Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

About mis-configured SECINFO flags for EMODPR

Nguyen__Minh
Beginner
262 Views

Hi,

I have a question regarding to which permissions can EMODPR reduce in SGX2. I don't understand one part of the microcode for EMODPR about checking misconfigured SECINFO. My question is why is there a #GP when we reduce the enclave page's permission to read-only ?

The part of the microcode in question is as follows:

IF((SCRATCH_SECINFO reserved fields are not zero) or !(SCRATCH_SECINFO.FLAGS.R is 0 or SCRATCH_SECINFO.FLAGS.W is not 0))
    THEN #GP(0); FI;

Assuming the reserved fields are all zero, so the first condition check always evaluates to FALSE. Then I proceed with the next condition using the truth table as follows:

  • !(SCRATCH_SECINFO.FLAGS.R = 1 (FALSE) or SCRATCH_SECINFO.FLAGS.W = 1(TRUE)) --> FALSE
  • !(SCRATCH_SECINFO.FLAGS.R = 1 (FALSE)  or SCRATCH_SECINFO.FLAGS.W = 0(FALSE)) --> True
  • !(SCRATCH_SECINFO.FLAGS.R = 0 (TRUE)  or SCRATCH_SECINFO.FLAGS.W = 1(TRUE)) --> FALSE
  • !(SCRATCH_SECINFO.FLAGS.R = 0 (TRUE)  or SCRATCH_SECINFO.FLAGS.W = 0(FALSE)) --> FALSE

 

Best regards,

 

Minh

0 Kudos
1 Reply
Nguyen__Minh
Beginner
262 Views

Hi,

It turns out that I am using the version September 2016, which should be outdated. The latest version January 2019 addressed this issue.

Bests,

Minh

Reply