Vol. 3D 42-3

INTEL® SGX INTERACTIONS WITH IA32 AND INTEL® 64 ARCHITECTURE

segmentation, enclaves abide by all the paging policies set up by the OS, but they can be more restrictive than the 
OS.
All the memory operands passed into Intel SGX instructions are interpreted as offsets within the DS segment, and 
the linear addresses generated by combining these offsets with DS segment register are subject to paging-based 
access control if paging is enabled at the time of the execution of the leaf function.
Since the ENCLU[EENTER] and ENCLU[ERESUME] can only be executed when paging is enabled, and since paging 
cannot be disabled by software running inside an enclave (recall that enclaves always run with CPL = 3), enclave 
execution is always subject to paging-based access control. The Intel SGX access control itself is implemented as 
an extension to the existing paging modes. See Section 38.5 for details.
Execution of Intel SGX instructions may set accessed and dirty flags on accesses to EPC pages that do not fault 
even if the instruction later causes a fault for some other reason. 

42.5 INTERACTIONS 

WITH 

VMX

Intel SGX functionality (including SGX1 and SGX2) can be made available to software running in either VMX root 
operation or VMX non-root operation, as long as the processor is using a legal mode of operation (see Section 
42.1). 
A VMM has the flexibility to configure a VMCS to permit a guest to use any subset of the ENCLS leaf functions. Avail-
ability of the ENCLU leaf functions in VMX non-root operation has the same requirement as ENCLU leaf functions 
outside of a virtualized environment.
Details of the VMCS control to allow VMM to configure support of Intel SGX in VMX non-root operation is described 
in Section 42.5.1

42.5.1 

VMM Controls to Configure Guest Support of Intel® SGX

Intel SGX capabilities are primarily exposed to the software via the CPUID instruction. VMMs can virtualize CPUID 
instruction to expose/hide this capability to/from guests.
Some of Intel SGX resources are exposed/controlled via model-specific registers (see Section 37.7). VMMs can 
virtualize these MSRs for the guests using the MSR bitmaps referenced by pointers in the VMCS.
The VMM can partition the Enclave Page Cache, and assign various partitions to (a subset of) its guests via the 
usual memory-virtualization techniques such as paging or the extended page table mechanism (EPT).
The VMM can set the “enable ENCLS exiting” VM-execution controls to cause a VM exit when the ENCLS instruction 
is executed in VMX non-root operation. If the “enable ENCLS exiting” control is 0, all of the ENCLS leaf functions are 
permitted in VMX non-root operation. If the “enable ENCLS exiting” control is 1, execution of ENCLS leaf functions 
in VMX non-root operation is governed by consulting the bits in a new 64-bit VM-execution control field called the 
ENCLS-exiting bitmap (Each bit in the bitmap corresponds to an ENCLS leaf function with an EAX value that is iden-
tical to the bit’s position). When bits in the “ENCLS-exiting bitmap” are set, attempts to execute the corresponding 
ENCLS leaf functions in VMX non-root operation causes VM exits. The checking for these VM exits occurs immedi-
ately after checking that CPL = 0.

42.5.2 

Interactions with the Extended Page Table Mechanism (EPT)

Intel SGX instructions are fully compatible with the extended page-table mechanism (EPT; see Section 28.2).
All the memory operands passed into Intel SGX instructions are interpreted as offsets within the DS segment, and 
the linear addresses generated by combining these offsets with DS segment register are subject to paging and EPT. 
As with paging, enclaves abide by all the policies set up by the VMM.
The Intel SGX access control itself is implemented as an extension to paging and EPT, and may be more restrictive. 
See Section 42.4 for details of this extension.
An execution of an Intel SGX instruction may set accessed and dirty flags for EPT (when enabled; see Section 
28.2.4) on accesses to EPC pages that do not fault or cause VM exits even if the instruction later causes a fault or 
VM exit for some other reason.