-
Notifications
You must be signed in to change notification settings - Fork 98
EDBGWR
SGX INSTRUCTION REFERENCES EDBGWR — Write to a Debug Enclave
Opcode/ Instruction | Op/En | 64/32 bit Mode Support | CPUID Feature Flag | Description |
EAX = 05H ENCLS[EDBGWR] | IR | V/V | SGX1 | This leaf function writes a dword/quadword to a debug enclave. |
Op/En | EAX | RBX | RCX |
IR | EDBGWR (In) | Data to be written to a debug enclave (In) Address of Target memory in the EPC (In) |
This leaf function copies the content in EBX/RBX to an EPC page belonging to a debug enclave. Eight bytes are written in 64-bit mode, four bytes are written in non-64-bit modes. The size of data cannot be overridden.
The effective address of the source location inside the EPC is provided in the register RCX.
EDBGWR Memory Parameter Semantics
EPCQW |
Write access permitted by Enclave |
The instruction faults if any of the following:
EDBGWR Faulting Conditions
RCX points into a page that is an SECS. | RCX does not resolve to a naturally aligned linear address. |
RCX points to a page that does not belong to an enclave that is in debug mode. | RCX points to a location inside a TCS that is not the FLAGS word. |
An operand causing any segment violation. | May page fault. |
CPL > 0. |
The error codes are:
Table 40-20. EDBGWR Return Value in RAX
Error Code (see Table 40-4) | Description |
No Error | EDBGWR successful. |
SGX_PAGE_NOT_DEBUGGABLE | The EPC page cannot be accessed because it is in the PENDING or MODIFIED state. |
This instruction ignores the EPCM RWX attributes on the enclave page. Consequently, violation of EPCM RWX attri- butes via EDBGRD does not result in a #GP.
Concurrency Restrictions
Table 40-21. Base Concurrency Restrictions of EDBGWR
Leaf | Parameter | Base Concurrency Restrictions | ||
Access | On Conflict | SGX_CONFLICT VM Exit Qualification | ||
EDBGWR | Target [DS:RCX] | Shared | #GP |
Vol. 3D 40-37 SGX INSTRUCTION REFERENCES
Table 40-22. Additional Concurrency Restrictions of EDBGWR
Leaf | Parameter | Additional Concurrency Restrictions | |||||
vs. EACCEPT, EACCEPTCOPY, EMODPE, EMODPR, EMODT | vs. EADD, EEXTEND, EINIT | vs. ETRACK, ETRACKC | |||||
Access | On Conflict | Access | On Conflict | Access | On Conflict | ||
EDBGWR | Target [DS:RCX] | Concurrent | Concurrent | Concurrent |
<table>
<tr>
<td><b>Name</b></td>
<td><b>Type</b></td>
<td><b>Size (Bits)</b></td>
<td><b>Description</b></td>
</tr>
<tr>
<td>TMP_MODE64</td>
<td>Binary</td>
<td>1</td>
<td>((IA32_EFER.LMA = 1) && (CS.L = 1)).</td>
</tr>
<tr>
<td>TMP_SECS</td>
<td></td>
<td>64</td>
<td>Physical address of SECS of the enclave to which source operand belongs.</td>
</tr>
</table>
TMP_MODE64 ← ((IA32_EFER.LMA = 1) && (CS.L = 1));
IF ( (TMP_MODE64 = 1) and (DS:RCX is not 8Byte Aligned) )
THEN #GP(0); FI;
IF ( (TMP_MODE64 = 0) and (DS:RCX is not 4Byte Aligned) )
THEN #GP(0); FI;
IF (DS:RCX does not resolve within an EPC)
THEN #PF(DS:RCX); FI;
(* make sure no other Intel SGX instruction is accessing EPCM *)
IF (Other EPCM modifying instructions executing)
THEN #GP(0); FI;
IF (EPCM(DS:RCX). VALID = 0)
THEN #PF(DS:RCX); FI;
(* make sure that DS:RCX (DST) is pointing to a PT_REG or PT_TCS *)
IF ( (EPCM(DS:RCX).PT ≠ PT_REG) and (EPCM(DS:RCX).PT ≠ PT_TCS) )
THEN #PF(DS:RCX); FI;
(* make sure that DS:RCX points to an accessible EPC page *)
IF ( (EPCM(DS:RCX).PENDING is not 0) or (EPCM(DS:RCS).MODIFIED is not 0) )
THEN
RFLAGS.ZF ← 1;
RAX ← SGX_PAGE_NOT_DEBUGGABLE;
GOTO DONE;
FI;
(* If destination is a TCS, then make sure that the offset into the page can only point to the FLAGS field*)
IF ( ( EPCM(DS:RCX). PT = PT_TCS) and ((DS:RCX) & FF8H ≠ offset_of_FLAGS & 0FF8H) )
THEN #GP(0); FI;
(* Locate the SECS for the enclave to which the DS:RCX page belongs *)
40-38 Vol. 3D
SGX INSTRUCTION REFERENCES
TMP_SECS ← GET_SECS_PHYS_ADDRESS(EPCM(DS:RCX).ENCLAVESECS);
(* make sure the enclave owning the PT_REG or PT_TCS page allow debug *)
IF (TMP_SECS.ATTRIBUTES.DEBUG = 0)
THEN #GP(0); FI;
IF ( (TMP_MODE64 = 1) )
THEN (DS:RCX)[63:0] ← RBX[63:0];
ELSE (DS:RCX)[31:0] ← EBX[31:0];
FI;
(* clear EAX and ZF to indicate successful completion *)
RAX ← 0;
RFLAGS.ZF ← 0;
DONE:
(* clear flags *)
RFLAGS.CF,PF,AF,OF,SF ← 0
None
#GP(0) If the address in RCS violates DS limit or access rights. If DS segment is unusable. If RCX points to a memory location not 4Byte-aligned. If the address in RCX points to a page belonging to a non-debug enclave. If the address in RCX points to a page which is not PT_TCS or PT_REG. If the address in RCX points to a location inside TCS that is not the FLAGS word.
#PF(error code) If a page fault occurs in accessing memory operands. If the address in RCX points to a non-EPC page. If the address in RCX points to an invalid EPC page.
#GP(0) If RCX is non-canonical form. If RCX points to a memory location not 8Byte-aligned. If the address in RCX points to a page belonging to a non-debug enclave. If the address in RCX points to a page which is not PT_TCS or PT_REG. If the address in RCX points to a location inside TCS that is not the FLAGS word.
#PF(error code) If a page fault occurs in accessing memory operands. If the address in RCX points to a non-EPC page. If the address in RCX points to an invalid EPC page.
Vol. 3D 40-39
Source: Intel® Architecture Software Developer's Manual (DECEMBER 2017)
Generated: 8-1-2018