Opcode/Instruction | Op/En | 64/32 bit Mode Support | CPUID Feature Flag | Description |
---|---|---|---|---|
EAX = 0BH ENCLS[EWB] | IR | V/V | SGX1 | This leaf function invalidates an EPC page and writes it out to main memory. |
Op/En | EAX | RBX | RCX | RDX | |
IR | EWB (In) | Error code (Out) | Address of an PAGEINFO (In) | Address of the EPC page (In) | Address of a VA slot (In) |
This leaf function copies a page from the EPC to regular main memory. As part of the copying process, the page is cryptographically protected. This instruction can only be executed when current privilege level is 0.
The table below provides additional information on the memory parameter of EPA leaf function.
PAGEINFO | PAGEINFO.SRCPGE | PAGEINFO.PCMD | EPCPAGE | VASLOT |
Non-EPC R/W access | Non-EPC R/W access | Non-EPC R/W access | EPC R/W access | EPC R/W access |
The error codes are:
Error Code (see Table 40-4) | Description |
---|---|
No Error | EWB successful. |
SGX_PAGE_NOT_BLOCKED | If page is not marked as blocked. |
SGX_NOT_TRACKED | If EWB is racing with ETRACK instruction. |
SGX_VA_SLOT_OCCUPIED | Version array slot contained valid entry. |
SGX_CHILD_PRESENT | Child page present while attempting to page out enclave. |
Leaf | Parameter | Base Concurrency Restrictions | ||
---|---|---|---|---|
Access | On Conflict | SGX_CONFLICT VM Exit Qualification | ||
EWB | Source [DS:RCX] | Exclusive | #GP | EPC_PAGE_CONFLICT_EXCEPTION |
VA [DS:RDX] | Shared | #GP |
Leaf | Parameter | Additional Concurrency Restrictions | |||||
---|---|---|---|---|---|---|---|
vs. EACCEPT, EACCEPTCOPY, EMODPE, EMODPR, EMODT | vs. EADD, EEXTEND, EINIT | vs. ETRACK, ETRACKC | |||||
Access | On Conflict | Access | On Conflict | Access | On Conflict | ||
EWB | Source [DS:RCX] | Concurrent | Concurrent | Concurrent | |||
VA [DS:RDX] | Concurrent | Concurrent | Exclusive |
Name | Type | Size (Bytes) | Description |
---|---|---|---|
TMP_SRCPGE | Memory page | 4096 | |
TMP_PCMD | PCMD | 128 | |
TMP_SECS | SECS | 4096 | |
TMP_BPEPOCH | UINT64 | 8 | |
TMP_BPREFCOUNT | UINT64 | 8 | |
TMP_HEADER | MAC Header | 128 | |
TMP_PCMD_ENCLAVEID | UINT64 | 8 | |
TMP_VER | UINT64 | 8 | |
TMP_PK | UINT128 | 16 |
IF ( (DS:RBX is not 32Byte Aligned) or (DS:RCX is not 4KByte Aligned) )
THEN #GP(0); FI;
IF (DS:RCX does not resolve within an EPC)
THEN #PF(DS:RCX); FI;
IF (DS:RDX is not 8Byte Aligned)
THEN #GP(0); FI;
IF (DS:RDX does not resolve within an EPC)
THEN #PF(DS:RDX); FI;
(* EPCPAGE and VASLOT should not resolve to the same EPC page*)
IF (DS:RCX and DS:RDX resolve to the same EPC page)
THEN #GP(0); FI;
TMP_SRCPGE ← DS:RBX.SRCPGE;
(* Note PAGEINFO.PCMD is overlaid on top of PAGEINFO.SECINFO *)
TMP_PCMD ← DS:RBX.PCMD;
If (DS:RBX.LINADDR ≠ 0) OR (DS:RBX.SECS ≠ 0)
THEN #GP(0); FI;
IF ( (DS:TMP_PCMD is not 128Byte Aligned) or (DS:TMP_SRCPGE is not 4KByte Aligned) )
THEN #GP(0); FI;
(* Check for concurrent Intel SGX instruction access to the page *)
IF (Other Intel SGX instruction is accessing page)
THEN
IF (<<VMX non-root operation>> AND <<ENABLE_EPC_VIRTUALIZATION_EXTENSIONS>>)
THEN
VMCS.Exit_reason ← SGX_CONFLICT;
VMCS.Exit_qualification.code ← EPC_PAGE_CONFLICT_EXCEPTION;
VMCS.Exit_qualification.error ← 0;
VMCS.Guest-physical_address←<< translation of DS:RCX produced by paging >>;
VMCS.Guest-linear_address ← DS:RCX;
Deliver VMEXIT;
ELSE
#GP(0);
FI;
FI;
(*Check if the VA Page is being removed or changed*)
IF (VA Page is being modified)
THEN #GP(0); FI;
(* Verify that EPCPAGE and VASLOT page are valid EPC pages and DS:RDX is VA *)
IF (EPCM(DS:RCX).VALID = 0)
THEN #PF(DS:RCX); FI;
IF ( (EPCM(DS:RDX & ~0FFFH).VALID = 0) or (EPCM(DS:RDX & ~FFFH).PT is not PT_VA) )
THEN #PF(DS:RDX); FI;
(* Perform page-type-specific exception checks *)
IF ( (EPCM(DS:RCX).PT is PT_REG) or (EPCM(DS:RCX).PT is PT_TCS) or (EPCM(DS:RCX).PT is PT_TRIM ) )
THEN
TMP_SECS = Obtain SECS through EPCM(DS:RCX)
(* Check that EBLOCK has occurred correctly *)
IF (EBLOCK is not correct)
THEN #GP(0); FI;
FI;
RFLAGS.ZF,CF,PF,AF,OF,SF ← 0;
RAX←0;
(* Perform page-type-specific checks *)
IF ( (EPCM(DS:RCX).PT is PT_REG) or (EPCM(DS:RCX).PT is PT_TCS) or (EPCM(DS:RCX).PT is PT_TRIM ))
THEN
(* check to see if the page is evictable *)
IF (EPCM(DS:RCX).BLOCKED = 0)
THEN
RAX←SGX_PAGE NOT_BLOCKED;
RFLAGS.ZF ← 1;
GOTO ERROR_EXIT;
FI;
(* Check if tracking done correctly *)
IF (Tracking not correct)
THEN
RAX ← SGX_NOT_TRACKED;
RFLAGS.ZF ← 1;
GOTO ERROR_EXIT;
FI;
(* Obtain EID to establish cryptographic binding between the paged-out page and the enclave *)
TMP_HEADER.EID ← TMP_SECS.EID;
(* Obtain EID as an enclave handle for software *)
TMP_PCMD_ENCLAVEID ← TMP_SECS.EID;
ELSE IF (EPCM(DS:RCX).PT is PT_SECS)
(*check that there are no child pages inside the enclave *)
IF (DS:RCX has an EPC page associated with it)
THEN
RAX ← SGX_CHILD_PRESENT;
RFLAGS.ZF ← 1;
GOTO ERROR_EXIT;
FI:
(* treat SECS as having a child page when VIRTCHILDCNT is non-zero *)
IF (<<in VMX non-root operation>> AND
<<ENABLE_EPC_VIRTUALIZATION_EXTENSIONS>> AND
(SECS(DS:RCX).VIRTCHILDCNT ≠ 0))
THEN
RFLAGS.ZF ← 1;
RAX ← SGX_CHILD_PRESENT;
GOTO ERROR_EXIT;
FI;
TMP_HEADER.EID ← 0;
(* Obtain EID as an enclave handle for software *)
TMP_PCMD_ENCLAVEID ← (DS:RCX).EID;
ELSE IF (EPCM(DS:RCX).PT is PT_VA)
TMP_HEADER.EID←0; // Zero is not a special value
(* No enclave handle for VA pages*)
TMP_PCMD_ENCLAVEID ← 0;
FI;
(* Zero out TMP_HEADER*)
TMP_HEADER[ sizeof(TMP_HEADER)-1 : 0]←0;
TMP_HEADER.LINADDR ← EPCM(DS:RCX).ENCLAVEADDRESS;
TMP_HEADER.SECINFO.FLAGS.PT ← EPCM(DS:RCX).PT;
TMP_HEADER.SECINFO.FLAGS.RWX ← EPCM(DS:RCX).RWX;
TMP_HEADER.SECINFO.FLAGS.PENDING ← EPCM(DS:RCX).PENDING;
TMP_HEADER.SECINFO.FLAGS.MODIFIED ← EPCM(DS:RCX).MODIFIED;
TMP_HEADER.SECINFO.FLAGS.PR ← EPCM(DS:RCX).PR;
(* Encrypt the page, DS:RCX could be encrypted in place. AES-GCM produces 2 values, {ciphertext, MAC}. *)
(* AES-GCM input parameters: key, GCM Counter, MAC_HDR, MAC_HDR_SIZE, SRC, SRC_SIZE)*)
{DS:TMP_SRCPGE, DS:TMP_PCMD.MAC}←AES_GCM_ENC(CR_BASE_PK), (TMP_VER << 32),
TMP_HEADER, 128, DS:RCX, 4096);
(* Write the output *)
Zero out DS:TMP_PCMD.SECINFO
DS:TMP_PCMD.SECINFO.FLAGS.PT ← EPCM(DS:RCX).PT;
DS:TMP_PCMD.SECINFO.FLAGS.RWX ← EPCM(DS:RCX).RWX;
DS:TMP_PCMD.SECINFO.FLAGS.PENDING ← EPCM(DS:RCX).PENDING;
DS:TMP_PCMD.SECINFO.FLAGS.MODIFIED ← EPCM(DS:RCX).MODIFIED;
DS:TMP_PCMD.SECINFO.FLAGS.PR ← EPCM(DS:RCX).PR;
DS:TMP_PCMD.RESERVED ← 0;
DS:TMP_PCMD.ENCLAVEID ← TMP_PCMD_ENCLAVEID;
DS:RBX.LINADDR ← EPCM(DS:RCX).ENCLAVEADDRESS;
(*Check if version array slot was empty *)
IF ([DS.RDX])
THEN
RAX ← SGX_VA_SLOT_OCCUPIED
RFLAGS.CF ← 1;
FI;
(* Write version to Version Array slot *)
[DS.RDX] ← TMP_VER;
(* Free up EPCM Entry *)
EPCM.(DS:RCX).VALID ← 0;
ERROR_EXIT:
ZF is set if page is not blocked, not tracked, or a child is present. Otherwise cleared.
CF is set if VA slot is previously occupied, Otherwise cleared.
#GP(0) | If a memory operand effective address is outside the DS segment limit. |
If a memory operand is not properly aligned. | |
If the EPC page and VASLOT resolve to the same EPC page. | |
If another Intel SGX instruction is concurrently accessing either the target EPC, VA, or SECS pages. | |
If the tracking resource is in use. | |
If the EPC page or the version array page is invalid. | |
If the parameters fail consistency checks. | |
#PF(error | code) If a page fault occurs in accessing memory operands. |
If a memory operand is not an EPC page. | |
If one of the EPC memory operands has incorrect page type. |
#GP(0) | If a memory operand is non-canonical form. |
If a memory operand is not properly aligned. | |
If the EPC page and VASLOT resolve to the same EPC page. | |
If another Intel SGX instruction is concurrently accessing either the target EPC, VA, or SECS pages. | |
If the tracking resource is in use. | |
If the EPC page or the version array page in invalid. | |
If the parameters fail consistency checks. | |
#PF(error | code) If a page fault occurs in accessing memory operands. |
If a memory operand is not an EPC page. | |
If one of the EPC memory operands has incorrect page type. |