sgx.h 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404
  1. /* SPDX-License-Identifier: GPL-2.0 */
  2. /**
  3. * Copyright(c) 2016-20 Intel Corporation.
  4. *
  5. * Intel Software Guard Extensions (SGX) support.
  6. */
  7. #ifndef _ASM_X86_SGX_H
  8. #define _ASM_X86_SGX_H
  9. #include <linux/bits.h>
  10. #include <linux/types.h>
  11. /*
  12. * This file contains both data structures defined by SGX architecture and Linux
  13. * defined software data structures and functions. The two should not be mixed
  14. * together for better readability. The architectural definitions come first.
  15. */
  16. /* The SGX specific CPUID function. */
  17. #define SGX_CPUID 0x12
  18. /* EPC enumeration. */
  19. #define SGX_CPUID_EPC 2
  20. /* An invalid EPC section, i.e. the end marker. */
  21. #define SGX_CPUID_EPC_INVALID 0x0
  22. /* A valid EPC section. */
  23. #define SGX_CPUID_EPC_SECTION 0x1
  24. /* The bitmask for the EPC section type. */
  25. #define SGX_CPUID_EPC_MASK GENMASK(3, 0)
  26. enum sgx_encls_function {
  27. ECREATE = 0x00,
  28. EADD = 0x01,
  29. EINIT = 0x02,
  30. EREMOVE = 0x03,
  31. EDGBRD = 0x04,
  32. EDGBWR = 0x05,
  33. EEXTEND = 0x06,
  34. ELDU = 0x08,
  35. EBLOCK = 0x09,
  36. EPA = 0x0A,
  37. EWB = 0x0B,
  38. ETRACK = 0x0C,
  39. EAUG = 0x0D,
  40. EMODPR = 0x0E,
  41. EMODT = 0x0F,
  42. };
  43. /**
  44. * SGX_ENCLS_FAULT_FLAG - flag signifying an ENCLS return code is a trapnr
  45. *
  46. * ENCLS has its own (positive value) error codes and also generates
  47. * ENCLS specific #GP and #PF faults. And the ENCLS values get munged
  48. * with system error codes as everything percolates back up the stack.
  49. * Unfortunately (for us), we need to precisely identify each unique
  50. * error code, e.g. the action taken if EWB fails varies based on the
  51. * type of fault and on the exact SGX error code, i.e. we can't simply
  52. * convert all faults to -EFAULT.
  53. *
  54. * To make all three error types coexist, we set bit 30 to identify an
  55. * ENCLS fault. Bit 31 (technically bits N:31) is used to differentiate
  56. * between positive (faults and SGX error codes) and negative (system
  57. * error codes) values.
  58. */
  59. #define SGX_ENCLS_FAULT_FLAG 0x40000000
  60. /**
  61. * enum sgx_return_code - The return code type for ENCLS, ENCLU and ENCLV
  62. * %SGX_EPC_PAGE_CONFLICT: Page is being written by other ENCLS function.
  63. * %SGX_NOT_TRACKED: Previous ETRACK's shootdown sequence has not
  64. * been completed yet.
  65. * %SGX_CHILD_PRESENT SECS has child pages present in the EPC.
  66. * %SGX_INVALID_EINITTOKEN: EINITTOKEN is invalid and enclave signer's
  67. * public key does not match IA32_SGXLEPUBKEYHASH.
  68. * %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified because it
  69. * is in the PENDING or MODIFIED state.
  70. * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received
  71. */
  72. enum sgx_return_code {
  73. SGX_EPC_PAGE_CONFLICT = 7,
  74. SGX_NOT_TRACKED = 11,
  75. SGX_CHILD_PRESENT = 13,
  76. SGX_INVALID_EINITTOKEN = 16,
  77. SGX_PAGE_NOT_MODIFIABLE = 20,
  78. SGX_UNMASKED_EVENT = 128,
  79. };
  80. /* The modulus size for 3072-bit RSA keys. */
  81. #define SGX_MODULUS_SIZE 384
  82. /**
  83. * enum sgx_miscselect - additional information to an SSA frame
  84. * %SGX_MISC_EXINFO: Report #PF or #GP to the SSA frame.
  85. *
  86. * Save State Area (SSA) is a stack inside the enclave used to store processor
  87. * state when an exception or interrupt occurs. This enum defines additional
  88. * information stored to an SSA frame.
  89. */
  90. enum sgx_miscselect {
  91. SGX_MISC_EXINFO = BIT(0),
  92. };
  93. #define SGX_MISC_RESERVED_MASK GENMASK_ULL(63, 1)
  94. #define SGX_SSA_GPRS_SIZE 184
  95. #define SGX_SSA_MISC_EXINFO_SIZE 16
  96. /**
  97. * enum sgx_attributes - the attributes field in &struct sgx_secs
  98. * %SGX_ATTR_INIT: Enclave can be entered (is initialized).
  99. * %SGX_ATTR_DEBUG: Allow ENCLS(EDBGRD) and ENCLS(EDBGWR).
  100. * %SGX_ATTR_MODE64BIT: Tell that this a 64-bit enclave.
  101. * %SGX_ATTR_PROVISIONKEY: Allow to use provisioning keys for remote
  102. * attestation.
  103. * %SGX_ATTR_KSS: Allow to use key separation and sharing (KSS).
  104. * %SGX_ATTR_EINITTOKENKEY: Allow to use token signing key that is used to
  105. * sign cryptographic tokens that can be passed to
  106. * EINIT as an authorization to run an enclave.
  107. */
  108. enum sgx_attribute {
  109. SGX_ATTR_INIT = BIT(0),
  110. SGX_ATTR_DEBUG = BIT(1),
  111. SGX_ATTR_MODE64BIT = BIT(2),
  112. SGX_ATTR_PROVISIONKEY = BIT(4),
  113. SGX_ATTR_EINITTOKENKEY = BIT(5),
  114. SGX_ATTR_KSS = BIT(7),
  115. };
  116. #define SGX_ATTR_RESERVED_MASK (BIT_ULL(3) | BIT_ULL(6) | GENMASK_ULL(63, 8))
  117. /**
  118. * struct sgx_secs - SGX Enclave Control Structure (SECS)
  119. * @size: size of the address space
  120. * @base: base address of the address space
  121. * @ssa_frame_size: size of an SSA frame
  122. * @miscselect: additional information stored to an SSA frame
  123. * @attributes: attributes for enclave
  124. * @xfrm: XSave-Feature Request Mask (subset of XCR0)
  125. * @mrenclave: SHA256-hash of the enclave contents
  126. * @mrsigner: SHA256-hash of the public key used to sign the SIGSTRUCT
  127. * @config_id: a user-defined value that is used in key derivation
  128. * @isv_prod_id: a user-defined value that is used in key derivation
  129. * @isv_svn: a user-defined value that is used in key derivation
  130. * @config_svn: a user-defined value that is used in key derivation
  131. *
  132. * SGX Enclave Control Structure (SECS) is a special enclave page that is not
  133. * visible in the address space. In fact, this structure defines the address
  134. * range and other global attributes for the enclave and it is the first EPC
  135. * page created for any enclave. It is moved from a temporary buffer to an EPC
  136. * by the means of ENCLS[ECREATE] function.
  137. */
  138. struct sgx_secs {
  139. u64 size;
  140. u64 base;
  141. u32 ssa_frame_size;
  142. u32 miscselect;
  143. u8 reserved1[24];
  144. u64 attributes;
  145. u64 xfrm;
  146. u32 mrenclave[8];
  147. u8 reserved2[32];
  148. u32 mrsigner[8];
  149. u8 reserved3[32];
  150. u32 config_id[16];
  151. u16 isv_prod_id;
  152. u16 isv_svn;
  153. u16 config_svn;
  154. u8 reserved4[3834];
  155. } __packed;
  156. /**
  157. * enum sgx_tcs_flags - execution flags for TCS
  158. * %SGX_TCS_DBGOPTIN: If enabled allows single-stepping and breakpoints
  159. * inside an enclave. It is cleared by EADD but can
  160. * be set later with EDBGWR.
  161. */
  162. enum sgx_tcs_flags {
  163. SGX_TCS_DBGOPTIN = 0x01,
  164. };
  165. #define SGX_TCS_RESERVED_MASK GENMASK_ULL(63, 1)
  166. #define SGX_TCS_RESERVED_SIZE 4024
  167. /**
  168. * struct sgx_tcs - Thread Control Structure (TCS)
  169. * @state: used to mark an entered TCS
  170. * @flags: execution flags (cleared by EADD)
  171. * @ssa_offset: SSA stack offset relative to the enclave base
  172. * @ssa_index: the current SSA frame index (cleard by EADD)
  173. * @nr_ssa_frames: the number of frame in the SSA stack
  174. * @entry_offset: entry point offset relative to the enclave base
  175. * @exit_addr: address outside the enclave to exit on an exception or
  176. * interrupt
  177. * @fs_offset: offset relative to the enclave base to become FS
  178. * segment inside the enclave
  179. * @gs_offset: offset relative to the enclave base to become GS
  180. * segment inside the enclave
  181. * @fs_limit: size to become a new FS-limit (only 32-bit enclaves)
  182. * @gs_limit: size to become a new GS-limit (only 32-bit enclaves)
  183. *
  184. * Thread Control Structure (TCS) is an enclave page visible in its address
  185. * space that defines an entry point inside the enclave. A thread enters inside
  186. * an enclave by supplying address of TCS to ENCLU(EENTER). A TCS can be entered
  187. * by only one thread at a time.
  188. */
  189. struct sgx_tcs {
  190. u64 state;
  191. u64 flags;
  192. u64 ssa_offset;
  193. u32 ssa_index;
  194. u32 nr_ssa_frames;
  195. u64 entry_offset;
  196. u64 exit_addr;
  197. u64 fs_offset;
  198. u64 gs_offset;
  199. u32 fs_limit;
  200. u32 gs_limit;
  201. u8 reserved[SGX_TCS_RESERVED_SIZE];
  202. } __packed;
  203. /**
  204. * struct sgx_pageinfo - an enclave page descriptor
  205. * @addr: address of the enclave page
  206. * @contents: pointer to the page contents
  207. * @metadata: pointer either to a SECINFO or PCMD instance
  208. * @secs: address of the SECS page
  209. */
  210. struct sgx_pageinfo {
  211. u64 addr;
  212. u64 contents;
  213. u64 metadata;
  214. u64 secs;
  215. } __packed __aligned(32);
  216. /**
  217. * enum sgx_page_type - bits in the SECINFO flags defining the page type
  218. * %SGX_PAGE_TYPE_SECS: a SECS page
  219. * %SGX_PAGE_TYPE_TCS: a TCS page
  220. * %SGX_PAGE_TYPE_REG: a regular page
  221. * %SGX_PAGE_TYPE_VA: a VA page
  222. * %SGX_PAGE_TYPE_TRIM: a page in trimmed state
  223. *
  224. * Make sure when making changes to this enum that its values can still fit
  225. * in the bitfield within &struct sgx_encl_page
  226. */
  227. enum sgx_page_type {
  228. SGX_PAGE_TYPE_SECS,
  229. SGX_PAGE_TYPE_TCS,
  230. SGX_PAGE_TYPE_REG,
  231. SGX_PAGE_TYPE_VA,
  232. SGX_PAGE_TYPE_TRIM,
  233. };
  234. #define SGX_NR_PAGE_TYPES 5
  235. #define SGX_PAGE_TYPE_MASK GENMASK(7, 0)
  236. /**
  237. * enum sgx_secinfo_flags - the flags field in &struct sgx_secinfo
  238. * %SGX_SECINFO_R: allow read
  239. * %SGX_SECINFO_W: allow write
  240. * %SGX_SECINFO_X: allow execution
  241. * %SGX_SECINFO_SECS: a SECS page
  242. * %SGX_SECINFO_TCS: a TCS page
  243. * %SGX_SECINFO_REG: a regular page
  244. * %SGX_SECINFO_VA: a VA page
  245. * %SGX_SECINFO_TRIM: a page in trimmed state
  246. */
  247. enum sgx_secinfo_flags {
  248. SGX_SECINFO_R = BIT(0),
  249. SGX_SECINFO_W = BIT(1),
  250. SGX_SECINFO_X = BIT(2),
  251. SGX_SECINFO_SECS = (SGX_PAGE_TYPE_SECS << 8),
  252. SGX_SECINFO_TCS = (SGX_PAGE_TYPE_TCS << 8),
  253. SGX_SECINFO_REG = (SGX_PAGE_TYPE_REG << 8),
  254. SGX_SECINFO_VA = (SGX_PAGE_TYPE_VA << 8),
  255. SGX_SECINFO_TRIM = (SGX_PAGE_TYPE_TRIM << 8),
  256. };
  257. #define SGX_SECINFO_PERMISSION_MASK GENMASK_ULL(2, 0)
  258. #define SGX_SECINFO_PAGE_TYPE_MASK (SGX_PAGE_TYPE_MASK << 8)
  259. #define SGX_SECINFO_RESERVED_MASK ~(SGX_SECINFO_PERMISSION_MASK | \
  260. SGX_SECINFO_PAGE_TYPE_MASK)
  261. /**
  262. * struct sgx_secinfo - describes attributes of an EPC page
  263. * @flags: permissions and type
  264. *
  265. * Used together with ENCLS leaves that add or modify an EPC page to an
  266. * enclave to define page permissions and type.
  267. */
  268. struct sgx_secinfo {
  269. u64 flags;
  270. u8 reserved[56];
  271. } __packed __aligned(64);
  272. #define SGX_PCMD_RESERVED_SIZE 40
  273. /**
  274. * struct sgx_pcmd - Paging Crypto Metadata (PCMD)
  275. * @enclave_id: enclave identifier
  276. * @mac: MAC over PCMD, page contents and isvsvn
  277. *
  278. * PCMD is stored for every swapped page to the regular memory. When ELDU loads
  279. * the page back it recalculates the MAC by using a isvsvn number stored in a
  280. * VA page. Together these two structures bring integrity and rollback
  281. * protection.
  282. */
  283. struct sgx_pcmd {
  284. struct sgx_secinfo secinfo;
  285. u64 enclave_id;
  286. u8 reserved[SGX_PCMD_RESERVED_SIZE];
  287. u8 mac[16];
  288. } __packed __aligned(128);
  289. #define SGX_SIGSTRUCT_RESERVED1_SIZE 84
  290. #define SGX_SIGSTRUCT_RESERVED2_SIZE 20
  291. #define SGX_SIGSTRUCT_RESERVED3_SIZE 32
  292. #define SGX_SIGSTRUCT_RESERVED4_SIZE 12
  293. /**
  294. * struct sgx_sigstruct_header - defines author of the enclave
  295. * @header1: constant byte string
  296. * @vendor: must be either 0x0000 or 0x8086
  297. * @date: YYYYMMDD in BCD
  298. * @header2: constant byte string
  299. * @swdefined: software defined value
  300. */
  301. struct sgx_sigstruct_header {
  302. u64 header1[2];
  303. u32 vendor;
  304. u32 date;
  305. u64 header2[2];
  306. u32 swdefined;
  307. u8 reserved1[84];
  308. } __packed;
  309. /**
  310. * struct sgx_sigstruct_body - defines contents of the enclave
  311. * @miscselect: additional information stored to an SSA frame
  312. * @misc_mask: required miscselect in SECS
  313. * @attributes: attributes for enclave
  314. * @xfrm: XSave-Feature Request Mask (subset of XCR0)
  315. * @attributes_mask: required attributes in SECS
  316. * @xfrm_mask: required XFRM in SECS
  317. * @mrenclave: SHA256-hash of the enclave contents
  318. * @isvprodid: a user-defined value that is used in key derivation
  319. * @isvsvn: a user-defined value that is used in key derivation
  320. */
  321. struct sgx_sigstruct_body {
  322. u32 miscselect;
  323. u32 misc_mask;
  324. u8 reserved2[20];
  325. u64 attributes;
  326. u64 xfrm;
  327. u64 attributes_mask;
  328. u64 xfrm_mask;
  329. u8 mrenclave[32];
  330. u8 reserved3[32];
  331. u16 isvprodid;
  332. u16 isvsvn;
  333. } __packed;
  334. /**
  335. * struct sgx_sigstruct - an enclave signature
  336. * @header: defines author of the enclave
  337. * @modulus: the modulus of the public key
  338. * @exponent: the exponent of the public key
  339. * @signature: the signature calculated over the fields except modulus,
  340. * @body: defines contents of the enclave
  341. * @q1: a value used in RSA signature verification
  342. * @q2: a value used in RSA signature verification
  343. *
  344. * Header and body are the parts that are actual signed. The remaining fields
  345. * define the signature of the enclave.
  346. */
  347. struct sgx_sigstruct {
  348. struct sgx_sigstruct_header header;
  349. u8 modulus[SGX_MODULUS_SIZE];
  350. u32 exponent;
  351. u8 signature[SGX_MODULUS_SIZE];
  352. struct sgx_sigstruct_body body;
  353. u8 reserved4[12];
  354. u8 q1[SGX_MODULUS_SIZE];
  355. u8 q2[SGX_MODULUS_SIZE];
  356. } __packed;
  357. #define SGX_LAUNCH_TOKEN_SIZE 304
  358. /*
  359. * Do not put any hardware-defined SGX structure representations below this
  360. * comment!
  361. */
  362. #ifdef CONFIG_X86_SGX_KVM
  363. int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs,
  364. int *trapnr);
  365. int sgx_virt_einit(void __user *sigstruct, void __user *token,
  366. void __user *secs, u64 *lepubkeyhash, int *trapnr);
  367. #endif
  368. int sgx_set_attribute(unsigned long *allowed_attributes,
  369. unsigned int attribute_fd);
  370. #endif /* _ASM_X86_SGX_H */