background image

38-2 Vol. 3D

ENCLAVE ACCESS CONTROL AND DATA STRUCTURES

— Instruction fetches from an EPC page are allowed if the EPCM allows execute access.
— Target page must not have a restricted page type

1

 (PT_SECS, PT_TCS, PT_VA, or PT_TRIM).

— The EPC page must not be BLOCKED. 
— The EPC page must not be PENDING. 
— The EPC page must not be MODIFIED. 

38.4 

SEGMENT-BASED ACCESS CONTROL

Intel SGX architecture does not modify the segment checks performed by a logical processor. All memory accesses 
arising from a logical processor in protected mode (including enclave access) are subject to segmentation checks 
with the applicable segment register. 
To ensure that outside entities do not modify the enclave's logical-to-linear address translation in an unexpected 
fashion, ENCLU[EENTER] and ENCLU[ERESUME] check that CS, DS, ES, and SS, if usable (i.e., not null), have 
segment base value of zero. A non-zero segment base value for these registers results in a #GP(0).
On enclave entry either via EENTER or ERESUME, the processor saves the contents of the external FS and GS regis-
ters, and loads these registers with values stored in the TCS at build time to enable the enclave’s use of these regis-
ters for accessing the thread-local storage inside the enclave. On EEXIT and AEX, the contents at time of entry are 
restored. On AEX, the values of FS and GS are saved in the SSA frame. On ERESUME, FS and GS are restored from 
the SSA frame. The details of these operations can be found in the descriptions of EENTER, ERESUME, EEXIT, and 
AEX flows.

38.5 PAGE-BASED 

ACCESS 

CONTROL

38.5.1 

Access-control for Accesses that Originate from non-SGX Instructions

Intel SGX builds on the processor's paging mechanism to provide page-granular access-control for enclave pages. 
Enclave pages are only accessible from inside the currently executing enclave if they belong to that enclave. In 
addition, enclave accesses must conform to the access control requirements described in Section 38.3. or through 
certain Intel SGX instructions. Attempts to execute, read or write to linear addresses mapped to EPC pages using 
non-enclave access results in undefined behavior.

38.5.2 

Memory Accesses that Split across ELRANGE

Memory data accesses are allowed to split across ELRANGE (i.e., a part of the access is inside ELRANGE and a part 
of the access is outside ELRANGE) while the processor is inside an enclave. If an access splits across ELRANGE, the 
processor splits the access into two sub-accesses (one inside ELRANGE and the other outside ELRANGE), and each 
access is evaluated. A code-fetch access that splits across ELRANGE results in a #GP due to the portion that lies 
outside of the ELRANGE.

38.5.3 

Implicit vs. Explicit Accesses

Memory accesses originating from Intel SGX instruction leaf functions are categorized as either explicit accesses or 
implicit accesses. Table 38-1 lists the implicit and explicit memory accesses made by Intel SGX leaf functions.

38.5.3.1   Explicit Accesses

Accesses to memory locations provided as explicit operands to Intel SGX instruction leaf functions, or their linked 
data structures are called explicit accesses. 

1. EPCM may allow write, read or execute access only for pages with page type PT_REG.