- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I am reading the SGX programming Reference, in which it is said that:
"All enclave accesses to the PRMRR region always use the memory type specified by the PRMRR, unless the CR0.CD bit on one of the logical processors on the core running the enclave is set. In other words, PRMRR memory type overrides memory types coming from overlapping MTRRs and all other architectural range registers, and those coming from PAT and EPTs. All non-enclave accesses to PRMRR region result in abort-page semantics, while all enclave code fetch access to non-PRMRR region result in a #GP(0) exception (see Section 2.3 for description of Access Control).
The TYPE field in the PRMRR_BASE register can only be programmed with values UC(0x0) and WB (0x6). Any attempt to write a value other than these two to the TYPE field of the PRMRR_BASE MSR results in #GP. At power-on, all bits in PRMRR_BASE are initialized to 0 and mask."
Actually I was directed here from the paper "Intel SGX Explained" in section 6.6.6:
"An extreme approach that can provably defeat cache timing attacks is disabling caching for the PRM range, which contains the EPC. The SDM is almost completely silent about the PRM, but the SGX manuals that it is based on state that the allowable caching behaviors for the PRM range are uncacheable (UC) and write-back (WB). This could become useful if the SGX implementation would make sure that the PRM’s caching behavior cannot be changed while SGX is enabled, and if the selected behavior would be captured by the enclave’s measurement."
It seems that the PRM is cached when I run some test programs, but can we configure it as UC through writing to PRMRR using instructions like wrmsr, although it may not be recommended not to cache PRM? Using the msr-tools I can read PRMRR_BASE and PRMRR_MASK which are 0x88000000 and 0x7ffe000c00 respectively. My question is which is the PRMRR type? Maybe the last 8-bit indicate the type, however type 0 should be uncachaeable which is not?
Very many thanks,
Wenhao
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, is there anyone can help me please? Thanks
Wenhao
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Processor Reserved Memory is allocated and its type is set early in the BIOS in order to configure SGX correctly. Once this is done, the memory type of PRM cannot be changed for obvious security reasons.
-Surenthar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Surenthar Selvaraj. (Intel) wrote:
Processor Reserved Memory is allocated and its type is set early in the BIOS in order to configure SGX correctly. Once this is done, the memory type of PRM cannot be changed for obvious security reasons.
-Surenthar
Thank you, Surenthar.
I still don't quite understand the security implications. The data are decrypted in the CPU cache and are encrypted when they are evicted into the EPC. As I can see this may incur a lot of performance degrade. In my understanding, you are talking about the possible information leakage caused by dynamic changing the PRM memory type after the machine is booted? On the other hand I think in some cases the attacker is assumed to be able to control the BIOS.
Thanks,
Wenhao
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page