-
Notifications
You must be signed in to change notification settings - Fork 98
ENCLV
SGX INSTRUCTION REFERENCES ENCLV — Execute an Enclave VMM Function of Specified Leaf Number
| Opcode/ Instruction | Op/En | 64/32 bit Mode Support | CPUID Feature Flag | Description |
| NP 0F 01 C0 ENCLV | NP | V/V | NA | This instruction is used to execute privileged SGX leaf functions that are reserved for VMM use. They are used for managing the enclaves. |
| Op/En | Operand 1 | Operand 2 | Operand 3 | Implicit Register Operands |
| NP | NA | NA | NA | See Section 40.3 |
The ENCLV instruction invokes the virtualization SGX leaf functions for managing enclaves in a virtualized environ- ment. Software specifies the leaf function by setting the appropriate value in the register EAX as input. The registers RBX, RCX, and RDX have leaf-specific purpose, and may act as input, as output, or may be unused. In non 64-bit mode, the instruction ignores upper 32 bits of the RAX register.
The ENCLV instruction produces an invalid-opcode exception (#UD) if CR0.PE = 0 or RFLAGS.VM = 1, if it is executed in system-management mode (SMM), or not in VMX operation. Additionally, any attempt to execute the instruction when CPL > 0 results in #UD. The instruction produces a general-protection exception (#GP) if CR0.PG = 0 or if an attempt is made to invoke an undefined leaf function.
Software in VMX root mode of operation can enable execution of the ENCLV instruction in VMX non-root mode by setting enable ENCLV execution control in the VMCS. If enable ENCLV execution control in the VMCS is clear, execu- tion of the ENCLV instruction in VMX non-root mode results in #UD.
When execution of ENCLV instruction in VMX non-root mode is enabled, software in VMX root operation can inter- cept the invocation of various ENCLS leaf functions in VMX non-root operation by setting the corresponding bits in the ENCLV-exiting bitmap.
Addresses and operands are 32 bits in 32-bit mode (IA32_EFER.LMA == 0 || CS.L == 0) and are 64 bits in 64-bit mode (IA32_EFER.LMA == 1 && CS.L == 1). CS.D value has no impact on address calculation.
Segment override prefixes and address-size override prefixes are ignored, as is the REX prefix in 64-bit mode.
IF TSX_ACTIVE
THEN GOTO TSX_ABORT_PROCESSING; FI;
IF CR0.PE = 0 or RFLAGS.VM = 1 or in SMM or CPUID.SGX_LEAF.0:EAX.OSS = 0
THEN #UD; FI;
IF in VMX non-root operation and IA32_EFER.LMA = 1 and CS.L = 1
THEN #UD; FI;
IF (CPL > 0)
THEN #UD; FI;
IF in VMX non-root operation
IF “enable ENCLV exiting“ VM-execution control is 1
THEN
IF EAX < 63 and ENCLV_exiting_bitmap[EAX] = 1 or EAX> 62 and ENCLV_exiting_bitmap[63] = 1
THEN VM exit;
FI;
ELSE
#UD; FI;
40-14 Vol. 3D
SGX INSTRUCTION REFERENCES
FI;
IF IA32_FEATURE_CONTROL.LOCK = 0 or IA32_FEATURE_CONTROL.SGX_ENABLE = 0
THEN #GP(0); FI;
IF (EAX is an invalid leaf number)
THEN #GP(0); FI;
IF CR0.PG = 0
THEN #GP(0); FI;
(* DS must not be an expanded down segment *)
IF not in 64-bit mode and DS.Type is expand-down data
THEN #GP(0); FI;
Jump to leaf specific flowSee individual leaf functions.
#UD If any of the LOCK/OSIZE/REP/VEX prefix is used. If current privilege level is not 0. If CPUID.(EAX=12H,ECX=0):EAX.OSS [bit 5] = 0. If logical processor is in SMM.
#GP(0) If IA32_FEATURE_CONTROL.LOCK = 0. If IA32_FEATURE_CONTROL.SGX_ENABLE = 0. If input value in EAX encodes an unsupported leaf. If data segment expand down. If CR0.PG=0.
#UD ENCLV is not recognized in real mode.
#UD ENCLV is not recognized in virtual-8086 mode.
Same exceptions as in protected mode.
#UD If any of the LOCK/OSIZE/REP/VEX prefix is used. If current privilege level is not 0. If CPUID.(EAX=12H,ECX=0):EAX.OSS [bit 5] = 0. If logical processor is in SMM.
#GP(0) If IA32_FEATURE_CONTROL.LOCK = 0. If IA32_FEATURE_CONTROL.SGX_ENABLE = 0. If input value in EAX encodes an unsupported leaf.
Vol. 3D 40-15 SGX INSTRUCTION REFERENCES
40.3 INTEL® SGX SYSTEM LEAF FUNCTION REFERENCE
Leaf functions available with the ENCLS instruction mnemonic are covered in this section. In general, each instruction leaf requires EAX to specify the leaf function index and/or additional implicit registers specifying leaf-specific input parameters. An instruction operand encoding table provides details of each implicit register usage and asso- ciated input/output semantics.
In many cases, an input parameter specifies an effective address associated with a memory object inside or outside the EPC, the memory addressing semantics of these memory objects are also summarized in a separate table.
40-16 Vol. 3D
Source: Intel® Architecture Software Developer's Manual (May 2018)
Generated: 5-6-2018