Community
cancel
Showing results for 
Search instead for 
Did you mean: 
dmitry_e_1
Beginner
167 Views

DBGOPTIN

Jump to solution

DBGOPTIN bit of TCS.FLAGS must be set in order to allow various debug interface. Intel's Software developer's Manual says:

DBGOPTIN if set, allows debugging features (single-stepping, breakpoints, etc.) to be enabled and active while
executing in the enclave on this TCS. Hardware clears this bit on EADD. A debugger may later

modify it if the enclave’s ATTRIBUTES.DEBUG is set.

How is it possible to set the bit back (with Linux SDK) once an enclave is initialized and filled with pages?

0 Kudos
1 Solution
167 Views

>Do you know if the gdp plugin supports changing the DBGOPTIN bit?

Without looking at the code, I would guess that ECLIPSE plugin leverages the GDB plugin. The ECLIPSE portion of the plugin is probably used to setup breakpoints and such, but the actual debugger is GDB, using the GDB plugin https://github.com/01org/linux-sgx/tree/master/sdk/debugger_interface/linux

For your other two questions, Section 5.3 of Intel(R) SGX Programming Reference describes in greater detail how to execute the instruction. Note that it is a 'system' leaf, so you'll need a driver to actually execute the instruction. If you follow the call flow in https://github.com/01org/linux-sgx/blob/master/psw/urts/enclave.cpp it looks like a writing to the memory uses standard file io ( https://github.com/01org/linux-sgx/blob/master/common/src/se_memory.c ), but in reality the 'write' call ends up in the driver:

https://github.com/01org/linux-sgx-driver/search?utf8=%E2%9C%93&q=edbgwr

 

 

View solution in original post

3 Replies
167 Views

You can write to the enclave using the EDBGWR instruction. You'll need to modify the FLAGS.DBGOPTIN bit in every TCS you have created.

You can start by looking at

bool CEnclave::update_debug_flag(uint8_t debug_flag)
in
https://github.com/01org/linux-sgx/blob/master/psw/urts/enclave.cpp

and trace call flows to see how/when it is currently done. I am not as familiar with the Linux version of the code, but I think the ECLIPSE plugin will work with the runtime to make sure these debug flags/bits are updated appropriately.

 

dmitry_e_1
Beginner
167 Views

Thank you for your response. Do you know if the gdp plugin supports changing the DBGOPTIN bit?

You mentioned that I can simply use the EDBGWR instruction. Can the App.cpp (the untrusted partition) execute this instruction or it must be an external debugger?

Is it somehow possible for the enclave to manipulate this bit from the inside of the enclave?

 

168 Views

>Do you know if the gdp plugin supports changing the DBGOPTIN bit?

Without looking at the code, I would guess that ECLIPSE plugin leverages the GDB plugin. The ECLIPSE portion of the plugin is probably used to setup breakpoints and such, but the actual debugger is GDB, using the GDB plugin https://github.com/01org/linux-sgx/tree/master/sdk/debugger_interface/linux

For your other two questions, Section 5.3 of Intel(R) SGX Programming Reference describes in greater detail how to execute the instruction. Note that it is a 'system' leaf, so you'll need a driver to actually execute the instruction. If you follow the call flow in https://github.com/01org/linux-sgx/blob/master/psw/urts/enclave.cpp it looks like a writing to the memory uses standard file io ( https://github.com/01org/linux-sgx/blob/master/common/src/se_memory.c ), but in reality the 'write' call ends up in the driver:

https://github.com/01org/linux-sgx-driver/search?utf8=%E2%9C%93&q=edbgwr

 

 

View solution in original post

Reply