GETSEC[SEXIT]

Exit Measured Environment

Opcodes

Hex Mnemonic Encoding Long Mode Legacy Mode Description
0F 37 (EAX=5) GETSEC[SEXIT] None None None Exit measured environment

Description

The GETSEC[SEXIT] instruction initiates an exit of a measured environment established by GETSEC[SENTER]. The SEXIT leaf of GETSEC is selected with EAX set to 5 at execution. This instruction leaf sends a message to all logical processors in the platform to signal the measured environment exit.

There are restrictions enforced by the processor for the execution of the GETSEC[SEXIT] instruction:

Failure to abide by the above conditions results in the processor signaling a general protection violation.

This instruction initiates a sequence to rendezvous the RLPs with the ILP. It then clears the internal processor flag indicating the processor is operating in a measured environment.

In response to a message signaling the completion of rendezvous, all RLPs restart execution with the instruction that was to be executed at the time GETSEC[SEXIT] was recognized. This applies to all processor conditions, with the following exceptions:

the bootstrap processor indicator flag (IA32_APIC_BASE.BSP) and any pending SIPI state. In this case, such RLPs are initialized to an architectural state consistent with having taken a soft reset using the INIT# pin.

Prior to completion of the GETSEC[SEXIT] operation, both the ILP and any active RLPs unmask the response of the external event signals INIT#, A20M, NMI#, and SMI#. This unmasking is performed unconditionally to recognize pin events which are masked after a GETSEC[SENTER]. The state of A20M is unmasked, as the A20M pin is not recognized while the measured environment is active.

On a successful exit of the measured environment, the ILP re-locks the IntelĀ® TXT-capable chipset private configuration space. GETSEC[SEXIT] does not affect the content of any PCR.

At completion of GETSEC[SEXIT] by the ILP, execution proceeds to the next instruction. Since EFLAGS and the debug register state are not modified by this instruction, a pending trap condition is free to be signaled if previously enabled.

Pseudo Code

(* The state of the internal flag ACMODEFLAG and SENTERFLAG persist across instruction boundary *)
(* GETSEC[SEXIT] (ILP only) *)
IF (CR4.SMXE = 0)
	#UD;
ELSE
	IF (in VMX non-root operation)
		VM Exit (reason = "GETSEC instruction");
	ELSE
		IF (GETSEC leaf unsupported)
			#UD;
		ELSE
			IF ((in VMX root operation) or (CR0.PE = 0) or (CPL>0) or (EFLAGS.VM = 1) or (IA32_APIC_BASE.BSP = 0) or (TXT chipset not present) or (SENTERFLAG = 0) or (ACMODEFLAG = 1) or (IN_SMM = 1))
				#GP(0);
			FI;
		FI;
	FI;
FI;
SignalTXTMsg(SEXIT);
DO WHILE (no SignalSEXIT message);
(* TXT_SEXIT_MSG_EVENT (ILP & RLP) *)
Mask and clear SignalSEXIT event;
Clear MONITOR FSM;
Unmask SignalSENTER event;
IF (in VMX operation)
	TXT-SHUTDOWN(#IllegalEvent);
FI;
SignalTXTMsg(SEXITAck);
IF (logical processor is not ILP)
	GOTO RLP_SEXIT_ROUTINE; (* ILP waits for all logical processors to ACK *)
FI;
DONE = READ(LT.STS);
WHILE (NOT DONE);
	SignalTXTMsg(SEXITContinue);
	SignalTXTMsg(ClosePrivate);
	SENTERFLAG = 0;
	Unmask SMI, INIT, A20M, and NMI external pin events;
ELIHW;
(* RLP_SEXIT_ROUTINE (RLPs only) *)
Wait for SignalSEXITContinue message;
Unmask SMI, INIT, A20M, and NMI external pin events;
IF (prior execution state = HLT)
	reenter HLT state;
	IF (prior execution state = SENTER sleep)
		IA32_APIC_BASE.BSP = 0;
		Clear pending SIPI state;
		Call INIT_PROCESSOR_STATE;
		Unmask SIPI event;
		GOTO WAIT-FOR-SIPI;
	FI;
END;

Flags Affected

ILP: None. RLPs: all flags are modified for an RLP. returning to wait-for-SIPI state, none otherwise

Exceptions

VM-Exit Condition

Exception Description
Reason (GETSEC) If in VMX non-root operation.

64-Bit Mode Exceptions

All protected mode exceptions apply.

Compatibility Mode Exceptions

All protected mode exceptions apply.

Virtual-8086 Mode Exceptions

Exception Description
#GP(0) GETSEC[SEXIT] is not recognized in virtual-8086 mode.
#UD If CR4.SMXE = 0. If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].

Real-Address Mode Exceptions

Exception Description
#GP(0) GETSEC[SEXIT] is not recognized in real-address mode.
#UD If CR4.SMXE = 0. If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].

Protected Mode Exceptions

Exception Description
#GP(0) If CR0.PE = 0 or CPL > 0 or EFLAGS.VM = 1. If in VMX root operation. If the initiating processor is not designated as the via the MSR bit IA32_APIC_BASE.BSP. If an IntelĀ® TXT-capable chipset is not present. If a protected partition is not already active or the processor is already in authenticated code mode. If the processor is in SMM.
#UD If CR4.SMXE = 0. If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].