background image

1-6 Vol. 3A

ABOUT THIS MANUAL

Chapter 38 — Enclave Access Control and Data Structures. Describes Enclave Access Control procedures and 
defines various Intel SGX data structures.
Chapter 39 — Enclave Operation. Describes enclave creation and initialization, adding pages and measuring an 
enclave, and enclave entry and exit.
Chapter 40 — Enclave Exiting Events. Describes enclave-exiting events (EEE) and asynchronous enclave exit 
(AEX).
Chapter 41 — SGX Instruction References. Describes the supervisor and user level instructions provided by 
Intel SGX.
Chapter 42 — Intel

®

 SGX Interactions with IA32 and Intel

®

 64 Architecture. Describes the Intel SGX 

collection of enclave instructions for creating protected execution environments on processors supporting IA32 and 
Intel 64 architectures.
Chapter 43 — Enclave Code Debug and Profiling. Describes enclave code debug processes and options.
Appendix A — VMX Capability Reporting Facility. Describes the VMX capability MSRs. Support for specific VMX 
features is determined by reading capability MSRs.
Appendix B — Field Encoding in VMCS. Enumerates all fields in the VMCS and their encodings. Fields are 
grouped by width (16-bit, 32-bit, etc.) and type (guest-state, host-state, etc.).
Appendix C — VM Basic Exit Reasons. Describes the 32-bit fields that encode reasons for a VM exit. Examples 
of exit reasons include, but are not limited to: software interrupts, processor exceptions, software traps, NMIs, 
external interrupts, and triple faults.

1.3 NOTATIONAL 

CONVENTIONS

This manual uses specific notation for data-structure formats, for symbolic representation of instructions, and for 
hexadecimal and binary numbers. A review of this notation makes the manual easier to read.

1.3.1 

Bit and Byte Order

In illustrations of data structures in memory, smaller addresses appear toward the bottom of the figure; addresses 
increase toward the top. Bit positions are numbered from right to left. The numerical value of a set bit is equal to 
two raised to the power of the bit position. Intel 64 and IA-32 processors are “little endian” machines; this means 
the bytes of a word are numbered starting from the least significant byte. Figure 1-1 illustrates these conventions.

1.3.2 

Reserved Bits and Software Compatibility

In many register and memory layout descriptions, certain bits are marked as reserved. When bits are marked as 
reserved, it is essential for compatibility with future processors that software treat these bits as having a future, 
though unknown, effect. The behavior of reserved bits should be regarded as not only undefined, but unpredict-
able. Software should follow these guidelines in dealing with reserved bits:

Do not depend on the states of any reserved bits when testing the values of registers which contain such bits. 
Mask out the reserved bits before testing.

Do not depend on the states of any reserved bits when storing to memory or to a register.

Do not depend on the ability to retain information written into any reserved bits.

When loading a register, always load the reserved bits with the values indicated in the documentation, if any, or 
reload them with values previously read from the same register.

NOTE

Avoid any software dependence upon the state of reserved bits in Intel 64 and IA-32 registers. 
Depending upon the values of reserved register bits will make software dependent upon the 
unspecified manner in which the processor handles these bits. Programs that depend upon 
reserved values risk incompatibility with future processors.