41-34 Vol. 3D
SGX INSTRUCTION REFERENCES
EINIT—Initialize an Enclave for Execution
Instruction Operand Encoding
Description
This leaf function is the final instruction executed in the enclave build process. After EINIT, the MRENCLAVE
measurement is complete, and the enclave is ready to start user code execution using the EENTER instruction.
EINIT takes the effective address of a SIGSTRUCT and EINITTOKEN. The SIGSTRUCT describes the enclave
including MRENCLAVE, ATTRIBUTES, ISVSVN, a 3072 bit RSA key, and a signature using the included key.
SIGSTRUCT must be populated with two values, q1 and q2. These are calculated using the formulas shown below:
q1 = floor(Signature
2
/ Modulus);
q2 = floor((Signature
3
- q1 * Signature * Modulus) / Modulus);
The EINITTOKEN contains the MRENCLAVE, MRSIGNER, and ATTRIBUTES. These values must match the corre-
sponding values in the SECS. If the EINITTOKEN was created with a debug launch key, the enclave must be in
debug mode as well.
Opcode/
Instruction
Op/En
64/32
bit Mode
Support
CPUID
Feature
Flag
Description
EAX = 02H
IR
V/V
SGX1
This leaf function initializes the enclave and makes it ready to
execute enclave code.
ENCLS[EINIT]
Op/En
EAX
RBX
RCX
RDX
IR
EINIT (In)
Error code (Out)
Address of SIGSTRUCT (In)
Address of SECS (In)
Address of EINITTOKEN (In)
Figure 41-1. Relationships Between SECS, SIGSTRUCT and EINITTOKEN
MRSIGNER
ATTRIBUTES
MRENCLAVE
Hashed
Check
If VALID=1, Check
Signature
ATTRIBUTES
PubKey
ATTRIBUTEMASK
MRENCLAVE
SIGSTRUCT
Verify
DS:RBX
EINIT
SECS
ENCLAVE
EPC
ATTRIBUTES
MRENCLAVE
MRSIGNER
If VALID=1,
Check
Copy
DS:RCX
Check
DS:RDX
EINITTOKEN