39-10 Vol. 3D

ENCLAVE OPERATION

•

If no empty VA page slots exist, create a new VA page using the EPA leaf function.

b. Remove linear-address to physical-address mapping from the enclave contexts’s mapping tables (page 

table and EPT tables). 

c. Execute the EBLOCK leaf function for the target page. This sets the target page state to BLOCKED. At this 

point no new mappings of the page will be created. So any access which does not have the mapping cached 
in the TLB will generate a #PF.

2. For each enclave containing pages selected in step 1:

— Execute an ETRACK leaf function pointing to that enclave’s SECS. This initiates the tracking process that 

ensures that all caching of linear-address to physical-address translations for the blocked pages is cleared.

3. For all logical processors executing in processes (OS) or guests (VMM) that contain the enclaves selected in 

step 1:
— Issue an IPI (inter-processor interrupt) to those threads. This causes those logical processors to asynchro-

nously exit any enclaves they might be in, and as a result flush cached linear-address to physical-address 
translations that might hold stale translations to blocked pages. There is no need for additional measures 
such as performing a “TLB shootdown”.

4. After enclaves exit, allow logical processors can resume normal operation, including enclave re-entry as the 

tracking logic keeps track of the activity. 

5. For each page to be evicted:

— Evict the page using the EWB leaf function with parameters include the effective-address pointer to the EPC 

page, the VA slot, a 4K byte buffer to hold the encrypted page contents, and a 128 byte buffer to hold page 
metadata. The last three elements are tied together cryptographically and must be used to later reload the 
page.

At this point, system software has the only copy of each page data encrypted with its page metadata in main 
memory. 

39.5.4 

Loading an Enclave Page

To reload a previously evicted page, system software needs four elements: the VA slot used when the page was 
evicted, a buffer containing the encrypted page contents, a buffer containing the page metadata, and the parent 
SECS to associate this page with. If the VA page or the parent SECS are not already in the EPC, they must be 
reloaded first.
1. Execute ELDB/ELDU (depending on the desired BLOCKED state for the page), passing as parameters: the EPC 

page linear address, the VA slot, the encrypted page, and the page metadata. 

2. Create a mapping in the enclave context’s mapping tables (page tables and EPT tables) to allow the application 

to access that page (OS: system page table; VMM: EPT).

The ELDB/ELDU instruction marks the VA slot empty so that the page cannot be replayed at a later date.

39.5.5 

Eviction of an SECS Page

The eviction of an SECS page is similar to the eviction of an enclave page. The only difference is that an SECS page 
cannot be evicted until all other pages belonging to the enclave have been evicted. Since all other pages have been 
evicted, there will be no threads executing inside the enclave and tracking with ETRACK isn’t necessary. When 
reloading an enclave, the SECS page must be reloaded before all other constituent pages.
1. Ensure all pages are evicted from enclave. 
2. Select an empty slot in a Version Array page. 

— If no VA page exists with an empty slot, create a new one using the EPA function leaf. 

3. Evict the page using the EWB leaf function with parameters include the effective-address pointer to the EPC 

page, the VA slot, a 4K byte buffer to hold the encrypted page contents and a 128 byte buffer to hold page 
metadata. The last three elements are tied together cryptographically and must be used to later reload the 
page.