GETSEC[CAPABILITIES] Report the SMX Capabilities

OpcodeInstructionDescription
NP 0F 37 (EAX = 0)GETSEC[CAPABILITIES]Report the SMX capabilities. The capabilities index is input in EBX with the result returned in EAX.

Description

The GETSEC[CAPABILITIES] function returns a bit vector of supported GETSEC leaf functions. The CAPABILITIES leaf of GETSEC is selected with EAX set to 0 at entry. EBX is used as the selector for returning the bit vector field in EAX. GETSEC[CAPABILITIES] may be executed at all privilege levels, but the CR4.SMXE bit must be set or an undefined opcode exception (#​​​UD) is returned.

With EBX = 0 upon execution of GETSEC[CAPABILITIES], EAX returns the a bit vector representing status on the presence of a Intel® TXT-capable chipset and the first 30 available GETSEC leaf functions. The format of the returned bit vector is provided in Table 7-3.

If bit 0 is set to 1, then an Intel® TXT-capable chipset has been sampled present by the processor. If bits in the range of 1-30 are set, then the corresponding GETSEC leaf function is available. If the bit value at a given bit index is 0, then the GETSEC leaf function corresponding to that index is unsupported and attempted execution results in a #​​​UD.

Bit 31 of EAX indicates if further leaf indexes are supported. If the Extended Leafs bit 31 is set, then additional leaf functions are accessed by repeating GETSEC[CAPABILITIES] with EBX incremented by one. When the most significant bit of EAX is not set, then additional GETSEC leaf functions are not supported; indexing EBX to a higher value results in EAX returning zero.

FieldBit positionDescription
Chipset Present0Intel® TXT-capable chipset is present.
Undefined1Reserved
ENTERACCS2GETSEC[ENTERACCS] is available.
EXITAC3GETSEC[EXITAC] is available.
SENTER4GETSEC[SENTER] is available.
SEXIT5GETSEC[SEXIT] is available.
PARAMETERS6GETSEC[PARAMETERS] is available.
SMCTRL7GETSEC[SMCTRL] is available.
WAKEUP8GETSEC[WAKEUP] is available.
Undefined30:9Reserved
Extended Leafs31Reserved for extended information reporting of GETSEC capabilities.

Table 7-3. GETSEC Capability Result Encoding (EBX = 0)

Operation

IF (CR4.SMXE=0)
    THEN #​​​UD;
ELSIF (in VMX non-root operation)
    THEN VM Exit (reason=”GETSEC instruction”);
IF (EBX=0) THEN
        BitVector := 0;
        IF (TXT chipset present)
            BitVector[Chipset present] := 1;
        IF (ENTERACCS Available)
            THEN BitVector[ENTERACCS] := 1;
        IF (EXITAC Available)
            THEN BitVector[EXITAC] := 1;
        IF (SENTER Available)
            THEN BitVector[SENTER] := 1;
        IF (SEXIT Available)
            THEN BitVector[SEXIT] := 1;
        IF (PARAMETERS Available)
            THEN BitVector[PARAMETERS] := 1;
        IF (SMCTRL Available)
            THEN BitVector[SMCTRL] := 1;
        IF (WAKEUP Available)
            THEN BitVector[WAKEUP] := 1;
        EAX := BitVector;
ELSE
    EAX := 0;
END;;

Flags Affected

None.

Use of Prefixes

LOCK Causes #​​​UD.

REP* Cause #​​​UD (includes REPNE/REPNZ and REP/REPE/REPZ).

Operand size Causes #​​​UD.

NP 66/F2/F3 prefixes are not allowed.

Segmentoverrides Ignored.

Address size Ignored.

REX Ignored.

Protected Mode Exceptions

#​​​UDIf CR4.SMXE = 0.

Real-Address Mode Exceptions

#​​​UDIf CR4.SMXE = 0.

Virtual-8086 Mode Exceptions

#​​​UDIf CR4.SMXE = 0.

Compatibility Mode Exceptions

#​​​UDIf CR4.SMXE = 0.

64-Bit Mode Exceptions

#​​​UDIf CR4.SMXE = 0.

VM-exit Condition

Reason (GETSEC) If in VMX non-root operation.

This UNOFFICIAL, mechanically-separated, non-verified reference is provided for convenience, but it may be incomplete or broken in various obvious or non-obvious ways. Refer to Intel® 64 and IA-32 Architectures Software Developer’s Manual for anything serious.