39-2 Vol. 3D
ENCLAVE OPERATION
region. ECREATE also allocates an Enclave Page Cache (EPC) page for the SGX Enclave Control Structure
(SECS). Note that this page is not required to be a part of the enclave linear address space and is not required
to be mapped into the process.
3. The enclave creation service uses the EADD leaf function to commit EPC pages to the enclave, and use
EEXTEND to measure the committed memory content of the enclave. For each page to be added to the enclave:
— Use EADD to add the new page to the enclave.
— If the enclave developer requires measurement of the page as a proof for the content, use EEXTEND to add
a measurement for 256 bytes of the page. Repeat this operation until the entire page is measured.
4. The enclave creation service uses the EINIT leaf function to complete the enclave creation process and finalize
the enclave measurement to establish the enclave identity. Until an EINIT is executed, the enclave is not
permitted to execute any enclave code (i.e. entering the enclave by executing EENTER would result in a fault).
39.1.1 ECREATE
The ECREATE leaf function sets up the initial environment for the enclave by reading an SGX Enclave Control Struc-
ture (SECS) that contains the enclave's address range (ELRANGE) as defined by BASEADDR and SIZE, the ATTRI-
BUTES and MISCSELECT bitmaps, and the SSAFRAMESIZE. It then securely stores this information in an Enclave
Page Cache (EPC) page. ELRANGE is part of the application's address space. ECREATE also initializes a crypto-
graphic log of the enclave's build process.
39.1.2
EADD and EEXTEND Interaction
Once the SECS has been created, enclave pages can be added to the enclave via EADD. This involves converting a
free EPC page into either a PT_REG or a PT_TCS page.
When EADD is invoked, the processor will update the EPCM entry with the type of page (PT_REG or PT_TCS), the
linear address used by the enclave to access the page, and the enclave access permissions for the page. It associ-
ates the page to the SECS provided as input. The EPCM entry information is used by hardware to manage access
control to the page. EADD records EPCM information in the cryptographic log stored in the SECS and copies 4
KBytes of data from unprotected memory outside the EPC to the allocated EPC page.
System software is responsible for selecting a free EPC page. System software is also responsible for providing the
type of page to be added, the attributes the page, the contents of the page, and the SECS (enclave) to which the
page is to be added as requested by the application. Incorrect data would lead to a failure of EADD or to an incor-
rect cryptographic log and a failure at EINIT time.
After a page has been added to an enclave, software can measure a 256 byte region as determined by the devel-
oper by invoking EEXTEND. Thus to measure an entire 4KB page, system software must execute EEXTEND 16
times. Each invocation of EEXTEND adds to the cryptographic log information about which region is being measured
and the measurement of the section.
Entries in the cryptographic log define the measurement of the enclave and are critical in gaining assurance that
the enclave was correctly constructed by the untrusted system software.
39.1.3 EINIT
Interaction
Once system software has completed the process of adding and measuring pages, the enclave needs to be initial-
ized by the EINIT leaf function. After an enclave is initialized, EADD and EEXTEND are disabled for that enclave (An
attempt to execute EADD/EEXTEND to enclave after enclave initialization will result in a fault). The initialization
process finalizes the cryptographic log and establishes the enclave identity and sealing identity used by
EGETKEY and EREPORT.
A cryptographic hash of the log is stored as the enclave identity. Correct construction of the enclave results in the
cryptographic hash matching the one built by the enclave owner and included as the ENCLAVEHASH field of
SIGSTRUCT. The enclave identity provided by the EREPORT leaf function can be verified by a remote party.