background image

Vol. 3D 42-7

INTEL® SGX INTERACTIONS WITH IA32 AND INTEL® 64 ARCHITECTURE

SIGSTRUCT includes the following fields:
SIGSTRUCT.ATTRIBUTES, SIGSTRUCT.ATTRIBUTEMASK, SIGSTRUCT.MISCSELECT, SIGSTRUCT.MISCMASK.

42.7.2.6   REPORT.ATTRIBUTES.XFRM and REPORT.MISCSELECT

The processor extended states and miscellaneous states that are enabled inside the enclave form an integral part 
of the enclave's identity and are therefore included in the enclave's report, as provided by the ENCLU[EREPORT] 
leaf function. The REPORT structure includes the enclave's XFRM and MISCSELECT configurations.

42.7.2.7   KEYREQUEST

An enclave developer can specify which bits out of XFRM and MISCSELECT ENCLU[EGETKEY] should include in the 
derivation of the sealing key by specifying ATTRIBUTESMASK and MISCMASK in the KEYREQUEST structure.

42.7.3 

Processor Extended States and ENCLS[ECREATE]

The ECREATE leaf function of the ENCLS instruction enforces a number of consistency checks described earlier. The 
execution of ENCLS[ECREATE] leaf function results in a #GP(0) in any of the following cases:

SECS.ATTRIBUTES.XFRM[1:0] is not 3. 

The processor does not support XSAVE and any of the following is true: 
— SECS.ATTRIBUTES.XFRM[63:2] is not 0.
— SECS.SSAFRAMESIZE  is  0.

The processor supports XSAVE and any of the following is true:
— XSETBV would fault on an attempt to load XFRM into XCR0. 
— XFRM[63]=1. 
— The SSAFRAME is too small to hold required, enabled states (see Section 42.7.2.2).

42.7.4 

Processor Extended States and ENCLU[EENTER]

42.7.4.1   Fault Checking

The EENTER leaf function of the ENCLU instruction enforces a number of consistency requirements described 
earlier. The execution of the ENCLU[EENTER] leaf function results in a #GP(0) in any of the following cases:

If CR4.OSFXSR=0. 

If The processor supports XSAVE and either of the following is true:
— CR4.OSXSAVE=0 and SECS.ATTRIBUTES.XFRM is not 3. 
— (SECS.ATTRIBUTES.XFRM & XCR0) != SECS.ATTRIBUTES.XFRM

42.7.4.2   State Loading

If ENCLU[EENTER] is successful, the current value of XCR0 is saved internally by the processor and replaced by 
SECS.ATTRIBUTES.XFRM.