38-16 Vol. 3D

ENCLAVE ACCESS CONTROL AND DATA STRUCTURES

38.17.1  KEY REQUEST KeyNames

38.17.2  Key Request Policy Structure

38.18  VERSION ARRAY (VA)

In order to securely store the versions of evicted EPC pages, Intel SGX defines a special EPC page type called a 
Version Array (VA). Each VA page contains 512 slots, each of which can contain an 8-byte version number for a 
page evicted from the EPC. When an EPC page is evicted, software chooses an empty slot in a VA page; this slot 
receives the unique version number of the page being evicted. When the EPC page is reloaded, there must be a VA 
slot that must hold the version of the page. If the page is successfully reloaded, the version in the VA slot is cleared.
VA pages can be evicted, just like any other EPC page. When evicting a VA page, a version slot in some other VA 
page must be used to hold the version for the VA being evicted. A Version Array Page must be 4K-Bytes aligned.

38.19  ENCLAVE PAGE CACHE MAP (EPCM)

EPCM is a secure structure used by the processor to track the contents of the EPC. The EPCM holds exactly one 
entry for each page that is currently loaded into the EPC. EPCM is not accessible by software, and the layout of 
EPCM fields is implementation specific.

Table 38-24.  Supported KEYName Values

Key Name

Value

Description

EINITOKEN_KEY

0

EINIT_TOKEN key

PROVISION_KEY

1

Provisioning Key

PROVISION_SEAL_KEY 2

Provisioning Seal Key

REPORT_KEY

3

Report Key

SEAL_KEY

4

Seal Key

All other

Reserved

Table 38-25.  Layout of KEYPOLICY Field

Field

Bit Position

Description

MRENCLAVE

0

If 1, derive key using the enclave's MRENCLAVE measurement register.

MRSIGNER

1

If 1, derive key using the enclave's MRSIGNER measurement register.

RESERVED

15:2

Must be zero.

Table 38-26.  Layout of Version Array Data Structure

Field

OFFSET (Bytes) Size (Bytes)

Description

Slot 0

0

08

Version Slot 0

Slot 1

8

08

Version Slot 1

...
Slot 511

4088

08

Version Slot 511