Vol. 3D 38-1
ENCLAVE ACCESS CONTROL AND DATA STRUCTURES
CHAPTER 38
ENCLAVE ACCESS CONTROL AND DATA STRUCTURES
38.1
OVERVIEW OF ENCLAVE EXECUTION ENVIRONMENT
When an enclave is created, it has a range of linear addresses that the processor applies enhanced access control.
This ranged is called the ELRANGE (see Section 37.3). When an enclave generates a memory access, the existing
IA32 segmentation and paging architecture are applied. Additionally, linear addresses inside the ELRANGE must
map to an EPC page otherwise when an enclave attempts to access that linear address a fault is generated.
The EPC pages need not be physically contiguous. System software allocates EPC pages to various enclaves.
Enclaves must abide by OS/VMM imposed segmentation and paging policies. OS/VMM-managed page tables and
extended page tables provide address translation for the enclave pages. Hardware requires that these pages are
properly mapped to EPC (any failure generates an exception).
Enclave entry must happen through specific enclave instructions:
•
ENCLU[EENTER], ENCLU[ERESUME].
Enclave exit must happen through specific enclave instructions or events:
•
ENCLU[EEXIT], Asynchronous Enclave Exit (AEX).
Attempt to execute, read or write to linear addresses mapped to EPC pages when not inside an enclave will result
in undefined behavior. The processor will provide the protections as described in Section 38.4 and Section 38.5 on
such accesses.
38.2 TERMINOLOGY
A memory access to the ELRANGE and initiated by an instruction executed by an enclave is called a Direct Enclave
Access (Direct EA).
Memory accesses initiated by certain Intel
®
SGX instruction leaf functions such as ECREATE, EADD, EDBGRD,
EDBGWR, ELDU/ELDB, EWB, EREMOVE, EENTER, and ERESUME to EPC pages are called Indirect Enclave Accesses
(Indirect EA). Table 38-1 lists additional details of the indirect EA of SGX1 and SGX2 extensions.
Direct EAs and Indirect EAs together are called Enclave Accesses (EAs).
Any memory access that is not an Enclave Access is called a non-enclave access.
38.3 ACCESS-CONTROL
REQUIREMENTS
Enclave accesses have the following access-control attributes:
•
All memory accesses must conform to segmentation and paging protection mechanisms.
•
Code fetches from inside an enclave to a linear address outside that enclave result in a #GP(0) exception.
•
Non-enclave accesses to EPC memory result in undefined behavior. EPC memory is protected as described in
Section 38.4 and Section 38.5 on such accesses.
•
EPC pages of page types PT_REG, PT_TCS and PT_TRIM must be mapped to ELRANGE at the linear address
specified when the EPC page was allocated to the enclave using ENCLS[EADD] or ENCLS[EAUG] leaf functions.
Enclave accesses through other linear address result in a #PF with the PFEC.SGX bit set.
•
Direct EAs to any EPC pages must conform to the currently defined security attributes for that EPC page in the
EPCM. These attributes may be defined at enclave creation time (EADD) or when the enclave sets them using
SGX2 instructions. The failure of these checks results in a #PF with the PFEC.SGX bit set.
— Target page must belong to the currently executing enclave.
— Data may be written to an EPC page if the EPCM allow write access.
— Data may be read from an EPC page if the EPCM allow read access.