I've been looking at a variety of things with SGX, and while looking into the EGETKEY description, I think I've found an inconsistency in the October 2014 spec. Specifically:
Thank you for your diligence. You are correct this is an inconsistency in the document. The instruction algorithm is correct and table is incorrect wrt to the treatment of the ownerepoch field in the derivation of the Provisioning Key. We will look to correct this in a future publication.