Hi there,

I'm currently writing a linux kernel extension for ENCLS SGX support. Part of that is trying to find out where I'm #GP(0)-ing during ECREATE.

Looking at the pseudocode for the ECREATE leaf in Section 5.2 "Intel SGX Instruction Reference" of the Intel® Software Guard Extensions Programming Reference (Ref. # 329298-002) I think I've found a logic error in the pseudocode.

One of the PF(0) resulting branches pseudocode (directly from the reference) is below. Screenshot is available at http://i.imgur.com/DmzP4WL.png if there are formatting issues.

(* Make sure that the SECS does not have any unsupported MISCSELECT options*)
IF ( !(CPUID.(EAX=12H, ECX=0):EBX[31:0] & DS:TMP_SECS.MISSELECT[31:0]) )
    THEN
        EPCM(DS:TMP_SECS).EntryLock.Release();
        #GP(0);
FI;

Firstly, I'm lead to believe that 'DS:TMP_SECS.MISSELECT' is a typo, and should be 'DS:TMP_SECS.MISCSELECT' as I can't find any reference to MISSELECT in the document, but that's not the primary concern.

The concern is that if CPUID.(EAX=12H, ECX=0):EBX[31:0] = 0 (which it is on my system), indicating that "the bit vector of supported extended features that can be written to the MISC region of the SSA" are none, that the pseudocode above will always page fault, as 0x0 & {anything} == 0x0, and !0x0 == true.

Is this the actual implementation? I'm not sure whether I'm misunderstanding the pseudocode or whether it's not correctly representing the implementation. Any assistance would be greatly appreciated.

Thanks in advance.