background image

42-8 Vol. 3D

INTEL® SGX INTERACTIONS WITH IA32 AND INTEL® 64 ARCHITECTURE

42.7.5 

Processor Extended States and AEX

42.7.5.1   State Saving

On an AEX, processor extended states are saved into the XSAVE area of the SSA frame in a compatible format with 
XSAVE that was executed with EDX:EAX = SECS.ATTRIBUTES.XFRM, with the memory operand being the XSAVE 
area, and (for 64-bit enclaves) as if REX.W=1. The XSTATE_BV part of the XSAVE header is saved with 0 for every 
bit that is 0 in XFRM. Other bits may be saved as 0 if the state saved is initialized.
Note that enclave entry ensures that if CR4.OSXSAVE is set to 0, then SECS.ATTRIBUTES.XFRM is set to 3. It 
should also be noted that it is not possible to enter an enclave with FXSAVE disabled. 

42.7.5.2   State Synthesis

After saving the extended state, the processor restores XCR0 to the value it held at the time of the most recent 
enclave entry.
The state of features corresponding to bits set in XFRM is synthesized. In general, these states are initialized. 
Details of state synthesis on AEX are documented in Section 40.3.1.

42.7.6 

Processor Extended States and ENCLU[ERESUME]

42.7.6.1   Fault Checking

The ERESUME leaf function of the ENCLU instruction enforces a number of consistency requirements described 
earlier. Specifically, the ENCLU[ERESUME] leaf function results in a #GP(0) in any of the following cases: 

CR4.OSFXSR=0.

The processor supports XSAVE and either of the following is true:
— CR4.OSXSAVE=0 and SECS.ATTRIBUTES.XFRM is not 3. 
— (SECS.ATTRIBUTES.XFRM & XCR0) != SECS.ATTRIBUTES.XFRM.

A successful execution of ENCLU[ERESUME] loads state from the XSAVE area of the SSA frame in a fashion similar 
to that used by the XRSTOR instruction. Data in the XSAVE area that would cause the XRSTOR instruction to fault 
will cause the ENCLU[ERESUME] leaf function to fault. Examples include, but are not restricted to the following:

A bit is set in the XSTATE_BV field and clear in XFRM. 

The required bytes in the header are not clear. 

Loading data would set a reserved bit in MXCSR.

Any of these conditions will cause ERESUME to fault, even if CR4.OSXSAVE=0. 

42.7.6.2   State Loading

If ENCLU[ERESUME] is successful, the current value of XCR0 is saved internally by the processor and replaced by 
SECS.ATTRIBUTES.XFRM.
State is loaded from the XSAVE area of the SSA frame as if the XRSTOR instruction were executed with 
XCR0=XFRM, EDX:EAX = XFRM, with the memory operand being the XSAVE area, and (for 64-bit enclaves) as if 
REX.W=1. 
ENCLU[ERESUME] ensures that a subsequent execution of XSAVEOPT inside the enclave will operate properly (e.g., 
by marking all state as modified).

42.7.7 

Processor Extended States and ENCLU[EEXIT]

The ENCLU[EEXIT] leaf function does not perform any X-feature specific consistency checks, nor performs any 
state synthesis. It is the responsibility of enclave software to clear any sensitive data from the registers before