Asylo
architecture_bits.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2019 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_IDENTITY_PLATFORM_SGX_ARCHITECTURE_BITS_H_
20 #define ASYLO_IDENTITY_PLATFORM_SGX_ARCHITECTURE_BITS_H_
21 
22 #include <cstddef>
23 #include <cstdint>
24 
25 namespace asylo {
26 namespace sgx {
27 
28 /// SGX defines 128 bits of enclave attributes, which are located in the SECS
29 /// (Secure Enclave Control Structure) of the enclave. The lower 64 bits of
30 /// these attributes are treated as individual flags, whereas the upper 64 bits
31 /// are collectively called XFRM (XSAVE Feature Request Mask). This enum defines
32 /// the various attribute bits and assigns them a value that is same as their
33 /// bit position in the SECS attributes bit vector. The names of these bits are
34 /// taken verbatim from the Intel SDM (Software Developer's Manual), volume 3D
35 /// (see https://software.intel.com/en-us/articles/intel-sdm).
36 enum class AttributeBit {
37  /// Indicates whether the enclave has been initialized via EINIT instruction.
38  INIT = 0,
39 
40  /// Indicates whether the enclave is a debug (1) or production (0) enclave.
41  DEBUG = 1,
42 
43  /// Indicates whether the enclave is a 64-bit (1) or a 32-bit (0) enclave.
44  MODE64BIT = 2,
45 
46  // Bit 3 is an unused bit.
47 
48  /// Indicates whether the enclave has access to the SGX provisioning key (1)
49  /// or not (0).
50  PROVISIONKEY = 4,
51 
52  /// Indicates whether the enclave has access to the INIT-token key (1) or not
53  /// (0).
54  INITTOKENKEY = 5,
55 
56  // Bit 6 is an unused bit.
57 
58  /// Indicates whether the enclave has support for Key Separation and Sharing
59  /// (KSS) (1) or not (0). Enabling KSS sets the ISVEXTPRODID, ISVFAMILYID,
60  /// CONFIGID and CONFIGSVN values in an enclave's identity.
61  KSS = 7,
62 
63  // Bits 8 through 63 are unused.
64 
65  // XFRM bit positions. These mirror the bit positions in the x86-64 XCR0
66  // register, and control two distinct-yet-related aspects of enclave
67  // behavior. First, the values of these bits determine the value of XCR0 as
68  // seen by the enclave (determining whether the corresponding feature is
69  // enabled inside the enclave or not). Second, the values of these bits also
70  // determine whether the corresponding state is saved and cleared by
71  // asynchronous enclave exit (AEX). Since the XFRM portion of the SECS
72  // attributes starts at bit position 64 within the attributes field, we add 64
73  // to the XCR0 position. A detailed explanation of the various capabilities
74  // controlled by these bits can be found in the Intel SDM, volume 3D.
75 
76  /// Determines the behavior of the FPU/MMX capabilities.
77  FPU = 64 + 0,
78 
79  /// Determines the behavior of the SSE capabilities.
80  SSE = 64 + 1,
81 
82  /// Determines the behavior of certain AVX capabilities.
83  AVX = 64 + 2,
84 
85  /// Determines the behavior of the MPX capabilities.
86  BNDREG = 64 + 3,
87 
88  /// Determines the behavior of the MPX capabilities.
89  BNDCSR = 64 + 4,
90 
91  /// Determines the behavior of certain AVX capabilities.
92  OPMASK = 64 + 5,
93 
94  /// Determines the behavior of certain AVX capabilities.
95  ZMM_HI256 = 64 + 6,
96 
97  /// Determines the behavior of certain AVX capabilities.
98  HI16_ZMM = 64 + 7,
99 
100  // Bit 64 + 8 is an unused bit
101 
102  /// Determines the behavior of the Page Protection Keys.
103  PKRU = 64 + 9
104 };
105 
106 /// All valid bit positions in the ATTRIBUTES bit vector.
107 extern const AttributeBit kAllAttributeBits[15];
108 
109 /// The number of ATTRIBUTES flag bits.
110 extern const size_t kNumAttributeFlagBits;
111 
112 /// The number of ATTRIBUTES XFRM bits.
113 extern const size_t kNumAttributeXfrmBits;
114 
115 /// The total number of ATTRIBUTES bits.
116 extern const size_t kNumAttributeBits;
117 
118 /// A bitmask over all valid ATTRIBUTES flag bits.
119 extern const uint64_t kValidAttributeFlagsBitmask;
120 
121 /// A bitmask over all valid ATTRIBUTES XFRM bits.
122 extern const uint64_t kValidAttributeXfrmBitmask;
123 
124 /// The following enum defines the various MISCSELECT bits and assigns them a
125 /// value that is same as their bit position in the SECS MISCSELECT bit vector.
126 /// The names of these bits are taken verbatim from the Intel SDM (Software
127 /// Developer's Manual).
128 enum class MiscselectBit {
129  /// Indicates that information about page faults and GP exceptions that
130  /// occurred inside an enclave will be saved upon an asynchronous exit.
131  EXINFO = 0,
132 };
133 
134 /// All valid bit positions in the MISCSELECT bit vector.
135 extern const MiscselectBit kAllMiscselectBits[1];
136 
137 /// The total number of MISCSELECT bits.
138 extern const size_t kNumMiscselectBits;
139 
140 /// A bitmask over all valid MISCSELECT bits.
141 extern const uint32_t kValidMiscselectBitmask;
142 
143 } // namespace sgx
144 } // namespace asylo
145 
146 #endif // ASYLO_IDENTITY_PLATFORM_SGX_ARCHITECTURE_BITS_H_
Determines the behavior of certain AVX capabilities.
Indicates whether the enclave is a debug (1) or production (0) enclave.
const uint32_t kValidMiscselectBitmask
A bitmask over all valid MISCSELECT bits.
const uint64_t kValidAttributeXfrmBitmask
A bitmask over all valid ATTRIBUTES XFRM bits.
Determines the behavior of the MPX capabilities.
Indicates that information about page faults and GP exceptions that occurred inside an enclave will b...
const size_t kNumMiscselectBits
The total number of MISCSELECT bits.
Determines the behavior of certain AVX capabilities.
ABSL_CONST_INIT const char kStatusMoveAssignmentMsg[]
const uint64_t kValidAttributeFlagsBitmask
A bitmask over all valid ATTRIBUTES flag bits.
Indicates whether the enclave has support for Key Separation and Sharing (KSS) (1) or not (0)...
Indicates whether the enclave has access to the INIT-token key (1) or not (0).
const MiscselectBit kAllMiscselectBits[1]
All valid bit positions in the MISCSELECT bit vector.
const size_t kNumAttributeFlagBits
The number of ATTRIBUTES flag bits.
Definition: architecture_bits.h:26
Indicates whether the enclave has been initialized via EINIT instruction.
Determines the behavior of certain AVX capabilities.
MiscselectBit
The following enum defines the various MISCSELECT bits and assigns them a value that is same as their...
Definition: architecture_bits.h:128
Determines the behavior of the MPX capabilities.
Determines the behavior of the SSE capabilities.
Determines the behavior of the FPU/MMX capabilities.
const size_t kNumAttributeBits
The total number of ATTRIBUTES bits.
const AttributeBit kAllAttributeBits[15]
All valid bit positions in the ATTRIBUTES bit vector.
AttributeBit
SGX defines 128 bits of enclave attributes, which are located in the SECS (Secure Enclave Control Str...
Definition: architecture_bits.h:36
const size_t kNumAttributeXfrmBits
The number of ATTRIBUTES XFRM bits.
Indicates whether the enclave has access to the SGX provisioning key (1) or not (0).
Indicates whether the enclave is a 64-bit (1) or a 32-bit (0) enclave.
Determines the behavior of certain AVX capabilities.
Determines the behavior of the Page Protection Keys.