLP was executing an intermediate iteration of a string instruction, then the processor resumes execution of the string instruction at the point which the message initiated by GETSEC[SEXIT] was recognized.
• If an RLP is still in the SENTER sleep state (never awakened with GETSEC[WAKEUP]), it will be sent to the wait-for-SIPI state after first clearing the bootstrap processor indicator flag (IA32_APIC_BASE.BSP) and any pending SIPI state. In this case, such RLPs are initialized to an architectural state consistent with having taken a soft reset using the INIT# pin.

Prior to completion of the GETSEC[SEXIT] operation, both the ILP and any active RLPs unmask the response of the external event signals INIT#, A20M, NMI#, and SMI#. This unmasking is performed unconditionally to recognize pin events which are masked after a GETSEC[SENTER]. The state of A20M is unmasked, as the A20M pin is not recognized while the measured environment is active.

On a successful exit of the measured environment, the ILP re-locks the Intel® TXT-capable chipset private configuration space. GETSEC[SEXIT] does not affect the content of any PCR.

At completion of GETSEC[SEXIT] by the ILP, execution proceeds to the next instruction. Since EFLAGS and the debug register state are not modified by this instruction, a pending trap condition is free to be signaled if previously enabled.

Operation in a Uni-Processor Platform ¶

(* The state of the internal flag ACMODEFLAG and SENTERFLAG persist across instruction boundary *)

GETSEC[SEXIT] (ILP Only):

IF (CR4.SMXE=0)

THEN #UD;

ELSE IF (in VMX non-root operation)

THEN VM Exit (reason=”GETSEC instruction”);

ELSE IF (GETSEC leaf unsupported)

THEN #UD;

ELSE IF ((in VMX root operation) or

(CR0.PE=0) or (CPL>0) or (EFLAGS.VM=1) or

(IA32_APIC_BASE.BSP=0) or

(TXT chipset not present) or

(SENTERFLAG=0) or (ACMODEFLAG=1) or (IN_SMM=1))

THEN #GP(0);

SignalTXTMsg(SEXIT);

DO

WHILE (no SignalSEXIT message);

TXT_SEXIT_MSG_EVENT (ILP & RLP):

Mask and clear SignalSEXIT event;

Clear MONITOR FSM;

Unmask SignalSENTER event;

IF (in VMX operation)

THEN TXT-SHUTDOWN(#IllegalEvent);

SignalTXTMsg(SEXITAck);

IF (logical processor is not ILP)

THEN GOTO RLP_SEXIT_ROUTINE;

(* ILP waits for all logical processors to ACK *)

DO

DONE := READ(LT.STS);

WHILE (NOT DONE);

SignalTXTMsg(SEXITContinue);

SignalTXTMsg(ClosePrivate);

SENTERFLAG := 0;

Unmask SMI, INIT, A20M, and NMI external pin events;

END;

RLP_SEXIT_ROUTINE (RLPs Only):

Wait for SignalSEXITContinue message;

Unmask SMI, INIT, A20M, and NMI external pin events;

IF (prior execution state = HLT)

THEN reenter HLT state;

IF (prior execution state = SENTER sleep)

THEN

IA32_APIC_BASE.BSP := 0;

Clear pending SIPI state;

Call INIT_PROCESSOR_STATE;

Unmask SIPI event;

GOTO WAIT-FOR-SIPI;

FI;

END;

Flags Affected ¶

ILP: None.

RLPs: All flags are modified for an RLP. returning to wait-for-SIPI state, none otherwise.

Use of Prefixes ¶

LOCK Causes #UD.

REP* Cause #UD (includes REPNE/REPNZ and REP/REPE/REPZ).

Operand size Causes #UD.

NP 66/F2/F3 prefixes are not allowed.

Segmentoverrides Ignored.

Address size Ignored.

REX Ignored.

Protected Mode Exceptions ¶

Real-Address Mode Exceptions ¶

Virtual-8086 Mode Exceptions ¶

Compatibility Mode Exceptions ¶

All protected mode exceptions apply.

64-Bit Mode Exceptions ¶

All protected mode exceptions apply.

VM-Exit Condition ¶

Reason (GETSEC) If in VMX non-root operation.