NRZCode/ia32-64
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ia32-64/x86/eacceptcopy.html
NRZ Code 92622c37d6 Initial commit
2025-07-08 02:23:29 -03:00

280 lines
11 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:svg="http://www.w3.org/2000/svg" xmlns:x86="http://www.felixcloutier.com/x86"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="style.css"></link><title>EACCEPTCOPY
— Initialize a Pending Page</title></head><body><header><nav><ul><li><a href='index.html'>Index</a></li><li>December 2023</li></ul></nav></header><h1>EACCEPTCOPY
— Initialize a Pending Page</h1>
<table>
<tr>
<th>Opcode/Instruction</th>
<th>Op/En</th>
<th>64/32 bit Mode Support</th>
<th>CPUID Feature Flag</th>
<th>Description</th></tr>
<tr>
<td>EAX = 07H ENCLU[EACCEPTCOPY]</td>
<td>IR</td>
<td>V/V</td>
<td>SGX2</td>
<td>This leaf function initializes a dynamically allocated EPC page from another page in the EPC.</td></tr></table>
<h2 id="instruction-operand-encoding">Instruction Operand Encoding<a class="anchor" href="#instruction-operand-encoding">
</a></h2>
<table>
<tr>
<td>Op/En</td>
<td colspan="2">EAX</td>
<td>RBX</td>
<td>RCX</td>
<td>RDX</td></tr>
<tr>
<td>IR</td>
<td>EACCEPTCOPY (In)</td>
<td>Return Error Code (Out)</td>
<td>Address of a SECINFO (In)</td>
<td>Address of the destination EPC page (In)</td>
<td>Address of the source EPC page (In)</td></tr></table>
<h3 id="description">Description<a class="anchor" href="#description">
</a></h3>
<p>This leaf function copies the contents of an existing EPC page into an uninitialized EPC page (created by EAUG). After initialization, the instruction may also modify the access rights associated with the destination EPC page. This instruction leaf can only be executed when inside the enclave.</p>
<p>RBX contains the effective address of a SECINFO structure while RCX and RDX each contain the effective address of an EPC page. The table below provides additional information on the memory parameter of the EACCEPTCOPY leaf function.</p>
<h2 id="eacceptcopy-memory-parameter-semantics">EACCEPTCOPY Memory Parameter Semantics<a class="anchor" href="#eacceptcopy-memory-parameter-semantics">
</a></h2>
<table>
<tr>
<td>SECINFO</td>
<td>EPCPAGE (Destination)</td>
<td>EPCPAGE (Source)</td></tr>
<tr>
<td>Read access permitted by Non Enclave</td>
<td>Read/Write access permitted by Enclave</td>
<td>Read access permitted by Enclave</td></tr></table>
<p>The instruction faults if any of the following:</p>
<h2 id="eacceptcopy-faulting-conditions">EACCEPTCOPY Faulting Conditions<a class="anchor" href="#eacceptcopy-faulting-conditions">
</a></h2>
<table>
<tr>
<td>The operands are not properly aligned.</td>
<td>If security attributes of the SECINFO page make the page inaccessible.</td></tr>
<tr>
<td>The EPC page is locked by another thread.</td>
<td>If security attributes of the source EPC page make the page inaccessible.</td></tr>
<tr>
<td>The EPC page is not valid.</td>
<td>RBX does not contain an effective address in an EPC page in the running enclave.</td></tr>
<tr>
<td>SECINFO contains an invalid request.</td>
<td>RCX/RDX does not contain an effective address of an EPC page in the running enclave.</td></tr></table>
<p>The error codes are:</p>
<figure id="tbl-38-57">
<table>
<tr>
<th>Error Code (see <span class="not-imported">Table 38-4</span>)</th>
<th>Description</th></tr>
<tr>
<td>No Error</td>
<td>EACCEPTCOPY successful.</td></tr>
<tr>
<td>SGX_PAGE_ATTRIBUTES_MISMATCH</td>
<td>The attributes of the target EPC page do not match the expected values.</td></tr></table>
<figcaption><span class="not-imported">Table 38-57</span>. EACCEPTCOPY Return Value in RAX</figcaption></figure>
<h3 id="concurrency-restrictions">Concurrency Restrictions<a class="anchor" href="#concurrency-restrictions">
</a></h3>
<figure id="tbl-38-58">
<table>
<tr>
<th rowspan="2">Leaf</th>
<th rowspan="2">Parameter</th>
<th colspan="3">Base Concurrency Restrictions</th></tr>
<tr>
<th>Access</th>
<th>On Conflict</th>
<th>SGX_CONFLICT VM Exit Qualification</th></tr>
<tr>
<td rowspan="3">EACCEPTCOPY</td>
<td>Target [DS:RCX]</td>
<td>Concurrent</td>
<td></td>
<td></td></tr>
<tr>
<td>Source [DS:RDX]</td>
<td>Concurrent</td>
<td></td>
<td></td></tr>
<tr>
<td>SECINFO [DS:RBX]</td>
<td>Concurrent</td>
<td></td>
<td></td></tr></table>
<figcaption><span class="not-imported">Table 38-58</span>. Base Concurrency Restrictions of EACCEPTCOPY</figcaption></figure>
<figure id="tbl-38-59">
<table>
<tr>
<th rowspan="3">Leaf</th>
<th rowspan="3">Parameter</th>
<th colspan="6">Additional Concurrency Restrictions</th></tr>
<tr>
<th colspan="2">vs. EACCEPT, EACCEPTCOPY, EMODPE, EMODPR, EMODT</th>
<th colspan="2">vs. EADD, EEXTEND, EINIT</th>
<th colspan="2">vs. ETRACK, ETRACKC</th></tr>
<tr>
<th>Access</th>
<th>On Conflict</th>
<th>Access</th>
<th>On Conflict</th>
<th>Access</th>
<th>On Conflict</th></tr>
<tr>
<td rowspan="3">EACCEPTCOPY</td>
<td>Target [DS:RCX]</td>
<td>Exclusive</td>
<td>#GP</td>
<td>Concurrent</td>
<td></td>
<td>Concurrent</td>
<td></td></tr>
<tr>
<td>Source [DS:RDX]</td>
<td>Concurrent</td>
<td></td>
<td>Concurrent</td>
<td></td>
<td>Concurrent</td>
<td></td></tr>
<tr>
<td>SECINFO [DS:RBX]</td>
<td>Concurrent</td>
<td></td>
<td>Concurrent</td>
<td></td>
<td>Concurrent</td>
<td></td></tr></table>
<figcaption><span class="not-imported">Table 38-59</span>. Additional Concurrency Restrictions of EACCEPTCOPY</figcaption></figure>
<h3 id="operation">Operation<a class="anchor" href="#operation">
</a></h3>
<h2 id="temp-variables-in-eacceptcopy-operational-flow">Temp Variables in EACCEPTCOPY Operational Flow<a class="anchor" href="#temp-variables-in-eacceptcopy-operational-flow">
</a></h2>
<table>
<tr>
<th>Name Type Size (bits) Name </th>
<th></th>
<th></th>
<th></th></tr>
<tr>
<td>SCRATCH_SECINFO</td>
<td>SECINFO</td>
<td>512</td>
<td>Scratch storage for holding the contents of DS:RBX.</td></tr></table>
<p>IF (DS:RBX is not 64Byte Aligned)</p>
<p>THEN #GP(0); FI;</p>
<p>IF ( (DS:RCX is not 4KByte Aligned) or (DS:RDX is not 4KByte Aligned) )</p>
<p>THEN #GP(0); FI;</p>
<p>IF ((DS:RBX is not within CR_ELRANGE) or (DS:RCX is not within CR_ELRANGE) or (DS:RDX is not within CR_ELRANGE))</p>
<p>THEN #GP(0); FI;</p>
<p>IF (DS:RBX does not resolve within an EPC)</p>
<p>THEN #PF(DS:RBX); FI;</p>
<p>IF (DS:RCX does not resolve within an EPC)</p>
<p>THEN #PF(DS:RCX); FI;</p>
<p>IF (DS:RDX does not resolve within an EPC)</p>
<p>THEN #PF(DS:RDX); FI;</p>
<p>IF ( (EPCM(DS:RBX &amp;~FFFH).VALID = 0) or (EPCM(DS:RBX &amp;~FFFH).R = 0) or (EPCM(DS:RBX &amp;~FFFH).PENDING ≠ 0) or</p>
<p>(EPCM(DS:RBX &amp;~FFFH).MODIFIED ≠ 0) or (EPCM(DS:RBX &amp;~FFFH).BLOCKED ≠ 0) or (EPCM(DS:RBX &amp;~FFFH).PT ≠ PT_REG) or</p>
<p>(EPCM(DS:RBX &amp;~FFFH).ENCLAVESECS ≠ CR_ACTIVE_SECS) or</p>
<p>(EPCM(DS:RBX &amp;~FFFH).ENCLAVEADDRESS ≠ DS:RBX) )</p>
<p>THEN #PF(DS:RBX); FI;</p>
<p>(* Copy 64 bytes of contents *)</p>
<p>SCRATCH_SECINFO := DS:RBX;</p>
<p>(* Check for misconfigured SECINFO flags*)</p>
<p>IF ( (SCRATCH_SECINFO reserved fields are not zero ) or (SCRATCH_SECINFO.FLAGS.R=0) AND(SCRATCH_SECINFO.FLAGS.W≠0 ) or</p>
<p>(SCRATCH_SECINFO.FLAGS.PT is not PT_REG) )</p>
<p>THEN #GP(0); FI;</p>
<p>(* Check security attributes of the source EPC page *)</p>
<p>IF ( (EPCM(DS:RDX).VALID = 0) or (EPCM(DS:RCX).R = 0) or (EPCM(DS:RDX).PENDING ≠ 0) or (EPCM(DS:RDX).MODIFIED ≠ 0) or</p>
<p>(EPCM(DS:RDX).BLOCKED ≠ 0) or (EPCM(DS:RDX).PT ≠ PT_REG) or (EPCM(DS:RDX).ENCLAVESECS ≠ CR_ACTIVE_SECS) or</p>
<p>(EPCM(DS:RDX).ENCLAVEADDRESS ≠ DS:RDX))</p>
<p>THEN #PF(DS:RDX); FI;</p>
<p>(* Check security attributes of the destination EPC page *)</p>
<p>IF ( (EPCM(DS:RCX).VALID = 0) or (EPCM(DS:RCX).PENDING ≠ 1) or (EPCM(DS:RCX).MODIFIED ≠ 0) or</p>
<p>(EPCM(DS:RDX).BLOCKED ≠ 0) or (EPCM(DS:RCX).PT ≠ PT_REG) or (EPCM(DS:RCX).ENCLAVESECS ≠ CR_ACTIVE_SECS) )</p>
<p>THEN</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_PAGE_ATTRIBUTES_MISMATCH;</p>
<p>GOTO DONE;</p>
<p>FI;</p>
<p>(* Check the destination EPC page for concurrency *)</p>
<p>IF (destination EPC page in use )</p>
<p>THEN #GP(0); FI;</p>
<p>(* Re-Check security attributes of the destination EPC page *)</p>
<p>IF ( (EPCM(DS:RCX).VALID = 0) or (EPCM(DS:RCX).PENDING ≠ 1) or (EPCM(DS:RCX).MODIFIED ≠ 0) or</p>
<p>(EPCM(DS:RCX).R ≠ 1) or (EPCM(DS:RCX).W ≠ 1) or (EPCM(DS:RCX).X ≠ 0) or</p>
<p>(EPCM(DS:RCX).PT ≠ SCRATCH_SECINFO.FLAGS.PT) or (EPCM(DS:RCX).ENCLAVESECS ≠ CR_ACTIVE_SECS) or</p>
<p>(EPCM(DS:RCX).ENCLAVEADDRESS ≠ DS:RCX))</p>
<p>THEN</p>
<p>RFLAGS.ZF := 1;</p>
<p>RAX := SGX_PAGE_ATTRIBUTES_MISMATCH;</p>
<p>GOTO DONE;</p>
<p>FI;</p>
<p>(* Copy 4KBbytes form the source to destination EPC page*)</p>
<p>DS:RCX[32767:0] := DS:RDX[32767:0];</p>
<p>(* Update EPCM permissions *)</p>
<p>EPCM(DS:RCX).R := SCRATCH_SECINFO.FLAGS.R;</p>
<p>EPCM(DS:RCX).W := SCRATCH_SECINFO.FLAGS.W;</p>
<p>EPCM(DS:RCX).X := SCRATCH_SECINFO.FLAGS.X;</p>
<p>EPCM(DS:RCX).PENDING := 0;</p>
<p>RFLAGS.ZF := 0;</p>
<p>RAX := 0;</p>
<p>DONE:</p>
<p>RFLAGS.CF,PF,AF,OF,SF := 0;</p>
<h3 id="flags-affected">Flags Affected<a class="anchor" href="#flags-affected">
</a></h3>
<p>Sets ZF if page is not modifiable, otherwise cleared. Clears CF, PF, AF, OF, SF.</p>
<h3 class="exceptions" id="protected-mode-exceptions">Protected Mode Exceptions<a class="anchor" href="#protected-mode-exceptions">
</a></h3>
<table>
<tr>
<td rowspan="4">#GP(0)</td>
<td>If executed outside an enclave.</td></tr>
<tr>
<td>If a memory operand effective address is outside the DS segment limit.</td></tr>
<tr>
<td>If a memory operand is not properly aligned.</td></tr>
<tr>
<td>If a memory operand is locked.</td></tr>
<tr>
<td rowspan="3">#PF(error</td>
<td>code) If a page fault occurs in accessing memory operands.</td></tr>
<tr>
<td>If a memory operand is not an EPC page.</td></tr>
<tr>
<td>If EPC page has incorrect page type or security attributes.</td></tr></table>
<h3 class="exceptions" id="64-bit-mode-exceptions">64-Bit Mode Exceptions<a class="anchor" href="#64-bit-mode-exceptions">
</a></h3>
<table>
<tr>
<td rowspan="4">#GP(0)</td>
<td>If executed outside an enclave.</td></tr>
<tr>
<td>If a memory operand is non-canonical form.</td></tr>
<tr>
<td>If a memory operand is not properly aligned.</td></tr>
<tr>
<td>If a memory operand is locked.</td></tr>
<tr>
<td rowspan="3">#PF(error</td>
<td>code) If a page fault occurs in accessing memory operands.</td></tr>
<tr>
<td>If a memory operand is not an EPC page.</td></tr>
<tr>
<td>If EPC page has incorrect page type or security attributes.</td></tr></table><footer><p>
This UNOFFICIAL, mechanically-separated, non-verified reference is provided for convenience, but it may be
inc<span style="opacity: 0.2">omp</span>lete or b<sub>r</sub>oke<sub>n</sub> in various obvious or non-obvious
ways. Refer to <a href="https://software.intel.com/en-us/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4">Intel® 64 and IA-32 Architectures Software Developers Manual</a> for anything serious.
</p></footer></body></html>
Reference in a new issue View git blame Copy permalink