background image

42-10 Vol. 3D

INTEL® SGX INTERACTIONS WITH IA32 AND INTEL® 64 ARCHITECTURE

42.9 

INTERACTIONS OF INIT, SIPI, AND WAIT-FOR-SIPI WITH INTEL® SGX

INIT received inside an enclave, while the logical processor is not in VMX operation, causes the logical processor to 
exit the enclave asynchronously. After the AEX, the processor's architectural state is initialized to “Power-on” state 
(Table 9.1 in Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A). If the logical processor 
is BSP, then it proceeds to execute the BIOS initialization code. If the logical processor is an AP, it enters wait-for-
SIPI state. 
INIT received inside an enclave, while the logical processor (LP) is in VMX root operation, follows regular Intel 
Architecture behavior and is blocked.
INIT received inside an enclave, while the logical processor is in VMX non-root operation, causes an AEX. Subse-
quent to the AEX, the INIT causes a VM exit with the Enclave Interruption bit in the exit-reason field in the VMCS. 
A processor cannot be inside an enclave in the wait-for-SIPI state. Consequently, a SIPI received while inside an 
enclave is lost.
Intel SGX does not change the behavior of the processor in the wait-for-SIPI state.
The SGX-related processor states after INIT-SIPI-SIPI is as follows:

EPC Settings: Unchanged

EPCM: Unchanged

CPUID.LEAF_12H.*: Unchanged

ENCLAVE_MODE: 0 (LP exits enclave asynchronously)

MEE state: Unchanged

Software should be aware that following INIT-SIPI-SIPI, the EPC might contain valid pages and should take appro-
priate measures such as initialize the EPC with the EREMOVE leaf function. 

42.10 INTERACTIONS 

WITH 

DMA

DMA is not allowed to access any Processor Reserved Memory.

42.11 INTERACTIONS 

WITH 

TXT

42.11.1  Enclaves Created Prior to Execution of GETSEC

Enclaves which have been created before the GETSEC[SENTER] leaf function are available for execution after the 
successful completion of GETSEC[SENTER] and the corresponding SINIT ACM. Actions that a TXT Launched Envi-
ronment performs in preparation to execute code in the Launched Environment, also applies to enclave code that 
would run after GETSEC[SENTER].

42.11.2  Interaction of GETSEC with Intel® SGX

All leaf functions of the GETSEC instruction are illegal inside an enclave, and results in an invalid-opcode exception 
(#UD).
Responding Logical Processors (RLP) which are executing inside an enclave at the time a GETSEC[SENTER] event 
occurs perform an AEX from the enclave and then enter the Wait-for-SIPI state. 
RLP executing inside an enclave at the time of GETSEC[SEXIT], behave as defined for GETSEC[SEXIT]-that is, the 
RLPs pause during execution of SEXIT and resume after the completion of SEXIT.
The execution of a TXT launch does not affect Intel SGX configuration or security parameters.