Skip to content
Henk-Jan Lebbink edited this page Jan 8, 2018 · 2 revisions

SGX INSTRUCTION REFERENCES EDBGWR — Write to a Debug Enclave

Opcode/ Instruction Op/En 64/32 bit Mode Support CPUID Feature Flag Description
EAX = 05H ENCLS[EDBGWR] IR V/V SGX1 This leaf function writes a dword/quadword to a debug enclave.

Instruction Operand Encoding

Op/En EAX RBX RCX
IR EDBGWR (In) Data to be written to a debug enclave (In) Address of Target memory in the EPC (In)

Description

This leaf function copies the content in EBX/RBX to an EPC page belonging to a debug enclave. Eight bytes are written in 64-bit mode, four bytes are written in non-64-bit modes. The size of data cannot be overridden.

The effective address of the source location inside the EPC is provided in the register RCX.

EDBGWR Memory Parameter Semantics

EPCQW
Write access permitted by Enclave

The instruction faults if any of the following:

EDBGWR Faulting Conditions

RCX points into a page that is an SECS. RCX does not resolve to a naturally aligned linear address.
RCX points to a page that does not belong to an enclave that is in debug mode. RCX points to a location inside a TCS that is not the FLAGS word.
An operand causing any segment violation. May page fault.
CPL > 0.

The error codes are:

Table 40-20. EDBGWR Return Value in RAX

Error Code (see Table 40-4) Description
No Error EDBGWR successful.
SGX_PAGE_NOT_DEBUGGABLE The EPC page cannot be accessed because it is in the PENDING or MODIFIED state.

This instruction ignores the EPCM RWX attributes on the enclave page. Consequently, violation of EPCM RWX attri- butes via EDBGRD does not result in a #GP.

Concurrency Restrictions

Table 40-21. Base Concurrency Restrictions of EDBGWR

Leaf Parameter Base Concurrency Restrictions
Access On Conflict SGX_CONFLICT VM Exit Qualification
EDBGWR Target [DS:RCX] Shared #GP

Vol. 3D 40-37 SGX INSTRUCTION REFERENCES

Table 40-22. Additional Concurrency Restrictions of EDBGWR

Leaf Parameter Additional Concurrency Restrictions
vs. EACCEPT, EACCEPTCOPY, EMODPE, EMODPR, EMODT vs. EADD, EEXTEND, EINIT vs. ETRACK, ETRACKC
Access On Conflict Access On Conflict Access On Conflict
EDBGWR Target [DS:RCX] Concurrent Concurrent Concurrent

Operation

Temp Variables in EDBGWR Operational Flow

<table>
	<tr>
		<td><b>Name</b></td>
		<td><b>Type</b></td>
		<td><b>Size (Bits)</b></td>
		<td><b>Description</b></td>
	</tr>
	<tr>
		<td>TMP_MODE64</td>
		<td>Binary</td>
		<td>1</td>
		<td>((IA32_EFER.LMA = 1) && (CS.L = 1)).</td>
	</tr>
	<tr>
		<td>TMP_SECS</td>
		<td></td>
		<td>64</td>
		<td>Physical address of SECS of the enclave to which source operand belongs.</td>
	</tr>
</table>

TMP_MODE64 ← ((IA32_EFER.LMA = 1) && (CS.L = 1));
IF ( (TMP_MODE64 = 1) and (DS:RCX is not 8Byte Aligned) )
    THEN #GP(0); FI;
IF ( (TMP_MODE64 = 0) and (DS:RCX is not 4Byte Aligned) )
    THEN #GP(0); FI;
IF (DS:RCX does not resolve within an EPC)
    THEN #PF(DS:RCX); FI;
(* make sure no other Intel SGX instruction is accessing EPCM *)
IF (Other EPCM modifying instructions executing) 
    THEN #GP(0); FI;
IF (EPCM(DS:RCX). VALID = 0)
    THEN #PF(DS:RCX); FI;
(* make sure that DS:RCX (DST) is pointing to a PT_REG or PT_TCS *) 
IF ( (EPCM(DS:RCX).PTPT_REG) and (EPCM(DS:RCX).PTPT_TCS) )
    THEN #PF(DS:RCX); FI;
(* make sure that DS:RCX points to an accessible EPC page *)
IF ( (EPCM(DS:RCX).PENDING is not 0) or (EPCM(DS:RCS).MODIFIED is not 0) )
    THEN
        RFLAGS.ZF1;
        RAXSGX_PAGE_NOT_DEBUGGABLE;
        GOTO DONE;
FI;
(* If destination is a TCS, then make sure that the offset into the page can only point to the FLAGS field*)
IF ( ( EPCM(DS:RCX). PT = PT_TCS) and ((DS:RCX) & FF8Hoffset_of_FLAGS & 0FF8H) )
    THEN #GP(0); FI;
(* Locate the SECS for the enclave to which the DS:RCX page belongs *) 
40-38 Vol. 3D
                            SGX INSTRUCTION REFERENCES
TMP_SECSGET_SECS_PHYS_ADDRESS(EPCM(DS:RCX).ENCLAVESECS);
(* make sure the enclave owning the PT_REG or PT_TCS page allow debug *) 
IF (TMP_SECS.ATTRIBUTES.DEBUG = 0) 
    THEN #GP(0); FI;
IF ( (TMP_MODE64 = 1) )
    THEN (DS:RCX)[63:0] ← RBX[63:0]; 
    ELSE (DS:RCX)[31:0] ← EBX[31:0]; 
FI;
(* clear EAX and ZF to indicate successful completion *) 
RAX0;
RFLAGS.ZF0;
DONE:
(* clear flags *)
RFLAGS.CF,PF,AF,OF,SF0

Flags Affected

None

Protected Mode Exceptions

#GP(0) If the address in RCS violates DS limit or access rights. If DS segment is unusable. If RCX points to a memory location not 4Byte-aligned. If the address in RCX points to a page belonging to a non-debug enclave. If the address in RCX points to a page which is not PT_TCS or PT_REG. If the address in RCX points to a location inside TCS that is not the FLAGS word.

#PF(error code) If a page fault occurs in accessing memory operands. If the address in RCX points to a non-EPC page. If the address in RCX points to an invalid EPC page.

64-Bit Mode Exceptions

#GP(0) If RCX is non-canonical form. If RCX points to a memory location not 8Byte-aligned. If the address in RCX points to a page belonging to a non-debug enclave. If the address in RCX points to a page which is not PT_TCS or PT_REG. If the address in RCX points to a location inside TCS that is not the FLAGS word.

#PF(error code) If a page fault occurs in accessing memory operands. If the address in RCX points to a non-EPC page. If the address in RCX points to an invalid EPC page.

Vol. 3D 40-39


Source: Intel® Architecture Software Developer's Manual (DECEMBER 2017)
Generated: 8-1-2018

Clone this wiki locally