41-4 Vol. 3D

SGX INSTRUCTION REFERENCES

— ECREATE, EADD, and EREMOVE are not allowed to operate on the same EPC page concurrently with 

themselves. 

— EADD, EEXTEND, and EINIT leafs are not allowed to operate on the same SECS concurrently.

•

Intel SGX disallows the EREMOVE leaf from removing pages from an enclave that is in use.

•

Intel SGX disallows entry (EENTER and ERESUME) to an enclave while a page from that enclave is being 
removed. 

When disallowed operation is detected, a leaf function causes an exception. To prevent such exceptions, software 
must serialize leaf functions or prevent these leaf functions from accessing the same resource. 

41.1.5.1   Concurrency Tables of Intel® SGX Instructions

Concurrent restriction of an individual leaf function (ENCLS or ENCLU) with another Intel SGX instruction leaf func-
tions is listed under the Concurrency Restriction paragraph of the respective reference pages of the leaf func-
tion. 
Each cell in the table for a given Intel SGX Instruction leaf details the concurrency restriction when that instruction 
references the same EPC page (as an explicit or an implicit parameter) as referenced by a concurrent instruction 
leaf executed on another logical processor. The concurrency behavior of the instruction leaf if focus shown in a 
given row is denoted by the following:

•

‘N’: The instructions listed in a given row heading may not execute concurrently with the instruction leaf shown 
in the respective column. Software should serialize them. For example, multiple ETRACK operations on the 
same enclave are not allowed to execute concurrently on the same SECS page.

•

‘Y’: The instruction leaf listed in a given row may execute concurrently with the instruction leaf shown in the 
respective column. For instance, multiple ELDB/ELDUs are allowed to execute concurrently as long as the 
selected EPC page is not the same page.

•

‘C’: The instruction leaf listed in a given row heading may return an error code when executed concurrently with 
the instruction leaf shown in the respective column.

•

‘U’: These two instruction leaves may complete, but the occurrence these two simultaneous flows are 
considered a user program error for which the processor does not enforce any restriction.

•

A grey cell indicates the concurrency behavior of the instruction in focus (in the row header) may be different 
than that of the concurrent instruction (in the column header). The concurrent instruction's behavior is detailed 
in its respective concurrency table. For example, EBLOCK's SECS parameter is implicit, thus it is always shown 
as 'Y' in the table. However a concurrent instruction may return an error code when accessing the same page

.

For instance, multiple ELDB/ELDUs are allowed to execute as long as the selected EPC page is not the same page. 
Multiple ETRACK operations are not allowed to execute concurrently.

41.2 

INTEL® SGX INSTRUCTION REFERENCE