1 /* SPDX-License-Identifier: GPL-2.0 */
3 * Copyright(c) 2016-20 Intel Corporation.
5 * Contains data structures defined by the SGX architecture. Data structures
6 * defined by the Linux software stack should not be placed here.
8 #ifndef _ASM_X86_SGX_ARCH_H
9 #define _ASM_X86_SGX_ARCH_H
11 #include <linux/bits.h>
12 #include <linux/types.h>
14 /* The SGX specific CPUID function. */
15 #define SGX_CPUID 0x12
16 /* EPC enumeration. */
17 #define SGX_CPUID_EPC 2
18 /* An invalid EPC section, i.e. the end marker. */
19 #define SGX_CPUID_EPC_INVALID 0x0
20 /* A valid EPC section. */
21 #define SGX_CPUID_EPC_SECTION 0x1
22 /* The bitmask for the EPC section type. */
23 #define SGX_CPUID_EPC_MASK GENMASK(3, 0)
26 * enum sgx_return_code - The return code type for ENCLS, ENCLU and ENCLV
27 * %SGX_NOT_TRACKED: Previous ETRACK's shootdown sequence has not
29 * %SGX_CHILD_PRESENT SECS has child pages present in the EPC.
30 * %SGX_INVALID_EINITTOKEN: EINITTOKEN is invalid and enclave signer's
31 * public key does not match IA32_SGXLEPUBKEYHASH.
32 * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received
34 enum sgx_return_code {
36 SGX_CHILD_PRESENT = 13,
37 SGX_INVALID_EINITTOKEN = 16,
38 SGX_UNMASKED_EVENT = 128,
41 /* The modulus size for 3072-bit RSA keys. */
42 #define SGX_MODULUS_SIZE 384
45 * enum sgx_miscselect - additional information to an SSA frame
46 * %SGX_MISC_EXINFO: Report #PF or #GP to the SSA frame.
48 * Save State Area (SSA) is a stack inside the enclave used to store processor
49 * state when an exception or interrupt occurs. This enum defines additional
50 * information stored to an SSA frame.
53 SGX_MISC_EXINFO = BIT(0),
56 #define SGX_MISC_RESERVED_MASK GENMASK_ULL(63, 1)
58 #define SGX_SSA_GPRS_SIZE 184
59 #define SGX_SSA_MISC_EXINFO_SIZE 16
62 * enum sgx_attributes - the attributes field in &struct sgx_secs
63 * %SGX_ATTR_INIT: Enclave can be entered (is initialized).
64 * %SGX_ATTR_DEBUG: Allow ENCLS(EDBGRD) and ENCLS(EDBGWR).
65 * %SGX_ATTR_MODE64BIT: Tell that this a 64-bit enclave.
66 * %SGX_ATTR_PROVISIONKEY: Allow to use provisioning keys for remote
68 * %SGX_ATTR_KSS: Allow to use key separation and sharing (KSS).
69 * %SGX_ATTR_EINITTOKENKEY: Allow to use token signing key that is used to
70 * sign cryptographic tokens that can be passed to
71 * EINIT as an authorization to run an enclave.
74 SGX_ATTR_INIT = BIT(0),
75 SGX_ATTR_DEBUG = BIT(1),
76 SGX_ATTR_MODE64BIT = BIT(2),
77 SGX_ATTR_PROVISIONKEY = BIT(4),
78 SGX_ATTR_EINITTOKENKEY = BIT(5),
79 SGX_ATTR_KSS = BIT(7),
82 #define SGX_ATTR_RESERVED_MASK (BIT_ULL(3) | BIT_ULL(6) | GENMASK_ULL(63, 8))
85 * struct sgx_secs - SGX Enclave Control Structure (SECS)
86 * @size: size of the address space
87 * @base: base address of the address space
88 * @ssa_frame_size: size of an SSA frame
89 * @miscselect: additional information stored to an SSA frame
90 * @attributes: attributes for enclave
91 * @xfrm: XSave-Feature Request Mask (subset of XCR0)
92 * @mrenclave: SHA256-hash of the enclave contents
93 * @mrsigner: SHA256-hash of the public key used to sign the SIGSTRUCT
94 * @config_id: a user-defined value that is used in key derivation
95 * @isv_prod_id: a user-defined value that is used in key derivation
96 * @isv_svn: a user-defined value that is used in key derivation
97 * @config_svn: a user-defined value that is used in key derivation
99 * SGX Enclave Control Structure (SECS) is a special enclave page that is not
100 * visible in the address space. In fact, this structure defines the address
101 * range and other global attributes for the enclave and it is the first EPC
102 * page created for any enclave. It is moved from a temporary buffer to an EPC
103 * by the means of ENCLS[ECREATE] function.
125 * enum sgx_tcs_flags - execution flags for TCS
126 * %SGX_TCS_DBGOPTIN: If enabled allows single-stepping and breakpoints
127 * inside an enclave. It is cleared by EADD but can
128 * be set later with EDBGWR.
131 SGX_TCS_DBGOPTIN = 0x01,
134 #define SGX_TCS_RESERVED_MASK GENMASK_ULL(63, 1)
135 #define SGX_TCS_RESERVED_SIZE 4024
138 * struct sgx_tcs - Thread Control Structure (TCS)
139 * @state: used to mark an entered TCS
140 * @flags: execution flags (cleared by EADD)
141 * @ssa_offset: SSA stack offset relative to the enclave base
142 * @ssa_index: the current SSA frame index (cleard by EADD)
143 * @nr_ssa_frames: the number of frame in the SSA stack
144 * @entry_offset: entry point offset relative to the enclave base
145 * @exit_addr: address outside the enclave to exit on an exception or
147 * @fs_offset: offset relative to the enclave base to become FS
148 * segment inside the enclave
149 * @gs_offset: offset relative to the enclave base to become GS
150 * segment inside the enclave
151 * @fs_limit: size to become a new FS-limit (only 32-bit enclaves)
152 * @gs_limit: size to become a new GS-limit (only 32-bit enclaves)
154 * Thread Control Structure (TCS) is an enclave page visible in its address
155 * space that defines an entry point inside the enclave. A thread enters inside
156 * an enclave by supplying address of TCS to ENCLU(EENTER). A TCS can be entered
157 * by only one thread at a time.
171 u8 reserved[SGX_TCS_RESERVED_SIZE];
175 * struct sgx_pageinfo - an enclave page descriptor
176 * @addr: address of the enclave page
177 * @contents: pointer to the page contents
178 * @metadata: pointer either to a SECINFO or PCMD instance
179 * @secs: address of the SECS page
181 struct sgx_pageinfo {
186 } __packed __aligned(32);
190 * enum sgx_page_type - bits in the SECINFO flags defining the page type
191 * %SGX_PAGE_TYPE_SECS: a SECS page
192 * %SGX_PAGE_TYPE_TCS: a TCS page
193 * %SGX_PAGE_TYPE_REG: a regular page
194 * %SGX_PAGE_TYPE_VA: a VA page
195 * %SGX_PAGE_TYPE_TRIM: a page in trimmed state
205 #define SGX_NR_PAGE_TYPES 5
206 #define SGX_PAGE_TYPE_MASK GENMASK(7, 0)
209 * enum sgx_secinfo_flags - the flags field in &struct sgx_secinfo
210 * %SGX_SECINFO_R: allow read
211 * %SGX_SECINFO_W: allow write
212 * %SGX_SECINFO_X: allow execution
213 * %SGX_SECINFO_SECS: a SECS page
214 * %SGX_SECINFO_TCS: a TCS page
215 * %SGX_SECINFO_REG: a regular page
216 * %SGX_SECINFO_VA: a VA page
217 * %SGX_SECINFO_TRIM: a page in trimmed state
219 enum sgx_secinfo_flags {
220 SGX_SECINFO_R = BIT(0),
221 SGX_SECINFO_W = BIT(1),
222 SGX_SECINFO_X = BIT(2),
223 SGX_SECINFO_SECS = (SGX_PAGE_TYPE_SECS << 8),
224 SGX_SECINFO_TCS = (SGX_PAGE_TYPE_TCS << 8),
225 SGX_SECINFO_REG = (SGX_PAGE_TYPE_REG << 8),
226 SGX_SECINFO_VA = (SGX_PAGE_TYPE_VA << 8),
227 SGX_SECINFO_TRIM = (SGX_PAGE_TYPE_TRIM << 8),
230 #define SGX_SECINFO_PERMISSION_MASK GENMASK_ULL(2, 0)
231 #define SGX_SECINFO_PAGE_TYPE_MASK (SGX_PAGE_TYPE_MASK << 8)
232 #define SGX_SECINFO_RESERVED_MASK ~(SGX_SECINFO_PERMISSION_MASK | \
233 SGX_SECINFO_PAGE_TYPE_MASK)
236 * struct sgx_secinfo - describes attributes of an EPC page
237 * @flags: permissions and type
239 * Used together with ENCLS leaves that add or modify an EPC page to an
240 * enclave to define page permissions and type.
245 } __packed __aligned(64);
247 #define SGX_PCMD_RESERVED_SIZE 40
250 * struct sgx_pcmd - Paging Crypto Metadata (PCMD)
251 * @enclave_id: enclave identifier
252 * @mac: MAC over PCMD, page contents and isvsvn
254 * PCMD is stored for every swapped page to the regular memory. When ELDU loads
255 * the page back it recalculates the MAC by using a isvsvn number stored in a
256 * VA page. Together these two structures bring integrity and rollback
260 struct sgx_secinfo secinfo;
262 u8 reserved[SGX_PCMD_RESERVED_SIZE];
264 } __packed __aligned(128);
266 #define SGX_SIGSTRUCT_RESERVED1_SIZE 84
267 #define SGX_SIGSTRUCT_RESERVED2_SIZE 20
268 #define SGX_SIGSTRUCT_RESERVED3_SIZE 32
269 #define SGX_SIGSTRUCT_RESERVED4_SIZE 12
272 * struct sgx_sigstruct_header - defines author of the enclave
273 * @header1: constant byte string
274 * @vendor: must be either 0x0000 or 0x8086
275 * @date: YYYYMMDD in BCD
276 * @header2: costant byte string
277 * @swdefined: software defined value
279 struct sgx_sigstruct_header {
289 * struct sgx_sigstruct_body - defines contents of the enclave
290 * @miscselect: additional information stored to an SSA frame
291 * @misc_mask: required miscselect in SECS
292 * @attributes: attributes for enclave
293 * @xfrm: XSave-Feature Request Mask (subset of XCR0)
294 * @attributes_mask: required attributes in SECS
295 * @xfrm_mask: required XFRM in SECS
296 * @mrenclave: SHA256-hash of the enclave contents
297 * @isvprodid: a user-defined value that is used in key derivation
298 * @isvsvn: a user-defined value that is used in key derivation
300 struct sgx_sigstruct_body {
315 * struct sgx_sigstruct - an enclave signature
316 * @header: defines author of the enclave
317 * @modulus: the modulus of the public key
318 * @exponent: the exponent of the public key
319 * @signature: the signature calculated over the fields except modulus,
320 * @body: defines contents of the enclave
321 * @q1: a value used in RSA signature verification
322 * @q2: a value used in RSA signature verification
324 * Header and body are the parts that are actual signed. The remaining fields
325 * define the signature of the enclave.
327 struct sgx_sigstruct {
328 struct sgx_sigstruct_header header;
329 u8 modulus[SGX_MODULUS_SIZE];
331 u8 signature[SGX_MODULUS_SIZE];
332 struct sgx_sigstruct_body body;
334 u8 q1[SGX_MODULUS_SIZE];
335 u8 q2[SGX_MODULUS_SIZE];
338 #define SGX_LAUNCH_TOKEN_SIZE 304
340 #endif /* _ASM_X86_SGX_ARCH_H */