<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta charset="utf-8" />
</head>

<body style="margin: 0;">

<div id="p1461" style="overflow: hidden; position: relative; background-color: white; width: 935px; height: 1210px;">

<!-- Begin shared CSS values -->
<style class="shared-css" type="text/css" >
.t {
	transform-origin: bottom left;
	z-index: 2;
	position: absolute;
	white-space: pre;
	overflow: visible;
	line-height: 1.5;
}
.text-container {
	white-space: pre;
}
@supports (-webkit-touch-callout: none) {
	.text-container {
		white-space: normal;
	}
}
</style>
<!-- End shared CSS values -->


<!-- Begin inline CSS -->
<style type="text/css" >

#t1_1461{left:782px;bottom:68px;letter-spacing:0.1px;word-spacing:-0.1px;}
#t2_1461{left:827px;bottom:68px;letter-spacing:0.12px;}
#t3_1461{left:445px;bottom:1141px;letter-spacing:-0.13px;word-spacing:0.01px;}
#t4_1461{left:712px;bottom:1076px;letter-spacing:0.25px;word-spacing:0.57px;}
#t5_1461{left:89px;bottom:1051px;letter-spacing:0.23px;word-spacing:0.6px;}
#t6_1461{left:70px;bottom:996px;letter-spacing:-0.13px;}
#t7_1461{left:102px;bottom:1003px;}
#t8_1461{left:117px;bottom:996px;letter-spacing:-0.15px;word-spacing:-0.46px;}
#t9_1461{left:246px;bottom:1003px;}
#ta_1461{left:261px;bottom:996px;letter-spacing:-0.14px;word-spacing:-0.47px;}
#tb_1461{left:70px;bottom:979px;letter-spacing:-0.14px;word-spacing:-0.48px;}
#tc_1461{left:445px;bottom:986px;}
#td_1461{left:460px;bottom:979px;letter-spacing:-0.13px;word-spacing:-0.49px;}
#te_1461{left:70px;bottom:962px;letter-spacing:-0.15px;word-spacing:-0.48px;}
#tf_1461{left:70px;bottom:894px;letter-spacing:0.16px;}
#tg_1461{left:151px;bottom:894px;letter-spacing:0.19px;}
#th_1461{left:70px;bottom:871px;letter-spacing:-0.17px;word-spacing:-0.9px;}
#ti_1461{left:70px;bottom:854px;letter-spacing:-0.16px;word-spacing:-0.46px;}
#tj_1461{left:70px;bottom:837px;letter-spacing:-0.15px;word-spacing:-0.48px;}
#tk_1461{left:70px;bottom:814px;letter-spacing:-0.14px;word-spacing:-0.46px;}
#tl_1461{left:70px;bottom:797px;letter-spacing:-0.17px;word-spacing:-0.51px;}
#tm_1461{left:70px;bottom:729px;letter-spacing:0.15px;}
#tn_1461{left:151px;bottom:729px;letter-spacing:0.22px;}
#to_1461{left:70px;bottom:706px;letter-spacing:-0.15px;word-spacing:-0.47px;}
#tp_1461{left:70px;bottom:689px;letter-spacing:-0.15px;word-spacing:-0.46px;}
#tq_1461{left:70px;bottom:630px;letter-spacing:0.14px;}
#tr_1461{left:152px;bottom:630px;letter-spacing:0.13px;word-spacing:-0.03px;}
#ts_1461{left:70px;bottom:608px;letter-spacing:-0.16px;word-spacing:-0.46px;}
#tt_1461{left:70px;bottom:591px;letter-spacing:-0.18px;word-spacing:-0.44px;}
#tu_1461{left:70px;bottom:574px;letter-spacing:-0.16px;word-spacing:-0.96px;}
#tv_1461{left:70px;bottom:558px;letter-spacing:-0.13px;word-spacing:-0.88px;}
#tw_1461{left:70px;bottom:541px;letter-spacing:-0.14px;word-spacing:-0.46px;}
#tx_1461{left:70px;bottom:482px;letter-spacing:0.13px;}
#ty_1461{left:152px;bottom:482px;letter-spacing:0.15px;word-spacing:0.01px;}
#tz_1461{left:70px;bottom:460px;letter-spacing:-0.16px;word-spacing:-1.26px;}
#t10_1461{left:70px;bottom:443px;letter-spacing:-0.15px;word-spacing:-0.44px;}
#t11_1461{left:70px;bottom:426px;letter-spacing:-0.17px;word-spacing:-0.46px;}
#t12_1461{left:70px;bottom:409px;letter-spacing:-0.15px;word-spacing:-0.46px;}
#t13_1461{left:70px;bottom:393px;letter-spacing:-0.18px;word-spacing:-0.44px;}
#t14_1461{left:70px;bottom:376px;letter-spacing:-0.15px;word-spacing:-0.46px;}
#t15_1461{left:70px;bottom:359px;letter-spacing:-0.16px;word-spacing:-0.43px;}
#t16_1461{left:70px;bottom:291px;letter-spacing:0.16px;}
#t17_1461{left:151px;bottom:291px;letter-spacing:0.21px;word-spacing:0.06px;}
#t18_1461{left:70px;bottom:232px;letter-spacing:0.13px;}
#t19_1461{left:152px;bottom:232px;letter-spacing:0.14px;word-spacing:0.01px;}
#t1a_1461{left:70px;bottom:209px;letter-spacing:-0.14px;word-spacing:-1.38px;}
#t1b_1461{left:70px;bottom:192px;letter-spacing:-0.15px;word-spacing:-0.5px;}
#t1c_1461{left:70px;bottom:176px;letter-spacing:-0.15px;word-spacing:-0.46px;}
#t1d_1461{left:70px;bottom:153px;letter-spacing:-0.15px;word-spacing:-0.46px;}
#t1e_1461{left:70px;bottom:126px;}
#t1f_1461{left:96px;bottom:130px;letter-spacing:-0.16px;word-spacing:-0.47px;}

.s1_1461{font-size:12px;font-family:NeoSansIntel_1uk1;color:#000;}
.s2_1461{font-size:14px;font-family:NeoSansIntel_1uk1;color:#0860A8;}
.s3_1461{font-size:24px;font-family:NeoSansIntelMedium_1uk0;color:#0860A8;}
.s4_1461{font-size:14px;font-family:Verdana_3e8;color:#000;}
.s5_1461{font-size:11px;font-family:Verdana_3e8;color:#000;}
.s6_1461{font-size:21px;font-family:NeoSansIntelMedium_1uk0;color:#0860A8;}
.s7_1461{font-size:18px;font-family:NeoSansIntelMedium_1uk0;color:#0860A8;}
.s8_1461{font-size:21px;font-family:TimesNewRoman_3ec;color:#000;}
</style>
<!-- End inline CSS -->

<!-- Begin embedded font definitions -->
<style id="fonts1461" type="text/css" >

@font-face {
	font-family: NeoSansIntelMedium_1uk0;
	src: url("fonts/NeoSansIntelMedium_1uk0.woff") format("woff");
}

@font-face {
	font-family: NeoSansIntel_1uk1;
	src: url("fonts/NeoSansIntel_1uk1.woff") format("woff");
}

@font-face {
	font-family: TimesNewRoman_3ec;
	src: url("fonts/TimesNewRoman_3ec.woff") format("woff");
}

@font-face {
	font-family: Verdana_3e8;
	src: url("fonts/Verdana_3e8.woff") format("woff");
}

</style>
<!-- End embedded font definitions -->

<!-- Begin page background -->
<div id="pg1461Overlay" style="width:100%; height:100%; position:absolute; z-index:1; background-color:rgba(0,0,0,0); -webkit-user-select: none;"></div>
<div id="pg1461" style="-webkit-user-select: none;"><object width="935" height="1210" data="1461/1461.svg" type="image/svg+xml" id="pdf1461" style="width:935px; height:1210px; -moz-transform:scale(1); z-index: 0;"></object></div>
<!-- End page background -->


<!-- Begin text definitions (Positioned/styled in CSS) -->
<div class="text-container"><span id="t1_1461" class="t s1_1461">Vol. 3D </span><span id="t2_1461" class="t s1_1461">39-1 </span>
<span id="t3_1461" class="t s2_1461">INTEL® SGX INTERACTIONS WITH IA32 AND INTEL® 64 ARCHITECTURE </span>
<span id="t4_1461" class="t s3_1461">CHAPTER 39 </span>
<span id="t5_1461" class="t s3_1461">INTEL® SGX INTERACTIONS WITH IA32 AND INTEL® 64 ARCHITECTURE </span>
<span id="t6_1461" class="t s4_1461">Intel </span>
<span id="t7_1461" class="t s5_1461">® </span>
<span id="t8_1461" class="t s4_1461">SGX provides Intel </span>
<span id="t9_1461" class="t s5_1461">® </span>
<span id="ta_1461" class="t s4_1461">Architecture with a collection of enclave instructions for creating protected execution </span>
<span id="tb_1461" class="t s4_1461">environments on processors supporting IA32 and Intel </span>
<span id="tc_1461" class="t s5_1461">® </span>
<span id="td_1461" class="t s4_1461">64 architectures. These Intel SGX instructions are </span>
<span id="te_1461" class="t s4_1461">designed to work with legacy software and the various IA32 and Intel 64 modes of operation. </span>
<span id="tf_1461" class="t s6_1461">39.1 </span><span id="tg_1461" class="t s6_1461">INTEL® SGX AVAILABILITY IN VARIOUS PROCESSOR MODES </span>
<span id="th_1461" class="t s4_1461">The Intel SGX extensions (see Table 34-1) are available only when the processor is executing in protected mode of </span>
<span id="ti_1461" class="t s4_1461">operation. Additionally, the extensions are not available in System Management Mode (SMM) of operation or in </span>
<span id="tj_1461" class="t s4_1461">Virtual 8086 (VM86) mode of operation. Finally, all leaf functions of ENCLU and ENCLS require CR0.PG enabled. </span>
<span id="tk_1461" class="t s4_1461">The exact details of exceptions resulting from illegal modes and their priority are listed in the reference pages of </span>
<span id="tl_1461" class="t s4_1461">ENCLS and ENCLU. </span>
<span id="tm_1461" class="t s6_1461">39.2 </span><span id="tn_1461" class="t s6_1461">IA32_FEATURE_CONTROL </span>
<span id="to_1461" class="t s4_1461">IA32_FEATURE_CONTROL MSR provides two new bits related to two aspects of Intel SGX: using the instruction </span>
<span id="tp_1461" class="t s4_1461">extensions and launch control configuration. </span>
<span id="tq_1461" class="t s7_1461">39.2.1 </span><span id="tr_1461" class="t s7_1461">Availability of Intel SGX </span>
<span id="ts_1461" class="t s4_1461">IA32_FEATURE_CONTROL[bit 18] allows BIOS to control the availability of Intel SGX extensions. For Intel SGX </span>
<span id="tt_1461" class="t s4_1461">extensions to be available on a logical processor, bit 18 in the IA32_FEATURE_CONTROL MSR on that logical </span>
<span id="tu_1461" class="t s4_1461">processor must be set, and IA32_FEATURE_CONTROL MSR on that logical processor must be locked (bit 0 must be </span>
<span id="tv_1461" class="t s4_1461">set). See Section 34.7.1 for additional details. OS is expected to examine the value of bit 18 prior to enabling Intel </span>
<span id="tw_1461" class="t s4_1461">SGX on the thread, as the settings of bit 18 is not reflected by CPUID. </span>
<span id="tx_1461" class="t s7_1461">39.2.2 </span><span id="ty_1461" class="t s7_1461">Intel SGX Launch Control Configuration </span>
<span id="tz_1461" class="t s4_1461">The IA32_SGXLEPUBKEYHASHn MSRs used to configure authorized launch enclaves' MRSIGNER digest value. They </span>
<span id="t10_1461" class="t s4_1461">are present on logical processors that support the collection of SGX1 leaf functions (i.e., CPUID.(EAX=12H, </span>
<span id="t11_1461" class="t s4_1461">ECX=00H):EAX[0] = 1) and that CPUID.(EAX=07H, ECX=00H):ECX[30] = 1. IA32_FEATURE_CONTROL[bit 17] </span>
<span id="t12_1461" class="t s4_1461">allows to BIOS to enable write access to these MSRs. If IA32_FEATURE_CONTROL.LE_WR (bit 17) is set to 1 and </span>
<span id="t13_1461" class="t s4_1461">IA32_FEATURE_CONTROL is locked on that logical processor, IA32_SGXLEPUBKEYHASH MSRs on that logical </span>
<span id="t14_1461" class="t s4_1461">processor are writeable. If this bit 17 is not set or IA32_FEATURE_CONTROL is not locked, IA32_SGXLEPUBKEY- </span>
<span id="t15_1461" class="t s4_1461">HASH MSRs are read only. See Section 36.1.4 for additional details. </span>
<span id="t16_1461" class="t s6_1461">39.3 </span><span id="t17_1461" class="t s6_1461">INTERACTIONS WITH SEGMENTATION </span>
<span id="t18_1461" class="t s7_1461">39.3.1 </span><span id="t19_1461" class="t s7_1461">Scope of Interaction </span>
<span id="t1a_1461" class="t s4_1461">Intel SGX extensions are available only when the processor is executing in a protected mode operation (see Section </span>
<span id="t1b_1461" class="t s4_1461">39.1 for Intel SGX availability in various processor modes). Enclaves abide by all the segmentation policies set up </span>
<span id="t1c_1461" class="t s4_1461">by the OS, but they can be more restrictive than the OS. </span>
<span id="t1d_1461" class="t s4_1461">Intel SGX interacts with segmentation at two levels: </span>
<span id="t1e_1461" class="t s8_1461">• </span><span id="t1f_1461" class="t s4_1461">The Intel SGX instruction (see the enclave instruction in Table 34-1). </span></div>
<!-- End text definitions -->


</div>
</body>
</html>
