Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

About check for mis-configured SECINFO flags for EMODPE

Nguyen__Minh
Beginner
‎03-12-2019 07:24 PM
337 Views

Hi,

I think there is an inconsistency between the parameter semantic described in EMODPE Memory Parameter Semantics and the EMODPE's microcode itself. The parameter semantic requires the target EPC to have read permission whereas the microcode does not really enforce this requirement for the to-be-extended page. Also, there are two EPC pages, one for SECINFO and the other for to-be-extended EPC page. Which one does the parameter semantics refer to ?

 

Here is the relevant microcode part:

 

(* Check for misconfigured SECINFO flags*)

IF (( EPCM(DS:RCX).R=0) and (SCRATCH_SECINFO.FLAGS.R=0) and (SCRATCH_SECINFO.FLAGS.W!=0))
THEN #GP(0); FI;

(* Update EPCM permissions *)

Following this, the entire statement needs to be TRUE for the #GP to be triggered. Even if the EPCM(DS:RCX).R is 0, the outcome still depends on the attributes of SCRATCH_SECINFO. For example, if SCRATCH_SECINFO.FLAGS.R = 1 and SCRATCH_SECINFO.FLAGS.W=1, then the target EPC page can be updated from non-read to read-only, which is contradict to the parameter semantic.

I would appreciate if someone help understanding this matter. I am using January 2019 version SDM.

Bests

Minh

 

 

0 Kudos

Link Copied

1 Reply
Nguyen__Minh
Beginner
‎03-15-2019 09:59 PM
337 Views

Hi,

I still cannot understand the EMODPE Memory Parameter Semantics. I don't understand why the to-be-extended EPC needs to have "Read permitted by Enclave".

Following the microcode:

IF (DS:RCX does not resolve within an EPC)

As for this line, it does not require the CPU to read the to-be-extended EPC page to figure out that an EPC page is within EPC or not.

The rest of the microcode involves the EPCM checking, which should not also require read permissions to to-be-extended EPC page.

Did I miss out something ? How should I interpret the memory parameter semantics? From my current understanding, it is the required permission of the to-be-extended page before passing the page as an input to the EMODPE instruction.

Minh

 

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.