drginfo/ia32-64
1
0
Fork 0
forked from NRZCode/ia32-64
Code Pull requests Activity
ia32-64/x86/sexit.html

165 lines
9.1 KiB
HTML
Raw Permalink Normal View History

Initial commit
2025-07-08 02:23:29 -03:00
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:svg="http://www.w3.org/2000/svg" xmlns:x86="http://www.felixcloutier.com/x86"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="style.css"></link><title>GETSEC[SEXIT]
— Exit Measured Environment</title></head><body><header><nav><ul><li><a href='index.html'>Index</a></li><li>December 2023</li></ul></nav></header><h1>GETSEC[SEXIT]
— Exit Measured Environment</h1>
<table>
<tr>
<th>Opcode</th>
<th>Instruction</th>
<th>Description</th></tr>
<tr>
<td>NP 0F 37 (EAX=5)</td>
<td>GETSEC[SEXIT]</td>
<td>Exit measured environment.</td></tr></table>
<h2 id="description">Description<a class="anchor" href="#description">
</a></h2>
<p>The GETSEC[SEXIT] instruction initiates an exit of a measured environment established by GETSEC[SENTER]. The SEXIT leaf of GETSEC is selected with EAX set to 5 at execution. This instruction leaf sends a message to all logical processors in the platform to signal the measured environment exit.</p>
<p>There are restrictions enforced by the processor for the execution of the GETSEC[SEXIT] instruction:</p>
<ul>
<li>Execution is not allowed unless the processor is in protected mode (CR0.PE = 1) with CPL = 0 and EFLAGS.VM = 0.</li>
<li>The processor must be in a measured environment as launched by a previous GETSEC[SENTER] instruction, but not still in authenticated code execution mode.</li>
<li>To avoid potential interoperability conflicts between modes, the processor is not allowed to execute this instruction if it currently is in SMM or in VMX operation.</li>
<li>To ensure consistent handling of SIPI messages, the processor executing the GETSEC[SEXIT] instruction must also be designated the BSP (bootstrap processor) as defined by the register bit IA32_APIC_BASE.BSP (bit 8).</li></ul>
<p>Failure to abide by the above conditions results in the processor signaling a general protection violation.</p>
<p>This instruction initiates a sequence to rendezvous the RLPs with the ILP. It then clears the internal processor flag indicating the processor is operating in a measured environment.</p>
<p>In response to a message signaling the completion of rendezvous, all RLPs restart execution with the instruction that was to be executed at the time GETSEC[SEXIT] was recognized. This applies to all processor conditions, with the following exceptions:</p>
<ul>
<li>If an RLP executed HLT and was in this halt state at the time of the message initiated by GETSEC[SEXIT], then execution resumes in the halt state.</li>
<li>If an RLP was executing MWAIT, then a message initiated by GETSEC[SEXIT] causes an exit of the MWAIT state, falling through to the next instruction.</li>
<li>If an RLP was executing an intermediate iteration of a string instruction, then the processor resumes execution of the string instruction at the point which the message initiated by GETSEC[SEXIT] was recognized.</li>
<li>If an RLP is still in the SENTER sleep state (never awakened with GETSEC[WAKEUP]), it will be sent to the wait-for-SIPI state after first clearing the bootstrap processor indicator flag (IA32_APIC_BASE.BSP) and any pending SIPI state. In this case, such RLPs are initialized to an architectural state consistent with having taken a soft reset using the INIT# pin.</li></ul>
<p>Prior to completion of the GETSEC[SEXIT] operation, both the ILP and any active RLPs unmask the response of the external event signals INIT#, A20M, NMI#, and SMI#. This unmasking is performed unconditionally to recognize pin events which are masked after a GETSEC[SENTER]. The state of A20M is unmasked, as the A20M pin is not recognized while the measured environment is active.</p>
<p>On a successful exit of the measured environment, the ILP re-locks the Intel® TXT-capable chipset private configuration space. GETSEC[SEXIT] does not affect the content of any PCR.</p>
<p>At completion of GETSEC[SEXIT] by the ILP, execution proceeds to the next instruction. Since EFLAGS and the debug register state are not modified by this instruction, a pending trap condition is free to be signaled if previously enabled.</p>
<h2 id="operation-in-a-uni-processor-platform">Operation in a Uni-Processor Platform<a class="anchor" href="#operation-in-a-uni-processor-platform">
</a></h2>
<p>(* The state of the internal flag ACMODEFLAG and SENTERFLAG persist across instruction boundary *)</p>
<p><strong>GETSEC[SEXIT] (ILP Only):</strong></p>
<p>IF (CR4.SMXE=0)</p>
<p>THEN #UD;</p>
<p>ELSE IF (in VMX non-root operation)</p>
<p>THEN VM Exit (reason=”GETSEC instruction”);</p>
<p>ELSE IF (GETSEC leaf unsupported)</p>
<p>THEN #UD;</p>
<p>ELSE IF ((in VMX root operation) or</p>
<p>(CR0.PE=0) or (CPL&gt;0) or (EFLAGS.VM=1) or</p>
<p>(IA32_APIC_BASE.BSP=0) or</p>
<p>(TXT chipset not present) or</p>
<p>(SENTERFLAG=0) or (ACMODEFLAG=1) or (IN_SMM=1))</p>
<p>THEN #GP(0);</p>
<p>SignalTXTMsg(SEXIT);</p>
<p>DO</p>
<p>WHILE (no SignalSEXIT message);</p>
<p><strong>TXT_SEXIT_MSG_EVENT (ILP &amp; RLP):</strong></p>
<p>Mask and clear SignalSEXIT event;</p>
<p>Clear MONITOR FSM;</p>
<p>Unmask SignalSENTER event;</p>
<p>IF (in VMX operation)</p>
<p>THEN TXT-SHUTDOWN(#IllegalEvent);</p>
<p>SignalTXTMsg(SEXITAck);</p>
<p>IF (logical processor is not ILP)</p>
<p>THEN GOTO RLP_SEXIT_ROUTINE;</p>
<p>(* ILP waits for all logical processors to ACK *)</p>
<p>DO</p>
<p>DONE := READ(LT.STS);</p>
<p>WHILE (NOT DONE);</p>
<p>SignalTXTMsg(SEXITContinue);</p>
<p>SignalTXTMsg(ClosePrivate);</p>
<p>SENTERFLAG := 0;</p>
<p>Unmask SMI, INIT, A20M, and NMI external pin events;</p>
<p>END;</p>
<p><strong>RLP_SEXIT_ROUTINE (RLPs Only):</strong></p>
<p>Wait for SignalSEXITContinue message;</p>
<p>Unmask SMI, INIT, A20M, and NMI external pin events;</p>
<p>IF (prior execution state = HLT)</p>
<p>THEN reenter HLT state;</p>
<p>IF (prior execution state = SENTER sleep)</p>
<p>THEN</p>
<p>IA32_APIC_BASE.BSP := 0;</p>
<p>Clear pending SIPI state;</p>
<p>Call INIT_PROCESSOR_STATE;</p>
<p>Unmask SIPI event;</p>
<p>GOTO WAIT-FOR-SIPI;</p>
<p>FI;</p>
<p>END;</p>
<h2 id="flags-affected">Flags Affected<a class="anchor" href="#flags-affected">
</a></h2>
<p>ILP: None.</p>
<p>RLPs: All flags are modified for an RLP. returning to wait-for-SIPI state, none otherwise.</p>
<h2 id="use-of-prefixes">Use of Prefixes<a class="anchor" href="#use-of-prefixes">
</a></h2>
<p>LOCK Causes #UD.</p>
<p>REP* Cause #UD (includes REPNE/REPNZ and REP/REPE/REPZ).</p>
<p>Operand size Causes #UD.</p>
<p>NP 66/F2/F3 prefixes are not allowed.</p>
<p>Segmentoverrides Ignored.</p>
<p>Address size Ignored.</p>
<p>REX Ignored.</p>
<h2 class="exceptions" id="protected-mode-exceptions">Protected Mode Exceptions<a class="anchor" href="#protected-mode-exceptions">
</a></h2>
<table>
<tr>
<td rowspan="2">#UD</td>
<td>If CR4.SMXE = 0.</td></tr>
<tr>
<td>If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].</td></tr>
<tr>
<td rowspan="6">#GP(0)</td>
<td>If CR0.PE = 0 or CPL &gt; 0 or EFLAGS.VM = 1.</td></tr>
<tr>
<td>If in VMX root operation.</td></tr>
<tr>
<td>If the initiating processor is not designated via the MSR bit IA32_APIC_BASE.BSP.</td></tr>
<tr>
<td>If an Intel® TXT-capable chipset is not present.</td></tr>
<tr>
<td>If a protected partition is not already active or the processor is already in authenticated code mode.</td></tr>
<tr>
<td>If the processor is in SMM.</td></tr></table>
<h2 class="exceptions" id="real-address-mode-exceptions">Real-Address Mode Exceptions<a class="anchor" href="#real-address-mode-exceptions">
</a></h2>
<table>
<tr>
<td rowspan="2">#UD</td>
<td>If CR4.SMXE = 0.</td></tr>
<tr>
<td>If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].</td></tr>
<tr>
<td>#GP(0)</td>
<td>GETSEC[SEXIT] is not recognized in real-address mode.</td></tr></table>
<h2 class="exceptions" id="virtual-8086-mode-exceptions">Virtual-8086 Mode Exceptions<a class="anchor" href="#virtual-8086-mode-exceptions">
</a></h2>
<table>
<tr>
<td rowspan="2">#UD</td>
<td>If CR4.SMXE = 0.</td></tr>
<tr>
<td>If GETSEC[SEXIT] is not reported as supported by GETSEC[CAPABILITIES].</td></tr>
<tr>
<td>#GP(0)</td>
<td>GETSEC[SEXIT] is not recognized in virtual-8086 mode.</td></tr></table>
<h2 class="exceptions" id="compatibility-mode-exceptions">Compatibility Mode Exceptions<a class="anchor" href="#compatibility-mode-exceptions">
</a></h2>
<p>All protected mode exceptions apply.</p>
<h2 class="exceptions" id="64-bit-mode-exceptions">64-Bit Mode Exceptions<a class="anchor" href="#64-bit-mode-exceptions">
</a></h2>
<p>All protected mode exceptions apply.</p>
<h2 id="vm-exit-condition">VM-Exit Condition<a class="anchor" href="#vm-exit-condition">
</a></h2>
<p>Reason (GETSEC) If in VMX non-root operation.</p><footer><p>
This UNOFFICIAL, mechanically-separated, non-verified reference is provided for convenience, but it may be
inc<span style="opacity: 0.2">omp</span>lete or b<sub>r</sub>oke<sub>n</sub> in various obvious or non-obvious
ways. Refer to <a href="https://software.intel.com/en-us/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4">Intel® 64 and IA-32 Architectures Software Developers Manual</a> for anything serious.
</p></footer></body></html>
Copy permalink