About mis-configured SECINFO flags for EMODPR

Nguyen__Minh · ‎03-07-2019

Hi,

I have a question regarding to which permissions can EMODPR reduce in SGX2. I don't understand one part of the microcode for EMODPR about checking misconfigured SECINFO. My question is why is there a #GP when we reduce the enclave page's permission to read-only ?

The part of the microcode in question is as follows:

IF((SCRATCH_SECINFO reserved fields are not zero) or !(SCRATCH_SECINFO.FLAGS.R is 0 or SCRATCH_SECINFO.FLAGS.W is not 0))
    THEN #GP(0); FI;

Assuming the reserved fields are all zero, so the first condition check always evaluates to FALSE. Then I proceed with the next condition using the truth table as follows:

!(SCRATCH_SECINFO.FLAGS.R = 1 (FALSE) or SCRATCH_SECINFO.FLAGS.W = 1(TRUE)) --> FALSE
!(SCRATCH_SECINFO.FLAGS.R = 1 (FALSE) or SCRATCH_SECINFO.FLAGS.W = 0(FALSE)) --> True
!(SCRATCH_SECINFO.FLAGS.R = 0 (TRUE) or SCRATCH_SECINFO.FLAGS.W = 1(TRUE)) --> FALSE
!(SCRATCH_SECINFO.FLAGS.R = 0 (TRUE) or SCRATCH_SECINFO.FLAGS.W = 0(FALSE)) --> FALSE

Best regards,

Minh

Nguyen__Minh · ‎03-12-2019

Hi,

It turns out that I am using the version September 2016, which should be outdated. The latest version January 2019 addressed this issue.

Bests,

Minh