drginfo/ia32-64
1
0
Fork 0
forked from NRZCode/ia32-64
Code Pull requests Activity
ia32-64/x86/enclv.html
NRZ Code 92622c37d6 Initial commit
2025-07-08 02:23:29 -03:00

144 lines
6.7 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:svg="http://www.w3.org/2000/svg" xmlns:x86="http://www.felixcloutier.com/x86"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="style.css"></link><title>ENCLV
— Execute an Enclave VMM Function of Specified Leaf Number</title></head><body><header><nav><ul><li><a href='index.html'>Index</a></li><li>December 2023</li></ul></nav></header><h1>ENCLV
— Execute an Enclave VMM Function of Specified Leaf Number</h1>
<table>
<tr>
<th>Opcode/Instruction</th>
<th>Op/En</th>
<th>64/32 bit Mode Support</th>
<th>CPUID Feature Flag</th>
<th>Description</th></tr>
<tr>
<td>NP 0F 01 C0 ENCLV</td>
<td>ZO</td>
<td>V/V</td>
<td>NA</td>
<td>This instruction is used to execute privileged SGX leaf functions that are reserved for VMM use. They are used for managing the enclaves.</td></tr></table>
<h2 id="instruction-operand-encoding">Instruction Operand Encoding<a class="anchor" href="#instruction-operand-encoding">
</a></h2>
<table>
<tr>
<td>Op/En</td>
<td>Operand 1</td>
<td>Operand 2</td>
<td>Operand 3</td>
<td>Implicit Register Operands</td></tr>
<tr>
<td>ZO</td>
<td>NA</td>
<td>NA</td>
<td>NA</td>
<td>See Section 38.3</td></tr></table>
<h3 id="description">Description<a class="anchor" href="#description">
</a></h3>
<p>The ENCLV instruction invokes the virtualization SGX leaf functions for managing enclaves in a virtualized environment. Software specifies the leaf function by setting the appropriate value in the register EAX as input. The registers RBX, RCX, and RDX have leaf-specific purpose, and may act as input, as output, or may be unused. In non 64-bit mode, the instruction ignores upper 32 bits of the RAX register.</p>
<p>The ENCLV instruction produces an invalid-opcode exception (#UD) if CR0.PE = 0 or RFLAGS.VM = 1, if it is executed in system-management mode (SMM), or not in VMX operation. Additionally, any attempt to execute the instruction when CPL &gt; 0 results in #UD. The instruction produces a general-protection exception (#GP) if CR0.PG = 0 or if an attempt is made to invoke an undefined leaf function.</p>
<p>Software in VMX root mode of operation can enable execution of the ENCLV instruction in VMX non-root mode by setting enable ENCLV execution control in the VMCS. If enable ENCLV execution control in the VMCS is clear, execution of the ENCLV instruction in VMX non-root mode results in #UD.</p>
<p>When execution of ENCLV instruction in VMX non-root mode is enabled, software in VMX root operation can intercept the invocation of various ENCLV leaf functions in VMX non-root operation by setting the corresponding bits in the ENCLV-exiting bitmap.</p>
<p>Addresses and operands are 32 bits in 32-bit mode (IA32_EFER.LMA == 0 || CS.L == 0) and are 64 bits in 64-bit mode (IA32_EFER.LMA == 1 &amp;&amp; CS.L == 1). CS.D value has no impact on address calculation.</p>
<p>Segment override prefixes and address-size override prefixes are ignored, as is the REX prefix in 64-bit mode.</p>
<h3 id="operation">Operation<a class="anchor" href="#operation">
</a></h3>
<pre>IF TSX_ACTIVE
THEN GOTO TSX_ABORT_PROCESSING; FI;
IF CR0.PE = 0 or RFLAGS.VM = 1 or in SMM or CPUID.SGX_LEAF.0:EAX.OSS = 0
THEN #UD; FI;
IF not in VMX Operation or (IA32_EFER.LMA = 1 and CS.L = 0)
THEN #UD; FI;
IF (CPL &gt; 0)
THEN #UD; FI;
IF in VMX non-root operation
IF “enable ENCLV exiting“ VM-execution control is 1
THEN
IF EAX &lt; 63 and ENCLV_exiting_bitmap[EAX] = 1 or EAX&gt; 62 and ENCLV_exiting_bitmap[63] = 1
THEN VM exit;
FI;
ELSE
#UD; FI;
FI;
IF IA32_FEATURE_CONTROL.LOCK = 0 or IA32_FEATURE_CONTROL.SGX_ENABLE = 0
THEN #GP(0); FI;
IF (EAX is an invalid leaf number)
THEN #GP(0); FI;
IF CR0.PG = 0
THEN #GP(0); FI;
(* DS must not be an expanded down segment *)
IF not in 64-bit mode and DS.Type is expand-down data
THEN #GP(0); FI;
Jump to leaf specific flow
</pre>
<h3 id="flags-affected">Flags Affected<a class="anchor" href="#flags-affected">
</a></h3>
<p>See individual leaf functions.</p>
<h3 class="exceptions" id="protected-mode-exceptions">Protected Mode Exceptions<a class="anchor" href="#protected-mode-exceptions">
</a></h3>
<table>
<tr>
<td rowspan="4">#UD</td>
<td>If any of the LOCK/66H/REP/VEX prefixes are used.</td></tr>
<tr>
<td>If current privilege level is not 0.</td></tr>
<tr>
<td>If CPUID.(EAX=12H,ECX=0):EAX.OSS [bit 5] = 0.</td></tr>
<tr>
<td>If logical processor is in SMM.</td></tr>
<tr>
<td rowspan="5">#GP(0)</td>
<td>If IA32_FEATURE_CONTROL.LOCK = 0.</td></tr>
<tr>
<td>If IA32_FEATURE_CONTROL.SGX_ENABLE = 0.</td></tr>
<tr>
<td>If input value in EAX encodes an unsupported leaf.</td></tr>
<tr>
<td>If data segment expand down.</td></tr>
<tr>
<td>If CR0.PG=0.</td></tr></table>
<h3 class="exceptions" id="real-address-mode-exceptions">Real-Address Mode Exceptions<a class="anchor" href="#real-address-mode-exceptions">
</a></h3>
<table>
<tr>
<td>#UD</td>
<td>ENCLV is not recognized in real mode.</td></tr></table>
<h3 class="exceptions" id="virtual-8086-mode-exceptions">Virtual-8086 Mode Exceptions<a class="anchor" href="#virtual-8086-mode-exceptions">
</a></h3>
<table>
<tr>
<td>#UD</td>
<td>ENCLV is not recognized in virtual-8086 mode.</td></tr></table>
<h3 class="exceptions" id="compatibility-mode-exceptions">Compatibility Mode Exceptions<a class="anchor" href="#compatibility-mode-exceptions">
</a></h3>
<p>Same exceptions as in protected mode.</p>
<h3 class="exceptions" id="64-bit-mode-exceptions">64-Bit Mode Exceptions<a class="anchor" href="#64-bit-mode-exceptions">
</a></h3>
<table>
<tr>
<td rowspan="4">#UD</td>
<td>If any of the LOCK/66H/REP/VEX prefixes are used.</td></tr>
<tr>
<td>If current privilege level is not 0.</td></tr>
<tr>
<td>If CPUID.(EAX=12H,ECX=0):EAX.OSS [bit 5] = 0.</td></tr>
<tr>
<td>If logical processor is in SMM.</td></tr>
<tr>
<td rowspan="3">#GP(0)</td>
<td>If IA32_FEATURE_CONTROL.LOCK = 0.</td></tr>
<tr>
<td>If IA32_FEATURE_CONTROL.SGX_ENABLE = 0.</td></tr>
<tr>
<td>If input value in EAX encodes an unsupported leaf.</td></tr></table><footer><p>
This UNOFFICIAL, mechanically-separated, non-verified reference is provided for convenience, but it may be
inc<span style="opacity: 0.2">omp</span>lete or b<sub>r</sub>oke<sub>n</sub> in various obvious or non-obvious
ways. Refer to <a href="https://software.intel.com/en-us/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4">Intel® 64 and IA-32 Architectures Software Developers Manual</a> for anything serious.
</p></footer></body></html>
View git blame Copy permalink