drginfo/ia32-64
1
0
Fork 0
forked from NRZCode/ia32-64
Code Pull requests Activity
ia32-64/x86/einit.html
NRZ Code 92622c37d6 Initial commit
2025-07-08 02:23:29 -03:00

695 lines
51 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:svg="http://www.w3.org/2000/svg" xmlns:x86="http://www.felixcloutier.com/x86"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="style.css"></link><title>EINIT
— Initialize an Enclave for Execution</title></head><body><header><nav><ul><li><a href='index.html'>Index</a></li><li>December 2023</li></ul></nav></header><h1>EINIT
— Initialize an Enclave for Execution</h1>
<table>
<tr>
<th>Opcode/Instruction</th>
<th>Op/En</th>
<th>64/32 bit Mode Support</th>
<th>CPUID Feature Flag</th>
<th>Description</th></tr>
<tr>
<td>EAX = 02H ENCLS[EINIT]</td>
<td>IR</td>
<td>V/V</td>
<td>SGX1</td>
<td>This leaf function initializes the enclave and makes it ready to execute enclave code.</td></tr></table>
<h2 id="instruction-operand-encoding">Instruction Operand Encoding<a class="anchor" href="#instruction-operand-encoding">
</a></h2>
<table>
<tr>
<td>Op/En</td>
<td colspan="2">EAX</td>
<td>RBX</td>
<td>RCX</td>
<td>RDX</td></tr>
<tr>
<td>IR</td>
<td>EINIT (In)</td>
<td>Error code (Out)</td>
<td>Address of SIGSTRUCT (In)</td>
<td>Address of SECS (In)</td>
<td>Address of EINITTOKEN (In)</td></tr></table>
<h3 id="description">Description<a class="anchor" href="#description">
</a></h3>
<p>This leaf function is the final instruction executed in the enclave build process. After EINIT, the MRENCLAVE measurement is complete, and the enclave is ready to start user code execution using the EENTER instruction.</p>
<p>EINIT takes the effective address of a SIGSTRUCT and EINITTOKEN. The SIGSTRUCT describes the enclave including MRENCLAVE, ATTRIBUTES, ISVSVN, a 3072 bit RSA key, and a signature using the included key. SIGSTRUCT must be populated with two values, q1 and q2. These are calculated using the formulas shown below:</p>
<p>q1 = floor(Signature<sup>2</sup> / Modulus);</p>
<p>q2 = floor((Signature<sup>3</sup> - q1 * Signature * Modulus) / Modulus);</p>
<p>The EINITTOKEN contains the MRENCLAVE, MRSIGNER, and ATTRIBUTES. These values must match the corresponding values in the SECS. If the EINITTOKEN was created with a debug launch key, the enclave must be in debug mode as well.</p>
<figure id="fig-38-1">
<svg style="width: 614.0160000000001pt; height: 344.232012pt" viewBox="43.64 0.0 516.6800000000001 291.86001">
<g xmlns="http://www.w3.org/2000/svg" style="fill: none; stroke: none">
<rect height="285.90000000000003" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="46.14" y="0.48000999999999294"></rect>
<rect height="285.90000000000003" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="557.34" y="0.48000999999999294"></rect>
<rect height="0.48001000000000005" style="fill: rgb(0%, 0%, 0%)" width="511.68" x="46.14" y="0.0"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="511.68" x="46.14" y="286.38003000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="74.34" x="263.88" y="93.78001"></rect>
<rect height="79.74" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="337.20000000000005" y="94.26001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="74.28" x="263.40000000000003" y="172.98001"></rect>
<rect height="79.68" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="263.40000000000003" y="93.78001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="264.6" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="265.08" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="275.34000000000003" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="275.82" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="289.74" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.74" x="290.22" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="304.2" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="304.68" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="318.66" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="319.14" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="333.12" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="333.6" y="130.32001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="264.0" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="264.48" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="274.74" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="275.22" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="289.14" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.74" x="289.62" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="303.6" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="304.08" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="318.06" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="318.54" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="332.52" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="333.0" y="117.42001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="264.6" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="265.08" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="275.34000000000003" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="275.82" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="289.74" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.74" x="290.22" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="304.2" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="304.68" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="318.66" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="319.14" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="333.12" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="333.6" y="101.10001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="264.6" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="265.08" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="275.34000000000003" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="275.82" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="289.74" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.74" x="290.22" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="304.2" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="304.68" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="318.66" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="319.14" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="333.12" y="156.90001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="333.6" y="156.90001"></rect>
<rect height="110.4" style="fill: rgb(100%, 100%, 100%)" width="92.4" x="103.5" y="12.480009999999993"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="92.94" x="103.5" y="12.000010000000032"></rect>
<rect height="110.94" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="195.42000000000002" y="12.480009999999993"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="92.88" x="103.02" y="122.40001000000001"></rect>
<rect height="110.88" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="103.02" y="12.000010000000032"></rect>
<rect height="0.29999000000000003" style="fill: rgb(0%, 0%, 0%)" width="1.3800000000000001" x="83.58" y="28.920020000000022"></rect>
<path d="M 84.54 29.280010000000004 L 83.7 27.780010000000004 L 83.04 26.70001000000002 L 84.30000000000001 27.060009999999977 L 89.64 28.560009999999977 L 91.26 29.040009999999995 L 89.64 29.520010000000013 L 84.30000000000001 31.080010000000016 L 83.10000000000001 31.44001000000003 L 83.7 30.36000999999999 L 84.0 30.12000999999998 L 89.34 28.560009999999977 L 89.64 29.520010000000013 L 89.34 29.520010000000013 L 84.0 28.020010000000013 L 84.30000000000001 27.060009999999977 L 84.60000000000001 27.300009999999986 L 85.44000000000001 28.800009999999986" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<path d="M 83.7 30.36000999999999 L 84.54 28.800009999999986 L 85.44 28.800009999999986 L 85.56 29.040009999999995 L 85.44 29.280010000000004 L 84.60000000000001 30.840010000000007" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<path d="M 84.96000000000001 29.040009999999995 L 84.12 27.540009999999995 L 89.46000000000001 29.040009999999995 L 84.12 30.600009999999997" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="0.30002" style="fill: rgb(0%, 0%, 0%)" width="23.76" x="68.22" y="50.93999000000002"></rect>
<rect height="22.14" style="fill: rgb(0%, 0%, 0%)" width="0.30000000000000004" x="68.22" y="28.920010000000048"></rect>
<rect height="0.29999000000000003" style="fill: rgb(0%, 0%, 0%)" width="15.36" x="68.34" y="28.920020000000022"></rect>
<rect height="1.3800000000000001" style="fill: rgb(0%, 0%, 0%)" width="0.29999000000000003" x="406.74" y="237.48001000000002"></rect>
<path d="M 407.1 237.90001 L 405.6 238.74001 L 404.52000000000004 239.40001 L 404.88 238.14001000000002 L 406.38 232.80001000000001 L 406.86 231.18001 L 407.34000000000003 232.80001000000001 L 408.90000000000003 238.14001000000002 L 409.26000000000005 239.34001 L 408.18 238.74001 L 407.94 238.44001 L 406.38 233.10001 L 407.34000000000003 232.80001000000001 L 407.34000000000003 233.10001 L 405.84000000000003 238.44001 L 404.88 238.14001000000002 L 405.12 237.84001 L 406.62 237.00001" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<path d="M 408.18 238.74001 L 406.62 237.90001 L 406.62 237.00001 L 406.86 236.88001 L 407.1 237.00001 L 408.66 237.84001" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<path d="M 406.86 237.48001000000002 L 405.36 238.32001000000002 L 406.86 232.98001000000002 L 408.42 238.32001000000002" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="12.06" style="fill: rgb(0%, 0%, 0%)" width="0.30002" x="301.02" y="230.76001000000002"></rect>
<rect height="0.30000000000000004" style="fill: rgb(0%, 0%, 0%)" width="105.9" x="301.14" y="242.52001"></rect>
<rect height="3.9000000000000004" style="fill: rgb(0%, 0%, 0%)" width="0.29999000000000003" x="406.74" y="238.74001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.5" x="104.16" y="59.280010000000004"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="115.26" y="59.280010000000004"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.52" x="130.32" y="59.280010000000004"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="145.44" y="59.280010000000004"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.52" x="160.5" y="59.280010000000004"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="175.62" y="59.280010000000004"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.44" x="190.68" y="59.280010000000004"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.5" x="104.16" y="40.38001000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="115.26" y="40.38001000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.52" x="130.32" y="40.38001000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="145.44" y="40.38001000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.52" x="160.5" y="40.38001000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="175.62" y="40.38001000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.44" x="190.68" y="40.38001000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.5" x="104.16" y="22.320010000000025"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="115.26" y="22.320010000000025"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.52" x="130.32" y="22.320010000000025"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="145.44" y="22.320010000000025"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.52" x="160.5" y="22.320010000000025"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="175.62" y="22.320010000000025"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.44" x="190.68" y="22.320010000000025"></rect>
<rect height="0.48001000000000005" style="fill: rgb(0%, 0%, 0%)" width="98.46000000000001" x="207.48000000000002" y="47.94"></rect>
<path d="M 173.28 165.30001000000001 L 173.28 168.60001000000003 L 172.62 168.42001000000002 L 161.7 165.30001000000001 L 172.62 162.18001000000004 L 173.28 162.00001000000003 L 173.28 162.66001000000003 L 172.92 163.14001000000002 L 163.68 165.78001 L 163.38 164.82001000000002 L 163.68 164.82001000000002 L 172.92 167.46001 L 172.62 168.42001000000002 L 172.26 167.94001 L 172.26 165.30001000000001" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<rect height="2.64" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="172.26" y="162.66001000000003"></rect>
<path d="M 172.8 165.30001000000001 L 172.8 167.94001 L 163.56 165.30001000000001 L 172.8 162.66001000000003" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="0.48001000000000005" style="fill: rgb(0%, 0%, 0%)" width="49.800000000000004" x="173.04" y="165.06000000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.5" x="104.16" y="94.92001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="115.26" y="94.92001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.52" x="130.32" y="94.92001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="145.44" y="94.92001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.52" x="160.5" y="94.92001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.46" x="175.62" y="94.92001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.44" x="190.68" y="94.92001000000005"></rect>
<path d="M 143.58 145.92001 L 146.88000000000002 145.92001 L 146.70000000000002 146.58001000000002 L 143.58 157.50000999999997 L 140.46 146.58001000000002 L 140.28 145.92001 L 140.94000000000003 145.92001 L 141.42000000000002 146.28001 L 144.06 155.52001 L 143.10000000000002 155.82000999999997 L 143.10000000000002 155.52001 L 145.74 146.28001 L 146.70000000000002 146.58001000000002 L 146.22 146.94000999999997 L 143.58 146.94000999999997" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="2.64" x="140.94" y="145.92001000000005"></rect>
<path d="M 143.58 146.40001 L 146.22 146.40001 L 143.58 155.64001000000002 L 140.94000000000003 146.40001" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="23.46" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="143.34" y="122.70001000000002"></rect>
<rect height="79.2" style="fill: rgb(100%, 100%, 100%)" width="73.8" x="169.26" y="194.70001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="74.34" x="169.26" y="194.22001"></rect>
<rect height="79.74" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="242.58" y="194.70001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="74.28" x="168.78" y="273.42001000000005"></rect>
<rect height="79.68" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="168.78" y="194.22001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.44" x="169.98" y="230.70001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.16" x="180.72" y="230.70001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.16" x="195.18" y="230.70001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.22" x="209.58" y="230.70001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="8.16" x="224.04" y="230.70001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="4.44" x="238.5" y="230.70001000000002"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="169.38" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="169.86" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="180.12" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="180.60000000000002" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="194.58" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="195.06" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="208.98000000000002" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.74" x="209.46" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="223.44" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="223.92000000000002" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="237.9" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="238.38" y="217.80001000000001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="169.98" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="170.46" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="180.72" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="181.20000000000002" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="195.18" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="195.66" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="209.58" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.74" x="210.06" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="224.04" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="7.68" x="224.52" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="238.5" y="201.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="3.96" x="238.98000000000002" y="201.48001"></rect>
<rect height="3.0" style="fill: rgb(0%, 0%, 0%)" width="1.5" x="168.96" y="246.66001000000003"></rect>
<rect height="3.0" style="fill: rgb(0%, 0%, 0%)" width="73.5" x="170.46" y="246.66001000000003"></rect>
<rect height="30.6" style="fill: rgb(100%, 100%, 100%)" width="68.4" x="379.86" y="197.10001000000003"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="68.94" x="379.86" y="196.62001"></rect>
<rect height="31.14" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="447.78000000000003" y="197.10001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="68.88" x="379.38" y="227.22001"></rect>
<rect height="31.080000000000002" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="379.38" y="196.62001"></rect>
<rect height="22.200000000000003" style="fill: rgb(100%, 100%, 100%)" width="68.4" x="477.3" y="105.48001000000005"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="68.94" x="477.3" y="105.00001000000003"></rect>
<rect height="22.740000000000002" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="545.22" y="105.48001"></rect>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="68.88" x="476.82" y="127.20001000000002"></rect>
<rect height="22.68" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="476.82" y="105.00001000000003"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="0.23999" x="500.70000000000005" y="47.58003000000002"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="152.58" x="348.12" y="47.58003000000002"></rect>
<path d="M 500.82 91.68001000000004 L 504.12 91.68001000000004 L 503.94 92.34001000000006 L 500.82 103.26001000000002 L 497.7 92.34001000000006 L 497.52 91.68001000000004 L 498.18 91.68001000000004 L 498.65999999999997 92.04001000000005 L 501.3 101.28001000000006 L 500.34 101.58001000000002 L 500.34 101.28001000000006 L 502.98 92.04001000000005 L 503.94 92.34001000000006 L 503.46 92.70001000000002 L 500.82 92.70001000000002" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="2.64" x="498.18" y="91.68001000000004"></rect>
<path d="M 500.82 92.16001 L 503.46 92.16001 L 500.82 101.40001000000001 L 498.18 92.16001" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="0.23999" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="500.58" y="48.30002000000002"></rect>
<rect height="43.38" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="500.58" y="48.540009999999995"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="0.23999" x="409.8" y="77.40003000000002"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="51.54" x="358.26" y="77.40003000000002"></rect>
<path d="M 409.98 184.68001 L 413.28000000000003 184.68001 L 413.1 185.34001 L 409.98 196.26001000000002 L 406.86 185.34001 L 406.68 184.68001 L 407.34000000000003 184.68001 L 407.82 185.04001000000002 L 410.46000000000004 194.28001 L 409.5 194.58001000000002 L 409.5 194.28001 L 412.14000000000004 185.04001000000002 L 413.1 185.34001 L 412.62 185.70001000000002 L 409.98 185.70001000000002" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="2.64" x="407.34000000000003" y="184.68001"></rect>
<path d="M 409.98 185.16001000000003 L 412.62 185.16001000000003 L 409.98 194.40001000000004 L 407.34000000000003 185.16001000000003" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="0.24002" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="409.74" y="76.55998999999997"></rect>
<rect height="108.12" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="409.74" y="76.80001000000004"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="0.24002" x="312.90000000000003" y="75.18002999999999"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="111.18" x="201.72" y="75.18002999999999"></rect>
<path d="M 466.86 109.68001000000004 L 466.86 106.38001000000003 L 467.52000000000004 106.56001000000003 L 476.7 109.20001000000002 L 478.38 109.68001000000004 L 476.7 110.16001000000006 L 467.52000000000004 112.80001000000004 L 466.86 112.98001000000005 L 466.86 112.32001000000002 L 467.22 111.84001000000006 L 476.40000000000003 109.20001000000002 L 476.7 110.16001000000006 L 476.40000000000003 110.16001000000006 L 467.22 107.52001000000001 L 467.52000000000004 106.56001000000003 L 467.88 107.04001000000005 L 467.88 109.68001000000004" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<rect height="2.64" style="fill: rgb(0%, 0%, 0%)" width="1.02" x="466.86" y="109.68001000000004"></rect>
<path d="M 467.34000000000003 109.68001000000004 L 467.34000000000003 107.04001000000005 L 476.52000000000004 109.68001000000004 L 467.34000000000003 112.32001000000002" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="0.48001000000000005" style="fill: rgb(0%, 0%, 0%)" width="0.23999" x="440.1" y="109.44"></rect>
<rect height="0.48001000000000005" style="fill: rgb(0%, 0%, 0%)" width="26.700000000000003" x="440.34000000000003" y="109.44"></rect>
<rect height="0.48001000000000005" style="fill: rgb(0%, 0%, 0%)" width="0.24002" x="363.90000000000003" y="108.36000000000001"></rect>
<rect height="0.48001000000000005" style="fill: rgb(0%, 0%, 0%)" width="25.44" x="338.46" y="108.36000000000001"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="0.23999" x="360.3" y="143.34003"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="21.66" x="338.64" y="143.34003"></rect>
<rect height="0.23999" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="501.96000000000004" y="176.40002"></rect>
<rect height="47.82" style="fill: rgb(0%, 0%, 0%)" width="0.47998" x="501.96000000000004" y="128.58001000000002"></rect>
<rect height="0.48" style="fill: rgb(0%, 0%, 0%)" width="0.23999" x="502.5" y="176.58001000000002"></rect>
<rect height="0.48" style="fill: rgb(0%, 0%, 0%)" width="42.24" x="460.26" y="176.58001000000002"></rect>
<path d="M 204.84 189.36001000000002 L 208.14000000000001 189.36001000000002 L 207.96 190.02001 L 205.32 199.20001000000002 L 204.84 200.88001000000003 L 204.36 199.20001000000002 L 201.72 190.02001 L 201.54 189.36001000000002 L 202.20000000000002 189.36001000000002 L 202.68 189.72001000000003 L 205.32 198.90001 L 204.36 199.20001000000002 L 204.36 198.90001 L 207.0 189.72001000000003 L 207.96 190.02001 L 207.48 190.38001000000003 L 204.84 190.38001000000003" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="2.64" x="202.20000000000002" y="189.36001000000002"></rect>
<path d="M 204.84 189.84001 L 207.48 189.84001 L 204.84 199.02001 L 202.20000000000002 189.84001" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="0.24001000000000003" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="204.60000000000002" y="177.72"></rect>
<rect height="11.58" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="204.60000000000002" y="177.96001"></rect>
<rect height="0.48" style="fill: rgb(0%, 0%, 0%)" width="0.23999" x="425.28000000000003" y="176.76001000000002"></rect>
<rect height="0.48" style="fill: rgb(0%, 0%, 0%)" width="221.58" x="203.70000000000002" y="176.76001000000002"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="0.24002" x="400.56" y="153.24003"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="11.52" x="389.04" y="153.24003"></rect>
<path d="M 400.56 184.26001000000002 L 403.86 184.26001000000002 L 403.68 184.92001000000002 L 400.56 195.84001000000004 L 397.44 184.92001000000002 L 397.26 184.26001000000002 L 397.92 184.26001000000002 L 398.4 184.62001000000004 L 401.04 193.86001000000002 L 400.08 194.16001000000003 L 400.08 193.86001000000002 L 402.72 184.62001000000004 L 403.68 184.92001000000002 L 403.2 185.28001000000003 L 400.56 185.28001000000003" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="2.64" x="397.92" y="184.26001"></rect>
<path d="M 400.56 184.74001 L 403.2 184.74001 L 400.56 193.98001000000002 L 397.92 184.74001" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="0.23999" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="400.32" y="152.94002000000006"></rect>
<rect height="31.32" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="400.32" y="153.18000999999998"></rect>
<rect height="0.48" style="fill: rgb(0%, 0%, 0%)" width="0.24001000000000003" x="143.04" y="209.70001000000002"></rect>
<rect height="0.48" style="fill: rgb(0%, 0%, 0%)" width="22.200000000000003" x="143.28" y="209.70001000000002"></rect>
<path d="M 143.16 185.10001 L 139.85999999999999 185.10001 L 140.04 184.44001 L 142.68 175.26001 L 143.16 173.64001 L 143.64 175.26001 L 146.34 184.44001 L 146.52 185.10001 L 145.85999999999999 185.10001 L 145.38 184.74000999999998 L 142.68 175.56001 L 143.64 175.26001 L 143.64 175.56001 L 141.0 184.74000999999998 L 140.04 184.44001 L 140.52 184.08001 L 143.16 184.08001" style="fill: rgb(0%, 0%, 0%); fill-rule: nonzero"></path>
<rect height="1.02" style="fill: rgb(0%, 0%, 0%)" width="2.7" x="143.16" y="184.08001"></rect>
<path d="M 143.16 184.62001 L 140.52 184.62001 L 143.16 175.44001 L 145.85999999999999 184.62001" style="fill: rgb(0%, 0%, 0%); fill-rule: evenodd"></path>
<rect height="0.23999" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="142.92000000000002" y="210.18002"></rect>
<rect height="25.26" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="142.92000000000002" y="184.92001000000002"></rect>
<rect height="0.24001000000000003" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="301.62" y="206.88"></rect>
<rect height="9.72" style="fill: rgb(0%, 0%, 0%)" width="0.48001000000000005" x="301.62" y="207.12001"></rect>
<rect height="0.48" style="fill: rgb(0%, 0%, 0%)" width="0.23999" x="302.28000000000003" y="206.82001000000002"></rect>
<rect height="0.48" style="fill: rgb(0%, 0%, 0%)" width="59.04" x="243.24" y="206.82001000000002"></rect>
<rect height="0.23999" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="222.12" y="138.24002000000002"></rect>
<rect height="26.94" style="fill: rgb(0%, 0%, 0%)" width="0.48" x="222.12" y="138.48001"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="0.24001000000000003" x="221.88" y="138.00002999999998"></rect>
<rect height="0.47998" style="fill: rgb(0%, 0%, 0%)" width="39.84" x="222.12" y="138.00002999999998"></rect>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="34.22704039999999" x="112.98112969999997" y="36.07431785">Signature</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 7.803183600000011pt; fill: #000" textLength="17.474656319999987" x="60.300000000000004" y="43.83534309999999">Verify</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="27.55607649999996" x="314.22" y="52.27465649999999">Hashed</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="28.071698800000007" x="116.16" y="54.31465650000001">PubKey</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="49.164024100000006" x="112.62" y="70.15465649999999">ATTRIBUTES</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="66.49841054999999" x="112.2599036" y="79.93433835000002">ATTRIBUTEMASK</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="22.67131820000003" x="324.420005" y="80.29415054999998">Check</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="49.221850900000035" x="112.4398092" y="90.37448520000004">MRENCLAVE</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="65.40452025000008" x="368.21979025" y="113.29397775000001">If VALID=1, Check</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="43.121926650000034" x="273.96" y="115.5146565">MRSIGNER</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.905680000000018pt; fill: #000" textLength="46.14355199999996" x="113.82000000000001" y="115.74379000000005">SIGSTRUCT</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="43.113895149999905" x="487.44" y="122.77465649999999">MRSIGNER</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 7.803183600000011pt; fill: #000" textLength="26.038580399999972" x="138.54" y="138.8753431">DS:RBX</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="49.21944144999992" x="273.05966885" y="141.1945746">ATTRIBUTES</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="40.58638209999987" x="366.0" y="148.87465650000001">If VALID=1,</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="49.153583149999974" x="274.02" y="152.35465649999998">MRENCLAVE</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="22.67131820000003" x="366.0" y="157.81451915000002">Check</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 7.803183600000011pt; fill: #000" textLength="26.38608776999999" x="186.3" y="159.03534310000003">DS:RDX</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963153999999975pt; fill: #000" textLength="47.88460614999997" x="274.2" y="169.87465650000001">EINITTOKEN</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 10.043999999999983pt; fill: #000" textLength="23.021999999999963" x="132.72" y="171.27901000000003">EINIT</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963154000000003pt; fill: #000" textLength="18.712591849999967" x="430.8" y="181.87465650000001">Copy</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963154000000003pt; fill: #000" textLength="49.22024459999989" x="389.04" y="211.57465650000003">ATTRIBUTES</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963154000000003pt; fill: #000" textLength="21.795081549999963" x="179.4" y="215.89465650000002">SECS</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 7.803183600000011pt; fill: #000" textLength="26.441325360000036" x="126.72" y="221.2553431">DS:RCX</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963154000000003pt; fill: #000" textLength="49.21140994999996" x="390.0600005" y="222.79466200000005">MRENCLAVE</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.963154000000003pt; fill: #000" textLength="22.67131820000003" x="289.2" y="228.07465650000003">Check</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.90567999999999pt; fill: #000" textLength="37.60016400000006" x="178.44" y="241.56379000000004">ENCLAVE</text>
<text lengthAdjust="spacingAndGlyphs" style="font-size: 8.90567999999999pt; fill: #000" textLength="16.441992" x="178.86" y="268.98379">EPC</text></g></svg>
<figcaption><span class="not-imported">Figure 38-1</span>. Relationships Between SECS, SIGSTRUCT, and EINITTOKEN</figcaption></figure>
<h2 id="einit-memory-parameter-semantics">EINIT Memory Parameter Semantics<a class="anchor" href="#einit-memory-parameter-semantics">
</a></h2>
<p>SIGSTRUCT</p>
<table>
<tr>
<td>SECS</td>
<td>EINITTOKEN</td></tr>
<tr>
<td>Read/Write access by Enclave</td>
<td>Access by non-Enclave</td></tr></table>
<p>Access by non-Enclave</p>
<p>EINIT performs the following steps, which can be seen in <span class="not-imported">Figure 38-1</span>:</p>
<p>1. Validates that SIGSTRUCT is signed using the enclosed public key.</p>
<p>2. Checks that the completed computation of SECS.MRENCLAVE equals SIGSTRUCT.HASHENCLAVE.</p>
<p>3. Checks that no controlled ATTRIBUTES bits are set in SIGSTRUCT.ATTRIBUTES unless the SHA256 digest of SIGSTRUCT.MODULUS equals IA32_SGX_LEPUBKEYHASH.</p>
<p>4. Checks that the result of bitwise and-ing SIGSTRUCT.ATTRIBUTEMASK with SIGSTRUCT.ATTRIBUTES equals the result of bitwise and-ing SIGSTRUCT.ATTRIBUTEMASK with SECS.ATTRIBUTES.</p>
<p>5. If EINITTOKEN.VALID is 0, checks that the SHA256 digest of SIGSTRUCT.MODULUS equals IA32_SGX_LEPUBKEYHASH.</p>
<p>6. If EINITTOKEN.VALID is 1, checks the validity of EINITTOKEN.</p>
<p>7. If EINITTOKEN.VALID is 1, checks that EINITTOKEN.MRENCLAVE equals SECS.MRENCLAVE.</p>
<p>8. If EINITTOKEN.VALID is 1 and EINITTOKEN.ATTRIBUTES.DEBUG is 1, SECS.ATTRIBUTES.DEBUG must be 1.</p>
<p>9. Commits SECS.MRENCLAVE, and sets SECS.MRSIGNER, SECS.ISVSVN, and SECS.ISVPRODID based on SIGSTRUCT.</p>
<p>10. Update the SECS as Initialized.</p>
<p>Periodically, EINIT polls for certain asynchronous events. If such an event is detected, it completes with failure code (ZF=1 and RAX = SGX_UNMASKED_EVENT), and RIP is incremented to point to the next instruction. These events includes external interrupts, non-maskable interrupts, system-management interrupts, machine checks, INIT signals, and the VMX-preemption timer. EINIT does not fail if the pending event is inhibited (e.g., external interrupts could be inhibited due to blocking by MOV SS blocking or by STI).</p>
<p>The following bits in RFLAGS are cleared: CF, PF, AF, OF, and SF. When the instruction completes with an error, RFLAGS.ZF is set to 1, and the corresponding error bit is set in RAX. If no error occurs, RFLAGS.ZF is cleared and RAX is set to 0.</p>
<p>The error codes are:</p>
<figure id="tbl-38-25">
<table>
<tr>
<th>Error Code (see <span class="not-imported">Table 38-4</span>)</th>
<th>Description</th></tr>
<tr>
<td>No Error</td>
<td>EINIT successful.</td></tr>
<tr>
<td>SGX_INVALID_SIG_STRUCT</td>
<td>If SIGSTRUCT contained an invalid value.</td></tr>
<tr>
<td>SGX_INVALID_ATTRIBUTE</td>
<td>If SIGSTRUCT contains an unauthorized attributes mask.</td></tr>
<tr>
<td>SGX_INVALID_MEASUREMENT</td>
<td>If SIGSTRUCT contains an incorrect measurement. If EINITTOKEN contains an incorrect measurement.</td></tr>
<tr>
<td>SGX_INVALID_SIGNATURE</td>
<td>If signature does not validate with enclosed public key.</td></tr>
<tr>
<td>SGX_INVALID_LICENSE</td>
<td>If license is invalid.</td></tr>
<tr>
<td>SGX_INVALID_CPUSVN</td>
<td>If license SVN is unsupported.</td></tr>
<tr>
<td>SGX_UNMASKED_EVENT</td>
<td>If an unmasked event is received before the instruction completes its operation.</td></tr></table>
<figcaption><span class="not-imported">Table 38-25</span>. EINIT Return Value in RAX</figcaption></figure>
<h3 id="concurrency-restrictions">Concurrency Restrictions<a class="anchor" href="#concurrency-restrictions">
</a></h3>
<figure id="tbl-38-26">
<table>
<tr>
<th rowspan="2">Leaf</th>
<th rowspan="2">Parameter</th>
<th colspan="3">Base Concurrency Restrictions</th></tr>
<tr>
<th></th>
<th>On Conflict </th>
<th></th></tr>
<tr>
<td>EINIT EINIT
SECS [DS:RCX]
Shared EINIT
SECS [DS:RCX]
</td>
<td>SECS [DS:RCX]</td>
<td></td>
<td></td>
<td></td></tr></table>
<figcaption><span class="not-imported">Table 38-26</span>. Base Concurrency Restrictions of EINIT</figcaption></figure>
<figure id="tbl-38-27">
<table>
<tr>
<td rowspan="3"><strong>Leaf Access On Conflict
</strong>EINIT
SECS [DS:RCX]
Concurrent
Exclusive <strong>Access On Conflict
</strong>EINIT
SECS [DS:RCX]
Concurrent
</td>
<td rowspan="3"><strong>Parameter</strong></td>
<td colspan="6"><strong>Additional Concurrency Restrictions</strong></td></tr>
<tr>
<td colspan="2"><strong>vs. EACCEPT, EACCEPTCOPY, vs. EADD, EEXTEND, EINIT
vs. ETRACK, ETRACKC
Access vs. ETRACK, ETRACKC
Access On Conflict
Access vs. ETRACK, ETRACKC
Access On Conflict
EMODPE, EMODPR, EMODT</strong></td>
<td colspan="2"><strong>vs. EADD, EEXTEND, EINIT vs. EADD, EEXTEND, EINIT
vs. ETRACK, ETRACKC
</strong></td>
<td colspan="2"><strong>vs. ETRACK, ETRACKC</strong></td></tr>
<tr>
<td><strong>Access On Conflict
Access On Conflict
Access Access On Conflict
Access On Conflict
</strong></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td></tr>
<tr>
<td>EINIT</td>
<td>SECS [DS:RCX]</td>
<td>Concurrent</td>
<td></td>
<td></td>
<td></td>
<td>Concurrent</td>
<td></td></tr></table>
<figcaption><span class="not-imported">Table 38-27</span>. Additional Concurrency Restrictions of ENIT</figcaption></figure>
<h3 id="operation">Operation<a class="anchor" href="#operation">
</a></h3>
<h2 id="temp-variables-in-einit-operational-flow">Temp Variables in EINIT Operational Flow<a class="anchor" href="#temp-variables-in-einit-operational-flow">
</a></h2>
<table>
<tr>
<th>Name</th>
<th>Type</th>
<th>Size</th>
<th>Description</th></tr>
<tr>
<td>TMP_SIG</td>
<td>SIGSTRUCT</td>
<td>1808Bytes</td>
<td>Temp space for SIGSTRUCT.</td></tr>
<tr>
<td>TMP_TOKEN</td>
<td>EINITTOKEN</td>
<td>304Bytes</td>
<td>Temp space for EINITTOKEN.</td></tr>
<tr>
<td>TMP_MRENCLAVE</td>
<td></td>
<td>32Bytes</td>
<td>Temp space for calculating MRENCLAVE.</td></tr>
<tr>
<td>TMP_MRSIGNER</td>
<td></td>
<td>32Bytes</td>
<td>Temp space for calculating MRSIGNER.</td></tr>
<tr>
<td>CONTROLLED_ATTRIBU TES</td>
<td>ATTRIBUTES</td>
<td>16Bytes</td>
<td>Constant mask of all ATTRIBUTE bits that can only be set for authorized enclaves.</td></tr>
<tr>
<td>TMP_KEYDEPENDENCIE S</td>
<td>Buffer</td>
<td>224Bytes</td>
<td>Temp space for key derivation.</td></tr>
<tr>
<td>TMP_EINITTOKENKEY</td>
<td></td>
<td>16Bytes</td>
<td>Temp space for the derived EINITTOKEN Key.</td></tr>
<tr>
<td>TMP_SIG_PADDING</td>
<td>PKCS Padding Buffer</td>
<td>352Bytes</td>
<td>The value of the top 352 bytes from the computation of Signature<sup>3</sup> modulo MRSIGNER.</td></tr></table>
<p>(* make sure SIGSTRUCT and SECS are aligned *)</p>
<p>IF ( (DS:RBX is not 4KByte Aligned) or (DS:RCX is not 4KByte Aligned) )</p>
<p>THEN #GP(0); FI;</p>
<p>(* make sure the EINITTOKEN is aligned *)</p>
<p>IF (DS:RDX is not 512Byte Aligned)</p>
<p>THEN #GP(0); FI;</p>
<p>(* make sure the SECS is inside the EPC *)</p>
<p>IF (DS:RCX does not resolve within an EPC)</p>
<p>THEN #PF(DS:RCX); FI;</p>
<p>TMP_SIG[14463:0] := DS:RBX[14463:0]; // 1808 bytes</p>
<p>TMP_TOKEN[2423:0] := DS:RDX[2423:0]; // 304 bytes</p>
<p>(* Verify SIGSTRUCT Header. *)</p>
<p>IF ( (TMP_SIG.HEADER ≠ 06000000E10000000000010000000000h) or</p>
<p>((TMP_SIG.VENDOR ≠ 0) and (TMP_SIG.VENDOR ≠ 00008086h) ) or</p>
<p>(TMP_SIG HEADER2 ≠ 01010000600000006000000001000000h) or</p>
<p>(TMP_SIG.EXPONENT ≠ 00000003h) or (Reserved space is not 0s) )</p>
<p>THEN</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_SIG_STRUCT;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>(* Open “Event Window” Check for Interrupts. Verify signature using embedded public key, q1, and q2. Save upper 352 bytes of the PKCS1.5 encoded message into the TMP_SIG_PADDING*)</p>
<p>IF (interrupt was pending) THEN</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_UNMASKED_EVENT;</p>
<p>GOTO EXIT;</p>
<p>FI</p>
<p>IF (signature failed to verify) THEN</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_SIGNATURE;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>(*Close “Event Window” *)</p>
<p>(* make sure no other Intel SGX instruction is modifying SECS*)</p>
<p>IF (Other instructions modifying SECS)</p>
<p>THEN #GP(0); FI;</p>
<p>IF ( (EPCM(DS:RCX). VALID = 0) or (EPCM(DS:RCX).PT ≠ PT_SECS) )</p>
<p>THEN #PF(DS:RCX); FI;</p>
<p>(* Verify ISVFAMILYID is not used on an enclave with KSS disabled *)</p>
<p>IF ((TMP_SIG.ISVFAMILYID != 0) AND (DS:RCX.ATTRIBUTES.KSS == 0))</p>
<p>THEN</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_SIG_STRUCT;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>(* make sure no other instruction is accessing MRENCLAVE or ATTRIBUTES.INIT *)</p>
<p>IF ( (Other instruction modifying MRENCLAVE) or (Other instructions modifying the SECSs Initialized state))</p>
<p>THEN #GP(0); FI;</p>
<p>(* Calculate finalized version of MRENCLAVE *)</p>
<p>(* SHA256 algorithm requires one last update that compresses the length of the hashed message into the output SHA256 digest *)</p>
<p>TMP_ENCLAVE := SHA256FINAL( (DS:RCX).MRENCLAVE, enclaves MRENCLAVE update count *512);</p>
<p>(* Verify MRENCLAVE from SIGSTRUCT *)</p>
<p>IF (TMP_SIG.ENCLAVEHASH ≠ TMP_MRENCLAVE)</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_MEASUREMENT;</p>
<p>GOTO EXIT;</p>
<p>TMP_MRSIGNER := SHA256(TMP_SIG.MODULUS)</p>
<p>(* if controlled ATTRIBUTES are set, SIGSTRUCT must be signed using an authorized key *)</p>
<p>CONTROLLED_ATTRIBUTES := 0000000000000020H;</p>
<p>IF ( ( (DS:RCX.ATTRIBUTES &amp; CONTROLLED_ATTRIBUTES) ≠ 0) and (TMP_MRSIGNER ≠ IA32_SGXLEPUBKEYHASH) )</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_ATTRIBUTE;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>(* Verify SIGSTRUCT.ATTRIBUTE requirements are met *)</p>
<p>IF ( (DS:RCX.ATTRIBUTES &amp; TMP_SIG.ATTRIBUTEMASK) ≠ (TMP_SIG.ATTRIBUTE &amp; TMP_SIG.ATTRIBUTEMASK) )</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_ATTRIBUTE;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>( *Verify SIGSTRUCT.MISCSELECT requirements are met *)</p>
<p>IF ( (DS:RCX.MISCSELECT &amp; TMP_SIG.MISCMASK) ≠ (TMP_SIG.MISCSELECT &amp; TMP_SIG.MISCMASK) )</p>
<p>THEN</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_ATTRIBUTE;</p>
<p>GOTO EXIT</p>
<p>FI;</p>
<p>IF (CPUID.(EAX=12H, ECX=1):EAX[6] = 1)</p>
<p>IF ( DS:RCX.CET_ATTRIBUTES &amp; TMP_SIG.CET_ATTRIBUTES_MASK ≠ TMP_SIG.CET_ATTRIBUTES &amp;</p>
<p>TMP_SIG.CET_ATTRIB-UTES_MASK )</p>
<p>THEN</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_ATTRIBUTE;</p>
<p>GOTO EXIT</p>
<p>FI;</p>
<p>FI;</p>
<p>(* If EINITTOKEN.VALID[0] is 0, verify the enclave is signed by an authorized key *)</p>
<p>IF (TMP_TOKEN.VALID[0] = 0)</p>
<p>IF (TMP_MRSIGNER ≠ IA32_SGXLEPUBKEYHASH)</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_EINITTOKEN;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>GOTO COMMIT;</p>
<p>FI;</p>
<p>(* Debug Launch Enclave cannot launch Production Enclaves *)</p>
<p>IF ( (DS:RDX.MASKEDATTRIBUTESLE.DEBUG = 1) and (DS:RCX.ATTRIBUTES.DEBUG = 0) )</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_EINITTOKEN;</p>
<p>GOTO EXIT;</p>
<p>(* Check reserve space in EINIT token includes reserved regions and upper bits in valid field *)</p>
<p>IF (TMP_TOKEN reserved space is not clear)</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_EINITTOKEN;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>(* EINIT token must not have been created by a configuration beyond the current CPU configuration *)</p>
<p>IF (TMP_TOKEN.CPUSVN must not be a configuration beyond CR_CPUSVN)</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_CPUSVN;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>(* Derive Launch key used to calculate EINITTOKEN.MAC *)</p>
<p>HARDCODED_PKCS1_5_PADDING[15:0] := 0100H;</p>
<p>HARDCODED_PKCS1_5_PADDING[2655:16] := SignExtend330Byte(-1); // 330 bytes of 0FFH</p>
<p>HARDCODED_PKCS1_5_PADDING[2815:2656] := 2004000501020403650148866009060D30313000H;</p>
<p>TMP_KEYDEPENDENCIES.KEYNAME := EINITTOKEN_KEY;</p>
<p>TMP_KEYDEPENDENCIES.ISVFAMILYID := 0;</p>
<p>TMP_KEYDEPENDENCIES.ISVEXTPRODID := 0;</p>
<p>TMP_KEYDEPENDENCIES.ISVPRODID := TMP_TOKEN.ISVPRODIDLE;</p>
<p>TMP_KEYDEPENDENCIES.ISVSVN := TMP_TOKEN.ISVSVNLE;</p>
<p>TMP_KEYDEPENDENCIES.SGXOWNEREPOCH := CR_SGXOWNEREPOCH;</p>
<p>TMP_KEYDEPENDENCIES.ATTRIBUTES := TMP_TOKEN.MASKEDATTRIBUTESLE;</p>
<p>TMP_KEYDEPENDENCIES.ATTRIBUTESMASK := 0;</p>
<p>TMP_KEYDEPENDENCIES.MRENCLAVE := 0;</p>
<p>TMP_KEYDEPENDENCIES.MRSIGNER := IA32_SGXLEPUBKEYHASH;</p>
<p>TMP_KEYDEPENDENCIES.KEYID := TMP_TOKEN.KEYID;</p>
<p>TMP_KEYDEPENDENCIES.SEAL_KEY_FUSES := CR_SEAL_FUSES;</p>
<p>TMP_KEYDEPENDENCIES.CPUSVN := TMP_TOKEN.CPUSVNLE;</p>
<p>TMP_KEYDEPENDENCIES.MISCSELECT := TMP_TOKEN.MASKEDMISCSELECTLE;</p>
<p>TMP_KEYDEPENDENCIES.MISCMASK := 0;</p>
<p>TMP_KEYDEPENDENCIES.PADDING := HARDCODED_PKCS1_5_PADDING;</p>
<p>TMP_KEYDEPENDENCIES.KEYPOLICY := 0;</p>
<p>TMP_KEYDEPENDENCIES.CONFIGID := 0;</p>
<p>TMP_KEYDEPENDENCIES.CONFIGSVN := 0;</p>
<p>IF (CPUID.(EAX=12H, ECX=1):EAX[6] = 1))</p>
<p>TMP_KEYDEPENDENCIES.CET_ATTRIBUTES := TMP_TOKEN.CET_MASKED_ATTRIBUTES_ LE;</p>
<p>TMP_KEYDEPENDENCIES.CET_ATTRIBUTES_MASK := 0;</p>
<p>FI;</p>
<p>(* Calculate the derived key*)</p>
<p>TMP_EINITTOKENKEY := derivekey(TMP_KEYDEPENDENCIES);</p>
<p>(* Verify EINITTOKEN was generated using this CPU's Launch key and that it has not been modified since issuing by the Launch Enclave. Only 192 bytes of EINITTOKEN are CMACed *)</p>
<p>IF (TMP_TOKEN.MAC ≠ CMAC(TMP_EINITTOKENKEY, TMP_TOKEN[1535:0] ) )</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_EINITTOKEN;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>(* Verify EINITTOKEN (RDX) is for this enclave *)</p>
<p>IF ( (TMP_TOKEN.MRENCLAVE ≠ TMP_MRENCLAVE) or (TMP_TOKEN.MRSIGNER ≠ TMP_MRSIGNER) )</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_MEASUREMENT;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>(* Verify ATTRIBUTES in EINITTOKEN are the same as the enclaves *)</p>
<p>IF (TMP_TOKEN.ATTRIBUTES ≠ DS:RCX.ATTRIBUTES)</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_INVALID_EINIT_ATTRIBUTE;</p>
<p>GOTO EXIT;</p>
<p>FI;</p>
<p>COMMIT:</p>
<p>(* Commit changes to the SECS; Set ISVPRODID, ISVSVN, MRSIGNER, INIT ATTRIBUTE fields in SECS (RCX) *)</p>
<p>DS:RCX.MRENCLAVE := TMP_MRENCLAVE;</p>
<p>(* MRSIGNER stores a SHA256 in little endian implemented natively on x86 *)</p>
<p>DS:RCX.MRSIGNER := TMP_MRSIGNER;</p>
<p>DS:RCX.ISVEXTPRODID := TMP_SIG.ISVEXTPRODID;</p>
<p>DS:RCX.ISVPRODID := TMP_SIG.ISVPRODID;</p>
<p>DS:RCX.ISVSVN := TMP_SIG.ISVSVN;</p>
<p>DS:RCX.ISVFAMILYID := TMP_SIG.ISVFAMILYID;</p>
<p>DS:RCX.PADDING := TMP_SIG_PADDING;</p>
<p>(* Mark the SECS as initialized *)</p>
<p>Update DS:RCX to initialized;</p>
<p>(* Set RAX and ZF for success*)</p>
<p>RFLAGS.ZF := 0;</p>
<p>RAX := 0;</p>
<p>EXIT:</p>
<p>RFLAGS.CF,PF,AF,OF,SF := 0;</p>
<h3 id="flags-affected">Flags Affected<a class="anchor" href="#flags-affected">
</a></h3>
<p>ZF is cleared if successful, otherwise ZF is set and RAX contains the error code. CF, PF, AF, OF, SF are cleared.</p>
<h3 class="exceptions" id="protected-mode-exceptions">Protected Mode Exceptions<a class="anchor" href="#protected-mode-exceptions">
</a></h3>
<table>
<tr>
<td rowspan="4">#GP(0)</td>
<td>If a memory operand is not properly aligned.</td></tr>
<tr>
<td>If another instruction is modifying the SECS.</td></tr>
<tr>
<td>If the enclave is already initialized.</td></tr>
<tr>
<td>If the SECS.MRENCLAVE is in use.</td></tr>
<tr>
<td rowspan="3">#PF(error</td>
<td>code) If a page fault occurs in accessing memory operands.</td></tr>
<tr>
<td>If RCX does not resolve in an EPC page.</td></tr>
<tr>
<td>If the memory address is not a valid, uninitialized SECS.</td></tr></table>
<h3 class="exceptions" id="64-bit-mode-exceptions">64-Bit Mode Exceptions<a class="anchor" href="#64-bit-mode-exceptions">
</a></h3>
<table>
<tr>
<td rowspan="4">#GP(0)</td>
<td>If a memory operand is not properly aligned.</td></tr>
<tr>
<td>If another instruction is modifying the SECS.</td></tr>
<tr>
<td>If the enclave is already initialized.</td></tr>
<tr>
<td>If the SECS.MRENCLAVE is in use.</td></tr>
<tr>
<td rowspan="3">#PF(error</td>
<td>code) If a page fault occurs in accessing memory operands.</td></tr>
<tr>
<td>If RCX does not resolve in an EPC page.</td></tr>
<tr>
<td>If the memory address is not a valid, uninitialized SECS.</td></tr></table><footer><p>
This UNOFFICIAL, mechanically-separated, non-verified reference is provided for convenience, but it may be
inc<span style="opacity: 0.2">omp</span>lete or b<sub>r</sub>oke<sub>n</sub> in various obvious or non-obvious
ways. Refer to <a href="https://software.intel.com/en-us/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4">Intel® 64 and IA-32 Architectures Software Developers Manual</a> for anything serious.
</p></footer></body></html>
View git blame Copy permalink