Vol. 3D 37-5
INTRODUCTION TO INTEL® SOFTWARE GUARD EXTENSIONS
37.7.2
Intel® SGX Resource Enumeration Leaves
If CPUID.(EAX=07H, ECX=0H):EBX.SGX = 1, the processor also supports querying CPUID with EAX=12H on Intel
SGX resource capability and configuration. The number of available sub-leaves in leaf 12H depends on the Opt-in
and system software configuration. Information returned by CPUID.12H is thread specific; software should not
assume that if Intel SGX instructions are supported on one hardware thread, they are also supported elsewhere.
A properly configured processor exposes Intel SGX functionality with CPUID.EAX=12H reporting valid information
(non-zero content) in three or more sub-leaves, see Table 37-4.
•
CPUID.(EAX=12H, ECX=0H) enumerates Intel SGX capability, including enclave instruction opcode support.
•
CPUID.(EAX=12H, ECX=1H) enumerates Intel SGX capability of processor state configuration and enclave
configuration in the SECS structure (see Table 38-3).
•
CPUID.(EAX=12H, ECX >1) enumerates available EPC resources.
1
Valid*
0
X
#GP
1
Valid*
1
0
#GP
1
Valid*
1
1
Available (see Table 37-4 for details
of SGX1 and SGX2).
* Leaf 12H enumeration results are dependent on enablement.
** See list of conditions in the #UD section of the reference pages of ENCLS and ENCLU
Table 37-4. CPUID Leaf 12H, Sub-Leaf 0 Enumeration of Intel® SGX Capabilities
CPUID.(EAX=12H,ECX=0)
Description Behavior
Register
Bits
EAX
0
SGX1: If 1, indicates leaf functions of SGX1 instruction listed in Table 37-1 are supported.
1
SGX2: If 1, indicates leaf functions of SGX2 instruction listed in Table 37-2 are supported.
31:2
Reserved (0)
EBX
31:0
MISCSELECT: Reports the bit vector of supported extended features that can be written to the MISC
region of the SSA.
ECX
31:0
Reserved (0).
EDX
7:0
MaxEnclaveSize_Not64: the maximum supported enclave size is 2^(EDX[7:0]) bytes when not in 64-bit
mode.
15:8
MaxEnclaveSize_64: the maximum supported enclave size is 2^(EDX[15:8]) bytes when operating in 64-
bit mode.
31:16
Reserved (0).
Table 37-5. CPUID Leaf 12H, Sub-Leaf 1 Enumeration of Intel® SGX Capabilities
CPUID.(EAX=12H,ECX=1)
Description Behavior
Register
Bits
EAX
31:0
Report the valid bits of SECS.ATTRIBUTES[31:0] that software can set with ECREATE.
SECS.ATTRIBUTES[n] can be set to 1 using ECREATE only if EAX[n] is 1, where n < 32.
EBX
31:0
Report the valid bits of SECS.ATTRIBUTES[63:32] that software can set with ECREATE.
SECS.ATTRIBUTES[n+32] can be set to 1 using ECREATE only if EBX[n] is 1, where n < 32.
Table 37-3. Intel® SGX Opt-in and Enabling Behavior
CPUID.(07H,0H):EBX.
SGX
CPUID.(12H)
FEATURE_CONTROL.
LOCK
FEATURE_CONTROL.
SGX_ENABLE
Enclave Instruction