SAFER MODE EXTENSIONS REFERENCE
Vol. 2D 6-3
.
6.2.2.2
GETSEC[ENTERACCS]
The GETSEC[ENTERACCS] leaf enables authenticated code execution mode. The ENTERACCS leaf function
performs an authenticated code module load using the chipset public key as the signature verification. ENTERACCS
requires the existence of an IntelĀ® Trusted Execution Technology capable chipset since it unlocks the chipset
private configuration register space after successful authentication of the loaded module. The physical base
address and size of the authenticated code module are specified as input register values in EBX and ECX, respec-
tively.
While in the authenticated code execution mode, certain processor state properties change. For this reason, the
time in which the processor operates in authenticated code execution mode should be limited to minimize impact
on external system events.
Upon entry into , the previous paging context is disabled (since the authenticated code module image is specified
with physical addresses and can no longer rely upon external memory-based page-table structures).
Prior to executing the GETSEC[ENTERACCS] leaf, system software must ensure the logical processor issuing
GETSEC[ENTERACCS] is the boot-strap processor (BSP), as indicated by IA32_APIC_BASE.BSP = 1. System soft-
ware must ensure other logical processors are in a suitable idle state and not marked as BSP.
The GETSEC[ENTERACCS] leaf may be used by different agents to load different authenticated code modules to
perform functions related to different aspects of a measured environment, for example system software and
IntelĀ® TXT enabled BIOS may use more than one authenticated code modules.
6.2.2.3
GETSEC[EXITAC]
GETSEC[EXITAC] takes the processor out of . When this instruction leaf is executed, the contents of the authenti-
cated code execution area are scrubbed and control is transferred to the non-authenticated context defined by a
near pointer passed with the GETSEC[EXITAC] instruction.
The authenticated code execution area is no longer accessible after completion of GETSEC[EXITAC]. RBX (or EBX)
holds the address of the near absolute indirect target to be taken.
6.2.2.4
GETSEC[SENTER]
The GETSEC[SENTER] leaf function is used by the initiating logical processor (ILP) to launch an MLE.
GETSEC[SENTER] can be considered a superset of the ENTERACCS leaf, because it enters as part of the measured
environment launch.
Measured environment startup consists of the following steps:
Table 6-2. GETSEC Leaf Functions
Index (EAX)
Leaf function
Description
0
CAPABILITIES
Returns the available leaf functions of the GETSEC instruction.
1
Undefined
Reserved
2
ENTERACCS
Enter
3
EXITAC
Exit
4
SENTER
Launch an MLE.
5
SEXIT
Exit the MLE.
6
PARAMETERS
Return SMX related parameter information.
7
SMCTRL
SMX mode control.
8
WAKEUP
Wake up sleeping processors in safer mode.
9 - (4G-1)
Undefined
Reserved