I have a question regarding to which permissions can EMODPR reduce in SGX2. I don't understand one part of the microcode for EMODPR about checking misconfigured SECINFO. My question is why is there a #GP when we reduce the enclave page's permission to read-only ?
The part of the microcode in question is as follows:
IF((SCRATCH_SECINFO reserved fields are not zero) or !(SCRATCH_SECINFO.FLAGS.R is 0 or SCRATCH_SECINFO.FLAGS.W is not 0)) THEN #GP(0); FI;
Assuming the reserved fields are all zero, so the first condition check always evaluates to FALSE. Then I proceed with the next condition using the truth table as follows: