Software Guard Extensions Programming Reference 329298-001US SEPTEMBER 2013 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PAR- TICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or char- acteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no respon- sibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from pub- lished specifications. Current characterized errata are available on request. This document contains information on products in the design phase of development. Intel® 64 architecture requires a system with a 64-bit enabled processor, chipset, BIOS and software. Performance will vary depending on the specific hardware and software you use. Consult your PC manufacturer for more information. For more information, visit http://www.intel.com/in- fo/em64t. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1- 800-548-4725, or go to: http://www.intel.com/design/literature.htm Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. Copyright © 2010-2013 Intel Corporation. All rights reserved. Intel Corporation ii Ref. # 329298-001 CHAPTER 1 INTRODUCTION TO SOFTWARE GUARD EXTENSIONS 1.1 Overview . 1-1 1.2 Enclave Interaction and Protection . 1-1 1.3 Enclave Life Cycle . 1-2 1.4 Data Structures and Enclave Operation . 1-2 1.5 Enclave Page Cache . 1-2 1.5.1 Enclave Page Cache Map (EPCM). .1-3 1.6 Enclave Instructions and SGX. 1-3 1.7 Discovering Support for SGX and enabling Enclave Instructions . 1-4 1.7.1 SGX Opt-In Configuration . .1-4 1.7.2 System Software Enabling of SGX . .1-4 1.7.3 SGX Resource Enumeration Leaves. .1-4 CHAPTER 2 ENCLAVE ACCESS CONTROL AND DATA STRUCTURES 2.1 Overview of Enclave Execution Environment. 2-1 2.2 Terminology. 2-1 2.3 Access-control Requirements . 2-1 2.4 Segment-based Access Control. 2-2 2.5 Page-based Access Control. 2-2 2.5.1 Access-control for Accesses that Originate from non-SGX Instructions . .2-2 2.5.2 Memory Accesses that Split across ELRANGE . .2-2 2.5.3 Implicit vs. Explicit Accesses. .2-2 2.5.3.1 Explicit Accesses . .2-2 2.5.3.2 Implicit Accesses . .2-3 2.6 SGX Data Structures. 2-4 2.6.1 SGX Enclave Control Structure (SECS). .2-4 2.6.1.1 ATTRIBUTES . .2-4 2.6.2 Thread Control Structure (TCS). .2-5 2.6.2.1 TCS.FLAGS . .2-5 2.6.2.2 State Save Area Offset (OSSA). .2-5 2.6.2.3 Number of State Save Areas (NSSA). .2-5 2.6.2.4 Current State Save Area (CSSA) . .2-5 2.6.3 State Save Area (SSA) . .2-6 2.6.3.1 EXITINFO . .2-6 2.6.3.2 VECTOR Field Definition . .2-7 2.6.4 Page Information (PAGEINFO) . .2-7 2.6.5 Security Information (SECINFO). .2-7 2.6.5.1 SECINFO.FLAGS . ..