background image

42-12 Vol. 3D

INTEL® SGX INTERACTIONS WITH IA32 AND INTEL® 64 ARCHITECTURE

4. If an RTM transaction is executing inside an enclave and there is a data access to an address within the enclave 
that denied due to EPCM content (e.g., to a page belonging to a different enclave), the transaction is aborted and 
control is transferred to the fallback handler. No #GP is delivered.
5. If an RTM transaction executing inside an enclave aborts and the address of the fallback handler is outside the 
enclave, a #GP is delivered after the abort (EIP reported is that of the fallback handler).

42.13.1  HLE and RTM Debug

RTM debug will be suppressed on opt-out enclave entry. After opt-out entry, the logical processor will behave as if 
IA32_DEBUG_CTL[15]=0. Any #DB detected inside an RTM transaction region will just cause an abort with no 
exception delivered. 
After opt-in entry, if either DR7[11] = 0 OR IA32_DEBUGCTL[15] = 0, any #DB or #BP detected inside an RTM 
transaction region will just cause an abort with no exception delivered. 
After opt-in entry, if DR7[11] = 1 AND IA32_DEBUGCTL[15] = 1, any #DB or #BP detected inside an RTM transla-
tion will 

terminate speculative execution, 

set RIP to the address of the XBEGIN instruction, and 

be delivered as #DB (implying an Intel SGX AEX; any #BP is converted to #DB). 

DR6[16] will be cleared, indicating RTM debug (if the #DB causes a VM exit, DR6 is not modified but bit 16 of 
the pending debug exceptions field in the VMCS will be set).

42.14  INTEL® SGX INTERACTIONS WITH S STATES

Whenever an Intel SGX enabled processor enters S3-S5 state, enclaves are destroyed. This is due to the EPC being 
destroyed when power down occurs. It is the application runtime’s responsibility to re-instantiate an enclave after 
a power transition for which the enclaves were destroyed.

42.15  INTEL® SGX INTERACTIONS WITH MACHINE CHECK ARCHITECTURE (MCA)

42.15.1  Interactions with MCA Events

All architecturally visible machine check events (#MC and CMCI) that are detected while inside an enclave cause an 
asynchronous enclave exit.
Any machine check exception (#MC) that occurs after Intel SGX is first enables causes Intel SGX to be disabled, 
(CPUID.SGX_Leaf.0:EAX[SGX1] == 0). It cannot be enabled until after the next reset.

42.15.2  Machine Check Enables (IA32_MCi_CTL)

All supported IA32_MCi_CTL bits for all the machine check banks must be set for Intel SGX to be available 
(CPUID.SGX_Leaf.0:EAX[SGX1] == 1). Any act of clearing bits from '1 to '0 in any of the IA32_MCi_CTL register 
may disable Intel SGX (set CPUID.SGX_Leaf.0:EAX[SGX1] to 0) until the next reset.

42.15.3 CR4.MCE

CR4.MCE can be set or cleared with no interactions with Intel SGX.