1 /*- 2 * Copyright (c) 2017 Ruslan Bukin <br@bsdpad.com> 3 * All rights reserved. 4 * 5 * This software was developed by BAE Systems, the University of Cambridge 6 * Computer Laboratory, and Memorial University under DARPA/AFRL contract 7 * FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing 8 * (TC) research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $FreeBSD$ 32 */ 33 34 /* Machine-defined variables. */ 35 36 #ifndef _MACHINE_SGXREG_H_ 37 #define _MACHINE_SGXREG_H_ 38 39 /* Error codes. */ 40 #define SGX_SUCCESS 0 41 #define SGX_INVALID_SIG_STRUCT 1 /* EINIT */ 42 #define SGX_INVALID_ATTRIBUTE 2 /* EINIT, EGETKEY */ 43 #define SGX_BLSTATE 3 /* EBLOCK */ 44 #define SGX_INVALID_MEASUREMENT 4 /* EINIT */ 45 #define SGX_NOTBLOCKABLE 5 /* EBLOCK */ 46 #define SGX_PG_INVLD 6 /* EBLOCK */ 47 #define SGX_LOCKFAIL 7 /* EBLOCK, EMODPR, EMODT */ 48 #define SGX_INVALID_SIGNATURE 8 /* EINIT */ 49 #define SGX_MAC_COMPARE_FAIL 9 /* ELDB, ELDU */ 50 #define SGX_PAGE_NOT_BLOCKED 10 /* EWB */ 51 #define SGX_NOT_TRACKED 11 /* EWB, EACCEPT */ 52 #define SGX_VA_SLOT_OCCUPIED 12 /* EWB */ 53 #define SGX_CHILD_PRESENT 13 /* EWB, EREMOVE */ 54 #define SGX_ENCLAVE_ACT 14 /* EREMOVE */ 55 #define SGX_ENTRYEPOCH_LOCKED 15 /* EBLOCK */ 56 #define SGX_INVALID_EINIT_TOKEN 16 /* EINIT */ 57 #define SGX_PREV_TRK_INCMPL 17 /* ETRACK */ 58 #define SGX_PG_IS_SECS 18 /* EBLOCK */ 59 #define SGX_PAGE_ATTRIBUTES_MISMATCH 19 /* EACCEPT, EACCEPTCOPY */ 60 #define SGX_PAGE_NOT_MODIFIABLE 20 /* EMODPR, EMODT */ 61 #define SGX_INVALID_CPUSVN 32 /* EINIT, EGETKEY */ 62 #define SGX_INVALID_ISVSVN 64 /* EGETKEY */ 63 #define SGX_UNMASKED_EVENT 128 /* EINIT */ 64 #define SGX_INVALID_KEYNAME 256 /* EGETKEY */ 65 66 /* 67 * 2.10 Page Information (PAGEINFO) 68 * PAGEINFO is an architectural data structure that is used as a parameter 69 * to the EPC-management instructions. It requires 32-Byte alignment. 70 */ 71 struct page_info { 72 uint64_t linaddr; 73 uint64_t srcpge; 74 union { 75 struct secinfo *secinfo; 76 uint64_t pcmd; 77 }; 78 uint64_t secs; 79 } __aligned(32); 80 81 /* 82 * 2.11 Security Information (SECINFO) 83 * The SECINFO data structure holds meta-data about an enclave page. 84 */ 85 struct secinfo { 86 uint64_t flags; 87 #define SECINFO_FLAGS_PT_S 8 /* Page type shift */ 88 #define SECINFO_FLAGS_PT_M (0xff << SECINFO_FLAGS_PT_S) 89 uint64_t reserved[7]; 90 } __aligned(64); 91 92 /* 93 * 2.7.1 ATTRIBUTES 94 * The ATTRIBUTES data structure is comprised of bit-granular fields that 95 * are used in the SECS, CPUID enumeration, the REPORT and the KEYREQUEST 96 * structures. 97 */ 98 struct secs_attr { 99 uint8_t reserved1: 1; 100 uint8_t debug: 1; 101 uint8_t mode64bit: 1; 102 uint8_t reserved2: 1; 103 uint8_t provisionkey: 1; 104 uint8_t einittokenkey: 1; 105 uint8_t reserved3: 2; 106 #define SECS_ATTR_RSV4_SIZE 7 107 uint8_t reserved4[SECS_ATTR_RSV4_SIZE]; 108 uint64_t xfrm; /* X-Feature Request Mask */ 109 }; 110 111 /* 112 * 2.7 SGX Enclave Control Structure (SECS) 113 * The SECS data structure requires 4K-Bytes alignment. 114 */ 115 struct secs { 116 uint64_t size; 117 uint64_t base; 118 uint32_t ssa_frame_size; 119 uint32_t misc_select; 120 #define SECS_RSV1_SIZE 24 121 uint8_t reserved1[SECS_RSV1_SIZE]; 122 struct secs_attr attributes; 123 uint8_t mr_enclave[32]; 124 #define SECS_RSV2_SIZE 32 125 uint8_t reserved2[SECS_RSV2_SIZE]; 126 uint8_t mr_signer[32]; 127 #define SECS_RSV3_SIZE 96 128 uint8_t reserved3[SECS_RSV3_SIZE]; 129 uint16_t isv_prod_id; 130 uint16_t isv_svn; 131 #define SECS_RSV4_SIZE 3836 132 uint8_t reserved4[SECS_RSV4_SIZE]; 133 }; 134 135 /* 136 * 2.8 Thread Control Structure (TCS) 137 * Each executing thread in the enclave is associated with a 138 * Thread Control Structure. It requires 4K-Bytes alignment. 139 */ 140 struct tcs { 141 uint64_t reserved1; 142 uint64_t flags; 143 uint64_t ossa; 144 uint32_t cssa; 145 uint32_t nssa; 146 uint64_t oentry; 147 uint64_t reserved2; 148 uint64_t ofsbasgx; 149 uint64_t ogsbasgx; 150 uint32_t fslimit; 151 uint32_t gslimit; 152 uint64_t reserved3[503]; 153 }; 154 155 #endif /* !_MACHINE_SGXREG_H_ */ 156