EWB
Invalidate an EPC Page and Write out to Main Memory
| Opcode/Instruction | Op/En | 64/32 bit Mode Support | CPUID Feature Flag | Description |
|---|---|---|---|---|
| EAX = 0BH ENCLS[EWB] | IR | V/V | SGX1 | This leaf function invalidates an EPC page and writes it out to main memory. |
Instruction Operand Encoding
| Op/En | EAX | RBX | RCX | RDX | |
|---|---|---|---|---|---|
| IR | EWB (In) | Error code (Out) | Address of an PAGEINFO (In) | Address of the EPC page (In) | Address of a VA slot (In) |
Description
This leaf function copies a page from the EPC to regular main memory. As part of the copying process, the page is cryptographically protected. This instruction can only be executed when current privilege level is 0.
The table below provides additional information on the memory parameter of EPA leaf function.
EWB Memory Parameter Semantics
| PAGEINFO | PAGEINFO.SRCPGE | PAGEINFO.PCMD | EPCPAGE | VASLOT |
|---|---|---|---|---|
| Non-EPC R/W access | Non-EPC R/W access | Non-EPC R/W access | EPC R/W access | EPC R/W access |
The error codes are:
| Error Code (see Table 38-4) | Description |
|---|---|
| No Error | EWB successful. |
| SGX_PAGE_NOT_BLOCKED | If page is not marked as blocked. |
| SGX_NOT_TRACKED | If EWB is racing with ETRACK instruction. |
| SGX_VA_SLOT_OCCUPIED | Version array slot contained valid entry. |
| SGX_CHILD_PRESENT | Child page present while attempting to page out enclave. |
Table 38-51. EWB Return Value in RAX
Concurrency Restrictions
| Leaf | Parameter | Base Concurrency Restrictions | ||
|---|---|---|---|---|
| Access | On Conflict | SGX_CONFLICT VM Exit Qualification | ||
| EWB | Source [DS:RCX] | Exclusive #GP | EPC_PAGE_CONFLICT_EXCEPTION | |
| VA [DS:RDX] | Shared #GP |
Table 38-52. Base Concurrency Restrictions of EWB
| Leaf | Parameter | Additional Concurrency Restrictions | |||||
|---|---|---|---|---|---|---|---|
| vs. EACCEPT, EACCEPTCOPY, EMODPE, EMODPR, EMODT | vs. EADD, EEXTEND, EINIT | vs. ETRACK, ETRACKC | |||||
| Access | On Conflict | Access | On Conflict | Access | On Conflict | ||
| EWB | Source [DS:RCX] | Concurrent | Concurrent | Concurrent | |||
| VA [DS:RDX] | Concurrent | Concurrent | Exclusive |
Table 38-53. Additional Concurrency Restrictions of EWB
Operation
Temp Variables in EWB Operational Flow
| Name | Type | Size (Bytes) | Description |
|---|---|---|---|
| TMP_SRCPGE | Memory page | 4096 | |
| TMP_PCMD | PCMD | 128 | |
| TMP_SECS | SECS | 4096 | |
| TMP_BPEPOCH | UINT64 | 8 | |
| TMP_BPREFCOUNT | UINT64 | 8 | |
| TMP_HEADER | MAC Header | 128 | |
| TMP_PCMD_ENCLAVEID | UINT64 | 8 | |
| TMP_VER | UINT64 | 8 | |
| TMP_PK | UINT128 | 16 |
IF ( (DS:RBX is not 32Byte Aligned) or (DS:RCX is not 4KByte Aligned) )
THEN #GP(0); FI;
IF (DS:RCX does not resolve within an EPC)
THEN #PF(DS:RCX); FI;
IF (DS:RDX is not 8Byte Aligned)
THEN #GP(0); FI;
IF (DS:RDX does not resolve within an EPC)
THEN #PF(DS:RDX); FI;
(* EPCPAGE and VASLOT should not resolve to the same EPC page*)
IF (DS:RCX and DS:RDX resolve to the same EPC page)
THEN #GP(0); FI;
TMP_SRCPGE := DS:RBX.SRCPGE;
(* Note PAGEINFO.PCMD is overlaid on top of PAGEINFO.SECINFO *)
TMP_PCMD := DS:RBX.PCMD;
If (DS:RBX.LINADDR ≠ 0) OR (DS:RBX.SECS ≠ 0)
THEN #GP(0); FI;
IF ( (DS:TMP_PCMD is not 128Byte Aligned) or (DS:TMP_SRCPGE is not 4KByte Aligned) )
THEN #GP(0); FI;
(* Check for concurrent Intel SGX instruction access to the page *)
IF (Other Intel SGX instruction is accessing page)
THEN
IF (<
THEN
VMCS.Exit_reason := SGX_CONFLICT;
VMCS.Exit_qualification.code := EPC_PAGE_CONFLICT_EXCEPTION;
VMCS.Exit_qualification.error := 0;
VMCS.Guest-physical_address := << translation of DS:RCX produced by paging >>;
VMCS.Guest-linear_address := DS:RCX;
Deliver VMEXIT;
ELSE
#GP(0);
FI;
FI;
(*Check if the VA Page is being removed or changed*)
IF (VA Page is being modified)
THEN #GP(0); FI;
(* Verify that EPCPAGE and VASLOT page are valid EPC pages and DS:RDX is VA *)
IF (EPCM(DS:RCX).VALID = 0)
THEN #PF(DS:RCX); FI;
IF ( (EPCM(DS:RDX & ~0FFFH).VALID = 0) or (EPCM(DS:RDX & ~FFFH).PT is not PT_VA) )
THEN #PF(DS:RDX); FI;
(* Perform page-type-specific exception checks *)
IF ( (EPCM(DS:RCX).PT is PT_REG) or (EPCM(DS:RCX).PT is PT_TCS) or (EPCM(DS:RCX).PT is PT_TRIM ) or
(EPCM(DS:RCX).PT is PT_SS_FIRST ) or (EPCM(DS:RCX).PT is PT_SS_REST))
THEN
TMP_SECS = Obtain SECS through EPCM(DS:RCX)
(* Check that EBLOCK has occurred correctly *)
IF (EBLOCK is not correct)
THEN #GP(0); FI;
FI;
RFLAGS.ZF,CF,PF,AF,OF,SF := 0;
RAX := 0;
(* Zero out TMP_HEADER*)
TMP_HEADER[ sizeof(TMP_HEADER) - 1 : 0] := 0;
(* Perform page-type-specific checks *)
IF ( (EPCM(DS:RCX).PT is PT_REG) or (EPCM(DS:RCX).PT is PT_TCS) or (EPCM(DS:RCX).PT is PT_TRIM )or
(EPCM(DS:RCX).PT is PT_SS_FIRST ) or (EPCM(DS:RCX).PT is PT_SS_REST))
THEN
(* check to see if the page is evictable *)
IF (EPCM(DS:RCX).BLOCKED = 0)
THEN
RAX := SGX_PAGE NOT_BLOCKED;
RFLAGS.ZF := 1;
GOTO ERROR_EXIT;
FI;
(* Check if tracking done correctly *)
IF (Tracking not correct)
THEN
RAX := SGX_NOT_TRACKED;
RFLAGS.ZF := 1;
GOTO ERROR_EXIT;
FI;
(* Obtain EID to establish cryptographic binding between the paged-out page and the enclave *)
TMP_HEADER.EID := TMP_SECS.EID;
(* Obtain EID as an enclave handle for software *)
TMP_PCMD_ENCLAVEID := TMP_SECS.EID;
ELSE IF (EPCM(DS:RCX).PT is PT_SECS)
(*check that there are no child pages inside the enclave *)
IF (DS:RCX has an EPC page associated with it)
THEN
RAX := SGX_CHILD_PRESENT;
RFLAGS.ZF := 1;
GOTO ERROR_EXIT;
FI:
(* treat SECS as having a child page when VIRTCHILDCNT is non-zero *)
IF (<
<<ENABLE_EPC_VIRTUALIZATION_EXTENSIONS>> AND
(SECS(DS:RCX).VIRTCHILDCNT ≠ 0))
THEN
RFLAGS.ZF := 1;
RAX := SGX_CHILD_PRESENT;
GOTO ERROR_EXIT;
FI;
TMP_HEADER.EID := 0;
(* Obtain EID as an enclave handle for software *)
TMP_PCMD_ENCLAVEID := (DS:RCX).EID;
ELSE IF (EPCM(DS:RCX).PT is PT_VA)
TMP_HEADER.EID := 0; // Zero is not a special value
(* No enclave handle for VA pages*)
TMP_PCMD_ENCLAVEID := 0;
FI;
TMP_HEADER.LINADDR := EPCM(DS:RCX).ENCLAVEADDRESS;
TMP_HEADER.SECINFO.FLAGS.PT := EPCM(DS:RCX).PT;
TMP_HEADER.SECINFO.FLAGS.RWX := EPCM(DS:RCX).RWX;
TMP_HEADER.SECINFO.FLAGS.PENDING := EPCM(DS:RCX).PENDING;
TMP_HEADER.SECINFO.FLAGS.MODIFIED := EPCM(DS:RCX).MODIFIED;
TMP_HEADER.SECINFO.FLAGS.PR := EPCM(DS:RCX).PR;
(* Encrypt the page, DS:RCX could be encrypted in place. AES-GCM produces 2 values, {ciphertext, MAC}. *)
(* AES-GCM input parameters: key, GCM Counter, MAC_HDR, MAC_HDR_SIZE, SRC, SRC_SIZE)*)
{DS:TMP_SRCPGE, DS:TMP_PCMD.MAC} := AES_GCM_ENC(CR_BASE_PK), (TMP_VER << 32),
TMP_HEADER, 128, DS:RCX, 4096);
(* Write the output *)
Zero out DS:TMP_PCMD.SECINFO
DS:TMP_PCMD.SECINFO.FLAGS.PT := EPCM(DS:RCX).PT;
DS:TMP_PCMD.SECINFO.FLAGS.RWX := EPCM(DS:RCX).RWX;
DS:TMP_PCMD.SECINFO.FLAGS.PENDING := EPCM(DS:RCX).PENDING;
DS:TMP_PCMD.SECINFO.FLAGS.MODIFIED := EPCM(DS:RCX).MODIFIED;
DS:TMP_PCMD.SECINFO.FLAGS.PR := EPCM(DS:RCX).PR;
DS:TMP_PCMD.RESERVED := 0;
DS:TMP_PCMD.ENCLAVEID := TMP_PCMD_ENCLAVEID;
DS:RBX.LINADDR := EPCM(DS:RCX).ENCLAVEADDRESS;
(*Check if version array slot was empty *)
IF ([DS.RDX])
THEN
RAX := SGX_VA_SLOT_OCCUPIED
RFLAGS.CF := 1;
FI;
(* Write version to Version Array slot *)
[DS.RDX] := TMP_VER;
(* Free up EPCM Entry *)
EPCM.(DS:RCX).VALID := 0;
ERROR_EXIT:
Flags Affected
ZF is set if page is not blocked, not tracked, or a child is present. Otherwise cleared.
CF is set if VA slot is previously occupied, Otherwise cleared.
Protected Mode Exceptions
| #GP(0) | If a memory operand effective address is outside the DS segment limit. |
|---|---|
| If a memory operand is not properly aligned. | |
| If the EPC page and VASLOT resolve to the same EPC page. | |
| If another Intel SGX instruction is concurrently accessing either the target EPC, VA, or SECS pages. | |
| If the tracking resource is in use. | |
| If the EPC page or the version array page is invalid. | |
| If the parameters fail consistency checks. | |
| #PF(error | code) If a page fault occurs in accessing memory operands. |
| If a memory operand is not an EPC page. | |
| If one of the EPC memory operands has incorrect page type. |
64-Bit Mode Exceptions
| #GP(0) | If a memory operand is non-canonical form. |
|---|---|
| If a memory operand is not properly aligned. | |
| If the EPC page and VASLOT resolve to the same EPC page. | |
| If another Intel SGX instruction is concurrently accessing either the target EPC, VA, or SECS pages. | |
| If the tracking resource is in use. | |
| If the EPC page or the version array page in invalid. | |
| If the parameters fail consistency checks. | |
| #PF(error | code) If a page fault occurs in accessing memory operands. |
| If a memory operand is not an EPC page. | |
| If one of the EPC memory operands has incorrect page type. |
This UNOFFICIAL, mechanically-separated, non-verified reference is provided for convenience, but it may be incomplete or broken in various obvious or non-obvious ways. Refer to Intel® 64 and IA-32 Architectures Software Developer’s Manual for anything serious.