background image

Vol. 3D 41-35

SGX INSTRUCTION REFERENCES

EINIT Memory Parameter Semantics

EINIT performs the following steps, which can be seen in Figure 41-1:
Validates that SIGSTRUCT is signed using the enclosed public key.
Checks that the completed computation of SECS.MRENCLAVE equals SIGSTRUCT.HASHENCLAVE.
Checks that no reserved bits are set to 1 in SIGSTRUCT.ATTRIBUTES and no reserved bits in SIGSTRUCT.ATTRI-
BUTESMASK are set to 0. 
Checks that no controlled ATTRIBUTES bits are set in SIGSTRUCT.ATTRIBUTES unless the SHA256 digest of 
SIGSTRUCT.MODULUS equals IA32_SGX_LEPUBKEYHASH. 
Checks that SIGSTRUCT.ATTRIBUTES equals the result of logically and-ing SIGSTRUCT.ATTRIBUTEMASK with 
SECS.ATTRIBUTES. 
If 

EINITTOKEN.VALID is 0, checks that the SHA256 digest of SIGSTRUCT.MODULUS equals 

IA32_SGX_LEPUBKEYHASH. 
If 

EINITTOKEN.VALID is 1, checks the validity of EINITTOKEN. 

If 

EINITTOKEN.VALID is 1, checks that EINITTOKEN.MRENCLAVE equals SECS.MRENCLAVE. 

If 

EINITTOKEN.VALID is 1 and EINITTOKEN.ATTRIBUTES.DEBUG is 1, SECS.ATTRIBUTES.DEBUG must be 1. 

Commits SECS.MRENCLAVE, and sets SECS.MRSIGNER, SECS.ISVSVN, and SECS.ISVPRODID based on 
SIGSTRUCT. 
Update the SECS as Initialized.
Periodically, EINIT polls for certain asynchronous events. If such an event is detected, it completes with failure 
code (ZF=1 and RAX = SGX_UNMASKED_EVENT), and RIP is incremented to point to the next instruction. These 
events includes external interrupts, non-maskable interrupts, system-management interrupts, machine checks, 
INIT signals, and the VMX-preemption timer. EINIT does not fail if the pending event is inhibited (e.g., external 
interrupts could be inhibited due to blocking by MOV SS blocking or by STI). 
The following bits in RFLAGS are cleared: CF, PF, AF, OF, and SF. When the instruction completes with an error, 
RFLAGS.ZF is set to 1, and the corresponding error bit is set in RAX. If no error occurs, RFLAGS.ZF is cleared and 
RAX is set to 0.
The error codes are: 

SIGSTRUCT

SECS

EINITTOKEN

 Access by non-Enclave 

Read/Write access by Enclave 

 Access by non-Enclave 

Table 41-22.  EINIT Return Value in RAX

 Error Code (see Table 41-3)

Description

No Error

EINIT successful

SGX_INVALID_SIG_STRUCT

If SIGSTRUCT contained an invalid value

SGX_INVALID_ATTRIBUTE

If SIGSTRUCT contains an unauthorized attributes mask

SGX_INVALID_MEASUREMENT

If SIGSTRUCT contains an incorrect measurement
If EINITTOKEN contains an incorrect measurement

SGX_INVALID_SIGNATURE

If signature does not validate with enclosed public key

SGX_INVALID_LICENSE

If license is invalid

SGX_INVALID_CPUSVN

If license SVN is unsupported

SGX_UNMASKED_EVENT

If an unmasked event is received before the instruction completes its 
operation