- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DBGOPTIN bit of TCS.FLAGS must be set in order to allow various debug interface. Intel's Software developer's Manual says:
DBGOPTIN if set, allows debugging features (single-stepping, breakpoints, etc.) to be enabled and active while
executing in the enclave on this TCS. Hardware clears this bit on EADD. A debugger may latermodify it if the enclave’s ATTRIBUTES.DEBUG is set.
How is it possible to set the bit back (with Linux SDK) once an enclave is initialized and filled with pages?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
>Do you know if the gdp plugin supports changing the DBGOPTIN bit?
Without looking at the code, I would guess that ECLIPSE plugin leverages the GDB plugin. The ECLIPSE portion of the plugin is probably used to setup breakpoints and such, but the actual debugger is GDB, using the GDB plugin https://github.com/01org/linux-sgx/tree/master/sdk/debugger_interface/linux
For your other two questions, Section 5.3 of Intel(R) SGX Programming Reference describes in greater detail how to execute the instruction. Note that it is a 'system' leaf, so you'll need a driver to actually execute the instruction. If you follow the call flow in https://github.com/01org/linux-sgx/blob/master/psw/urts/enclave.cpp it looks like a writing to the memory uses standard file io ( https://github.com/01org/linux-sgx/blob/master/common/src/se_memory.c ), but in reality the 'write' call ends up in the driver:
https://github.com/01org/linux-sgx-driver/search?utf8=%E2%9C%93&q=edbgwr
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can write to the enclave using the EDBGWR instruction. You'll need to modify the FLAGS.DBGOPTIN bit in every TCS you have created.
You can start by looking at
bool CEnclave::update_debug_flag(uint8_t debug_flag)
in
https://github.com/01org/linux-sgx/blob/master/psw/urts/enclave.cpp
and trace call flows to see how/when it is currently done. I am not as familiar with the Linux version of the code, but I think the ECLIPSE plugin will work with the runtime to make sure these debug flags/bits are updated appropriately.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your response. Do you know if the gdp plugin supports changing the DBGOPTIN bit?
You mentioned that I can simply use the EDBGWR instruction. Can the App.cpp (the untrusted partition) execute this instruction or it must be an external debugger?
Is it somehow possible for the enclave to manipulate this bit from the inside of the enclave?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
>Do you know if the gdp plugin supports changing the DBGOPTIN bit?
Without looking at the code, I would guess that ECLIPSE plugin leverages the GDB plugin. The ECLIPSE portion of the plugin is probably used to setup breakpoints and such, but the actual debugger is GDB, using the GDB plugin https://github.com/01org/linux-sgx/tree/master/sdk/debugger_interface/linux
For your other two questions, Section 5.3 of Intel(R) SGX Programming Reference describes in greater detail how to execute the instruction. Note that it is a 'system' leaf, so you'll need a driver to actually execute the instruction. If you follow the call flow in https://github.com/01org/linux-sgx/blob/master/psw/urts/enclave.cpp it looks like a writing to the memory uses standard file io ( https://github.com/01org/linux-sgx/blob/master/common/src/se_memory.c ), but in reality the 'write' call ends up in the driver:
https://github.com/01org/linux-sgx-driver/search?utf8=%E2%9C%93&q=edbgwr
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page