background image

Vol. 3D 41-21

SGX INSTRUCTION REFERENCES

ECREATE—Create an SECS page in the Enclave Page Cache 

Instruction Operand Encoding

Description

ENCLS[ECREATE] is the first instruction executed in the enclave build process. ECREATE copies an SECS structure 
outside the EPC into an SECS page inside the EPC. The internal structure of SECS is not accessible to software.
ECREATE will set up fields in the protected SECS and mark the page as valid inside the EPC. ECREATE initializes or 
checks unused fields.
Software sets the following fields in the source structure: SECS:BASEADDR, SECS:SIZE in bytes, and ATTRIBUTES. 
SECS:BASEADDR must be naturally aligned on an SECS.SIZE boundary. SECS.SIZE must be at least 2 pages 
(8192).
The source operand RBX contains an effective address of a PAGEINFO structure. PAGEINFO contains an effective 
address of a source SECS and an effective address of an SECINFO. The SECS field in PAGEINFO is not used.
The RCX register is the effective address of the destination SECS. It is an address of an empty slot in the EPC. The 
SECS structure must be page aligned. SECINFO flags must specify the page as an SECS page. 

ECREATE Memory Parameter Semantics

ECREATE will fault if the SECS target page is in use; already valid; outside the EPC. It will also fault if addresses are 
not aligned; unused PAGEINFO fields are not zero.
If the amount of space needed to store the SSA frame is greater than the amount specified in SECS.SSAFRAME-
SIZE, a #GP(0) results. The amount of space needed for an SSA frame is computed based on 
DS:TMP_SECS.ATTRIBUTES.XFRM size. Details of computing the size can be found Section 42.7.

Concurrency Restrictions

Opcode/

Instruction

Op/En

64/32 

bit Mode 

Support

CPUID 

Feature 

Flag

Description

 EAX = 00H

IR

V/V

SGX1

This leaf function begins an enclave build by creating an SECS 

page in EPC.

ENCLS[ECREATE]

Op/En

EAX

RBX

RCX

IR

ECREATE (In)

Address of a PAGEINFO (In)

Address of the destination SECS page (In)

PAGEINFO

PAGEINFO.SRCPGE

PAGEINFO.SECINFO

EPCPAGE

Read access permitted by 

Non Enclave 

Read access permitted by 

Non Enclave 

Read access permitted by Non 

Enclave 

Write access permitted by 

Enclave

Table 41-12.  Concurrency Restrictions of ECREATE with Other Intel® SGX Operations 1 of 2

Operation

EEXIT

EADD

EBLOCK

ECRE

ATE

EDBGRD/

WR

EENTER/

ERESUME

EEXTEND

EGETKEY

EINIT

ELDB/ELDU

EPA

Param TCS SSA SECS Targ SECS Targ SECS SECS

Targ SECS TCS SSA SECS Targ SECS Param SECS SECS Targ VA

SECS VA

ECREATE

SECS

N

N

N

N

N

N

N

N

N

N

N

N

Table 41-13.  Concurrency Restrictions of ECREATE with Other Intel® SGX Operations 2 of 2

Operation

EREMOVE

EREPORT

ETRACK

EWB

EAUG

EMODPE

EMODPR

EMODT

EACCEPT

EACCEPTCOPY

Param Tar

g

SECS Param SECS SECS

SRC VA SECS Targ SECS Targ SECI

NFO

Targ SECS Targ SECS Targ SECI

NFO

SECS Targ SR

C

SECI

NFO

ECREATE SECS

N

N

N

N

N

N

N

N