EMODPE — Extend an EPC Page Permissions

Instruction Operand Encoding ¶

Description ¶

This leaf function extends the access rights associated with an existing EPC page in the running enclave. THE RWX bits of the SECINFO parameter are treated as a permissions mask; supplying a value that does not extend the page permissions will have no effect. This instruction leaf can only be executed when inside the enclave.

RBX contains the effective address of a SECINFO structure while RCX contains the effective address of an EPC page. The table below provides additional information on the memory parameter of the EMODPE leaf function.

EMODPE Memory Parameter Semantics ¶

The instruction faults if any of the following:

EMODPE Faulting Conditions ¶

Concurrency Restrictions ¶

Operation ¶

Temp Variables in EMODPE Operational Flow ¶

IF (DS:RBX is not 64Byte Aligned)

THEN #GP(0); FI;

IF (DS:RCX is not 4KByte Aligned)

THEN #GP(0); FI;

IF ((DS:RBX is not within CR_ELRANGE) or (DS:RCX is not within CR_ELRANGE) )

THEN #GP(0); FI;

IF (DS:RBX does not resolve within an EPC)

THEN #PF(DS:RBX); FI;

IF (DS:RCX does not resolve within an EPC)

THEN #PF(DS:RCX); FI;

IF ( (EPCM(DS:RBX).VALID = 0) or (EPCM(DS:RBX).R = 0) or (EPCM(DS:RBX).PENDING ≠ 0) or (EPCM(DS:RBX).MODIFIED ≠ 0) or

(EPCM(DS:RBX).BLOCKED ≠ 0) or (EPCM(DS:RBX).PT ≠ PT_REG) or (EPCM(DS:RBX).ENCLAVESECS ≠ CR_ACTIVE_SECS) or

(EPCM(DS:RBX).ENCLAVEADDRESS ≠ (DS:RBX & ~0xFFF)) )

THEN #PF(DS:RBX); FI;

SCRATCH_SECINFO ← DS:RBX;

(* Check for misconfigured SECINFO flags*)

IF (SCRATCH_SECINFO reserved fields are not zero )

THEN #GP(0); FI;

(* Check security attributes of the EPC page *)

IF ( (EPCM(DS:RCX).VALID = 0) or (EPCM(DS:RCX).PENDING ≠ 0) or (EPCM(DS:RCX).MODIFIED ≠ 0) or

(EPCM(DS:RCX).BLOCKED ≠ 0) or (EPCM(DS:RCX).PT ≠ PT_REG) or (EPCM(DS:RCX).ENCLAVESECS ≠ CR_ACTIVE_SECS) )

THEN #PF(DS:RCX); FI;

(* Check the EPC page for concurrency *)

IF (EPC page in use by another SGX2 instruction)

THEN #GP(0); FI;

(* Re-Check security attributes of the EPC page *)

IF ( (EPCM(DS:RCX).VALID = 0) or (EPCM(DS:RCX).PENDING ≠ 0) or (EPCM(DS:RCX).MODIFIED ≠ 0) or

(EPCM(DS:RCX).PT ≠ PT_REG) or (EPCM(DS:RCX).ENCLAVESECS ≠ CR_ACTIVE_SECS) or

(EPCM(DS:RCX).ENCLAVEADDRESS ≠ DS:RCX))

THEN #PF(DS:RCX); FI;

(* Check for misconfigured SECINFO flags*)

IF ( (EPCM(DS:RCX).R = 0) and (SCRATCH_SECINFO.FLAGS.R = 0) and (SCRATCH_SECINFO.FLAGS.W ≠ 0) )

(* Update EPCM permissions *)

EPCM(DS:RCX).R←EPCM(DS:RCX).R | SCRATCH_SECINFO.FLAGS.R;

EPCM(DS:RCX).W←EPCM(DS:RCX).W | SCRATCH_SECINFO.FLAGS.W;

EPCM(DS:RCX).X←EPCM(DS:RCX).X | SCRATCH_SECINFO.FLAGS.X;

Flags Affected ¶

None

Protected Mode Exceptions ¶

64-Bit Mode Exceptions ¶