Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Nguyen__Minh
Beginner
107 Views

About mis-configured SECINFO flags for EMODPR

Hi,

I have a question regarding to which permissions can EMODPR reduce in SGX2. I don't understand one part of the microcode for EMODPR about checking misconfigured SECINFO. My question is why is there a #GP when we reduce the enclave page's permission to read-only ?

The part of the microcode in question is as follows:

IF((SCRATCH_SECINFO reserved fields are not zero) or !(SCRATCH_SECINFO.FLAGS.R is 0 or SCRATCH_SECINFO.FLAGS.W is not 0))
    THEN #GP(0); FI;

Assuming the reserved fields are all zero, so the first condition check always evaluates to FALSE. Then I proceed with the next condition using the truth table as follows:

  • !(SCRATCH_SECINFO.FLAGS.R = 1 (FALSE) or SCRATCH_SECINFO.FLAGS.W = 1(TRUE)) --> FALSE
  • !(SCRATCH_SECINFO.FLAGS.R = 1 (FALSE)  or SCRATCH_SECINFO.FLAGS.W = 0(FALSE)) --> True
  • !(SCRATCH_SECINFO.FLAGS.R = 0 (TRUE)  or SCRATCH_SECINFO.FLAGS.W = 1(TRUE)) --> FALSE
  • !(SCRATCH_SECINFO.FLAGS.R = 0 (TRUE)  or SCRATCH_SECINFO.FLAGS.W = 0(FALSE)) --> FALSE

 

Best regards,

 

Minh

0 Kudos
1 Reply
Nguyen__Minh
Beginner
107 Views

Hi,

It turns out that I am using the version September 2016, which should be outdated. The latest version January 2019 addressed this issue.

Bests,

Minh

Reply