39-10 Vol. 3D
ENCLAVE OPERATION
•
If no empty VA page slots exist, create a new VA page using the EPA leaf function.
b. Remove linear-address to physical-address mapping from the enclave contexts’s mapping tables (page
table and EPT tables).
c. Execute the EBLOCK leaf function for the target page. This sets the target page state to BLOCKED. At this
point no new mappings of the page will be created. So any access which does not have the mapping cached
in the TLB will generate a #PF.
2. For each enclave containing pages selected in step 1:
— Execute an ETRACK leaf function pointing to that enclave’s SECS. This initiates the tracking process that
ensures that all caching of linear-address to physical-address translations for the blocked pages is cleared.
3. For all logical processors executing in processes (OS) or guests (VMM) that contain the enclaves selected in
step 1:
— Issue an IPI (inter-processor interrupt) to those threads. This causes those logical processors to asynchro-
nously exit any enclaves they might be in, and as a result flush cached linear-address to physical-address
translations that might hold stale translations to blocked pages. There is no need for additional measures
such as performing a “TLB shootdown”.
4. After enclaves exit, allow logical processors can resume normal operation, including enclave re-entry as the
tracking logic keeps track of the activity.
5. For each page to be evicted:
— Evict the page using the EWB leaf function with parameters include the effective-address pointer to the EPC
page, the VA slot, a 4K byte buffer to hold the encrypted page contents, and a 128 byte buffer to hold page
metadata. The last three elements are tied together cryptographically and must be used to later reload the
page.
At this point, system software has the only copy of each page data encrypted with its page metadata in main
memory.
39.5.4
Loading an Enclave Page
To reload a previously evicted page, system software needs four elements: the VA slot used when the page was
evicted, a buffer containing the encrypted page contents, a buffer containing the page metadata, and the parent
SECS to associate this page with. If the VA page or the parent SECS are not already in the EPC, they must be
reloaded first.
1. Execute ELDB/ELDU (depending on the desired BLOCKED state for the page), passing as parameters: the EPC
page linear address, the VA slot, the encrypted page, and the page metadata.
2. Create a mapping in the enclave context’s mapping tables (page tables and EPT tables) to allow the application
to access that page (OS: system page table; VMM: EPT).
The ELDB/ELDU instruction marks the VA slot empty so that the page cannot be replayed at a later date.
39.5.5
Eviction of an SECS Page
The eviction of an SECS page is similar to the eviction of an enclave page. The only difference is that an SECS page
cannot be evicted until all other pages belonging to the enclave have been evicted. Since all other pages have been
evicted, there will be no threads executing inside the enclave and tracking with ETRACK isn’t necessary. When
reloading an enclave, the SECS page must be reloaded before all other constituent pages.
1. Ensure all pages are evicted from enclave.
2. Select an empty slot in a Version Array page.
— If no VA page exists with an empty slot, create a new one using the EPA function leaf.
3. Evict the page using the EWB leaf function with parameters include the effective-address pointer to the EPC
page, the VA slot, a 4K byte buffer to hold the encrypted page contents and a 128 byte buffer to hold page
metadata. The last three elements are tied together cryptographically and must be used to later reload the
page.