GETSEC[SMCTRL]

SMX Mode Control

Opcodes

Hex Mnemonic Encoding Long Mode Legacy Mode Description
0F 37 (EAX = 7) GETSEC[SMCTRL] None None None Perform specified SMX mode control as selected with the input EBX.

Description

The GETSEC[SMCTRL] instruction is available for performing certain SMX specific mode control operations. The operation to be performed is selected through the input register EBX. Currently only an input value in EBX of 0 is supported. All other EBX settings will result in the signaling of a general protection violation.

If EBX is set to 0, then the SMCTRL leaf is used to re-enable SMI events. SMI is masked by the ILP executing the GETSEC[SENTER] instruction (SMI is also masked in the responding logical processors in response to SENTER rendezvous messages.). The determination of when this instruction is allowed and the events that are unmasked is dependent on the processor context (See Table 6-11). For brevity, theusage of SMCTRL where EBX=0 will be referred to as GETSEC[SMCTRL(0)].

As part of support for launching a measured environment, the SMI, NMI and INIT events are masked after GETSEC[SENTER], and remain masked after exiting authenticated execution mode. Unmasking these events should be accompanied by securely enabling these event handlers. These security concerns can be addressed in VMX operation by a MVMM.

The VM monitor can choose two approaches:

Table 6-11 defines the processor context in which GETSEC[SMCTRL(0)] can be usedand which events will be unmasked. Note that the events that are unmasked are dependent upon the currently operating processor context.

Supported Actions for GETSEC[SMCTRL(0)]
ILP Mode of Operation SMCTRL execution action
In VMX non-root operation VM exit
SENTERFLAG = 0 #GP(0), illegal context
In authenticated code execution mode (ACMODEFLAG = 1) #GP(0), illegal context
SENTERFLAG = 1, not in VMX operation, not in SMM Unmask SMI
SENTERFLAG = 1, in VMX root operation, not in SMM Unmask SMI if SMM monitor is not configured, otherwise #GP(0)
SENTERFLAG = 1, In VMX root operation, in SMM #GP(0), illegal context

Pseudo Code

(* The state of the internal flag ACMODEFLAG and SENTERFLAG persist across instructionboundary *)
IF (CR4.SMXE = 0)
	#UD;
ELSE
	IF (in VMX non-root operation)
		VM Exit (reason = "GETSEC instruction");
	ELSE
		IF (GETSEC leaf unsupported)
			#UD;
		ELSE
			IF ((CR0.PE = 0) or (CPL>0) OR (EFLAGS.VM = 1))
				#GP(0);
			ELSE
				IF((EBX = 0) and (SENTERFLAG = 1) and (ACMODEFLAG = 0) and (IN_SMM = 0) and (((in VMX root operation) and (SMM monitor not configured)) or (not in VMX operation)))
				unmask SMI;
			ELSE
				#GP(0);
			FI;
		FI;
	FI;
END;

Flags Affected

None.

Exceptions

64-Bit Mode Exceptions

All protected mode exceptions apply.

Compatibility Mode Exceptions

All protected mode exceptions apply.

Virtual-8086 Mode Exceptions

Exception Description
#GP(0) GETSEC[SMCTRL] is not recognized in virtual-8086 mode.
#UD If CR4.SMXE = 0. If GETSEC[SMCTRL] is not reported as supported by GETSEC[CAPABILITIES].

Real-Address Mode Exceptions

Exception Description
#GP(0) GETSEC[SMCTRL] is not recognized in real-address mode.
#UD If CR4.SMXE = 0. If GETSEC[SMCTRL] is not reported as supported by GETSEC[CAPABILITIES].

Protected Mode Exceptions

Exception Description
#GP(0) If CR0.PE = 0 or CPL > 0 or EFLAGS.VM = 1. If in VMX root operation. If a protected partition is not already active or the processor is currently in authenticated code mode. If the processor is in SMM. If the SMM monitor is not configured
#UD If CR4.SMXE = 0. If GETSEC[SMCTRL] is not reported as supported by GETSEC[CAPABILITIES].