1-6 Vol. 3A
ABOUT THIS MANUAL
Chapter 38 — Enclave Access Control and Data Structures. Describes Enclave Access Control procedures and
defines various Intel SGX data structures.
Chapter 39 — Enclave Operation. Describes enclave creation and initialization, adding pages and measuring an
enclave, and enclave entry and exit.
Chapter 40 — Enclave Exiting Events. Describes enclave-exiting events (EEE) and asynchronous enclave exit
(AEX).
Chapter 41 — SGX Instruction References. Describes the supervisor and user level instructions provided by
Intel SGX.
Chapter 42 — Intel
®
SGX Interactions with IA32 and Intel
®
64 Architecture. Describes the Intel SGX
collection of enclave instructions for creating protected execution environments on processors supporting IA32 and
Intel 64 architectures.
Chapter 43 — Enclave Code Debug and Profiling. Describes enclave code debug processes and options.
Appendix A — VMX Capability Reporting Facility. Describes the VMX capability MSRs. Support for specific VMX
features is determined by reading capability MSRs.
Appendix B — Field Encoding in VMCS. Enumerates all fields in the VMCS and their encodings. Fields are
grouped by width (16-bit, 32-bit, etc.) and type (guest-state, host-state, etc.).
Appendix C — VM Basic Exit Reasons. Describes the 32-bit fields that encode reasons for a VM exit. Examples
of exit reasons include, but are not limited to: software interrupts, processor exceptions, software traps, NMIs,
external interrupts, and triple faults.
1.3 NOTATIONAL
CONVENTIONS
This manual uses specific notation for data-structure formats, for symbolic representation of instructions, and for
hexadecimal and binary numbers. A review of this notation makes the manual easier to read.
1.3.1
Bit and Byte Order
In illustrations of data structures in memory, smaller addresses appear toward the bottom of the figure; addresses
increase toward the top. Bit positions are numbered from right to left. The numerical value of a set bit is equal to
two raised to the power of the bit position. Intel 64 and IA-32 processors are “little endian” machines; this means
the bytes of a word are numbered starting from the least significant byte. Figure 1-1 illustrates these conventions.
1.3.2
Reserved Bits and Software Compatibility
In many register and memory layout descriptions, certain bits are marked as reserved. When bits are marked as
reserved, it is essential for compatibility with future processors that software treat these bits as having a future,
though unknown, effect. The behavior of reserved bits should be regarded as not only undefined, but unpredict-
able. Software should follow these guidelines in dealing with reserved bits:
•
Do not depend on the states of any reserved bits when testing the values of registers which contain such bits.
Mask out the reserved bits before testing.
•
Do not depend on the states of any reserved bits when storing to memory or to a register.
•
Do not depend on the ability to retain information written into any reserved bits.
•
When loading a register, always load the reserved bits with the values indicated in the documentation, if any, or
reload them with values previously read from the same register.
NOTE
Avoid any software dependence upon the state of reserved bits in Intel 64 and IA-32 registers.
Depending upon the values of reserved register bits will make software dependent upon the
unspecified manner in which the processor handles these bits. Programs that depend upon
reserved values risk incompatibility with future processors.