tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0 */
2/**
3 * Copyright(c) 2016-20 Intel Corporation.
4 *
5 * Intel Software Guard Extensions (SGX) support.
6 */
7#ifndef _ASM_X86_SGX_H
8#define _ASM_X86_SGX_H
9
10#include <linux/bits.h>
11#include <linux/types.h>
12
13/*
14 * This file contains both data structures defined by SGX architecture and Linux
15 * defined software data structures and functions. The two should not be mixed
16 * together for better readability. The architectural definitions come first.
17 */
18
19/* The SGX specific CPUID function. */
20#define SGX_CPUID 0x12
21/* EPC enumeration. */
22#define SGX_CPUID_EPC 2
23/* An invalid EPC section, i.e. the end marker. */
24#define SGX_CPUID_EPC_INVALID 0x0
25/* A valid EPC section. */
26#define SGX_CPUID_EPC_SECTION 0x1
27/* The bitmask for the EPC section type. */
28#define SGX_CPUID_EPC_MASK GENMASK(3, 0)
29
30enum sgx_encls_function {
31 ECREATE = 0x00,
32 EADD = 0x01,
33 EINIT = 0x02,
34 EREMOVE = 0x03,
35 EDGBRD = 0x04,
36 EDGBWR = 0x05,
37 EEXTEND = 0x06,
38 ELDU = 0x08,
39 EBLOCK = 0x09,
40 EPA = 0x0A,
41 EWB = 0x0B,
42 ETRACK = 0x0C,
43 EAUG = 0x0D,
44 EMODPR = 0x0E,
45 EMODT = 0x0F,
46};
47
48/**
49 * SGX_ENCLS_FAULT_FLAG - flag signifying an ENCLS return code is a trapnr
50 *
51 * ENCLS has its own (positive value) error codes and also generates
52 * ENCLS specific #GP and #PF faults. And the ENCLS values get munged
53 * with system error codes as everything percolates back up the stack.
54 * Unfortunately (for us), we need to precisely identify each unique
55 * error code, e.g. the action taken if EWB fails varies based on the
56 * type of fault and on the exact SGX error code, i.e. we can't simply
57 * convert all faults to -EFAULT.
58 *
59 * To make all three error types coexist, we set bit 30 to identify an
60 * ENCLS fault. Bit 31 (technically bits N:31) is used to differentiate
61 * between positive (faults and SGX error codes) and negative (system
62 * error codes) values.
63 */
64#define SGX_ENCLS_FAULT_FLAG 0x40000000
65
66/**
67 * enum sgx_return_code - The return code type for ENCLS, ENCLU and ENCLV
68 * %SGX_EPC_PAGE_CONFLICT: Page is being written by other ENCLS function.
69 * %SGX_NOT_TRACKED: Previous ETRACK's shootdown sequence has not
70 * been completed yet.
71 * %SGX_CHILD_PRESENT SECS has child pages present in the EPC.
72 * %SGX_INVALID_EINITTOKEN: EINITTOKEN is invalid and enclave signer's
73 * public key does not match IA32_SGXLEPUBKEYHASH.
74 * %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified because it
75 * is in the PENDING or MODIFIED state.
76 * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received
77 */
78enum sgx_return_code {
79 SGX_EPC_PAGE_CONFLICT = 7,
80 SGX_NOT_TRACKED = 11,
81 SGX_CHILD_PRESENT = 13,
82 SGX_INVALID_EINITTOKEN = 16,
83 SGX_PAGE_NOT_MODIFIABLE = 20,
84 SGX_UNMASKED_EVENT = 128,
85};
86
87/* The modulus size for 3072-bit RSA keys. */
88#define SGX_MODULUS_SIZE 384
89
90/**
91 * enum sgx_miscselect - additional information to an SSA frame
92 * %SGX_MISC_EXINFO: Report #PF or #GP to the SSA frame.
93 *
94 * Save State Area (SSA) is a stack inside the enclave used to store processor
95 * state when an exception or interrupt occurs. This enum defines additional
96 * information stored to an SSA frame.
97 */
98enum sgx_miscselect {
99 SGX_MISC_EXINFO = BIT(0),
100};
101
102#define SGX_MISC_RESERVED_MASK GENMASK_ULL(63, 1)
103
104#define SGX_SSA_GPRS_SIZE 184
105#define SGX_SSA_MISC_EXINFO_SIZE 16
106
107/**
108 * enum sgx_attributes - the attributes field in &struct sgx_secs
109 * %SGX_ATTR_INIT: Enclave can be entered (is initialized).
110 * %SGX_ATTR_DEBUG: Allow ENCLS(EDBGRD) and ENCLS(EDBGWR).
111 * %SGX_ATTR_MODE64BIT: Tell that this a 64-bit enclave.
112 * %SGX_ATTR_PROVISIONKEY: Allow to use provisioning keys for remote
113 * attestation.
114 * %SGX_ATTR_KSS: Allow to use key separation and sharing (KSS).
115 * %SGX_ATTR_EINITTOKENKEY: Allow to use token signing key that is used to
116 * sign cryptographic tokens that can be passed to
117 * EINIT as an authorization to run an enclave.
118 */
119enum sgx_attribute {
120 SGX_ATTR_INIT = BIT(0),
121 SGX_ATTR_DEBUG = BIT(1),
122 SGX_ATTR_MODE64BIT = BIT(2),
123 SGX_ATTR_PROVISIONKEY = BIT(4),
124 SGX_ATTR_EINITTOKENKEY = BIT(5),
125 SGX_ATTR_KSS = BIT(7),
126};
127
128#define SGX_ATTR_RESERVED_MASK (BIT_ULL(3) | BIT_ULL(6) | GENMASK_ULL(63, 8))
129
130/**
131 * struct sgx_secs - SGX Enclave Control Structure (SECS)
132 * @size: size of the address space
133 * @base: base address of the address space
134 * @ssa_frame_size: size of an SSA frame
135 * @miscselect: additional information stored to an SSA frame
136 * @attributes: attributes for enclave
137 * @xfrm: XSave-Feature Request Mask (subset of XCR0)
138 * @mrenclave: SHA256-hash of the enclave contents
139 * @mrsigner: SHA256-hash of the public key used to sign the SIGSTRUCT
140 * @config_id: a user-defined value that is used in key derivation
141 * @isv_prod_id: a user-defined value that is used in key derivation
142 * @isv_svn: a user-defined value that is used in key derivation
143 * @config_svn: a user-defined value that is used in key derivation
144 *
145 * SGX Enclave Control Structure (SECS) is a special enclave page that is not
146 * visible in the address space. In fact, this structure defines the address
147 * range and other global attributes for the enclave and it is the first EPC
148 * page created for any enclave. It is moved from a temporary buffer to an EPC
149 * by the means of ENCLS[ECREATE] function.
150 */
151struct sgx_secs {
152 u64 size;
153 u64 base;
154 u32 ssa_frame_size;
155 u32 miscselect;
156 u8 reserved1[24];
157 u64 attributes;
158 u64 xfrm;
159 u32 mrenclave[8];
160 u8 reserved2[32];
161 u32 mrsigner[8];
162 u8 reserved3[32];
163 u32 config_id[16];
164 u16 isv_prod_id;
165 u16 isv_svn;
166 u16 config_svn;
167 u8 reserved4[3834];
168} __packed;
169
170/**
171 * enum sgx_tcs_flags - execution flags for TCS
172 * %SGX_TCS_DBGOPTIN: If enabled allows single-stepping and breakpoints
173 * inside an enclave. It is cleared by EADD but can
174 * be set later with EDBGWR.
175 */
176enum sgx_tcs_flags {
177 SGX_TCS_DBGOPTIN = 0x01,
178};
179
180#define SGX_TCS_RESERVED_MASK GENMASK_ULL(63, 1)
181#define SGX_TCS_RESERVED_SIZE 4024
182
183/**
184 * struct sgx_tcs - Thread Control Structure (TCS)
185 * @state: used to mark an entered TCS
186 * @flags: execution flags (cleared by EADD)
187 * @ssa_offset: SSA stack offset relative to the enclave base
188 * @ssa_index: the current SSA frame index (cleard by EADD)
189 * @nr_ssa_frames: the number of frame in the SSA stack
190 * @entry_offset: entry point offset relative to the enclave base
191 * @exit_addr: address outside the enclave to exit on an exception or
192 * interrupt
193 * @fs_offset: offset relative to the enclave base to become FS
194 * segment inside the enclave
195 * @gs_offset: offset relative to the enclave base to become GS
196 * segment inside the enclave
197 * @fs_limit: size to become a new FS-limit (only 32-bit enclaves)
198 * @gs_limit: size to become a new GS-limit (only 32-bit enclaves)
199 *
200 * Thread Control Structure (TCS) is an enclave page visible in its address
201 * space that defines an entry point inside the enclave. A thread enters inside
202 * an enclave by supplying address of TCS to ENCLU(EENTER). A TCS can be entered
203 * by only one thread at a time.
204 */
205struct sgx_tcs {
206 u64 state;
207 u64 flags;
208 u64 ssa_offset;
209 u32 ssa_index;
210 u32 nr_ssa_frames;
211 u64 entry_offset;
212 u64 exit_addr;
213 u64 fs_offset;
214 u64 gs_offset;
215 u32 fs_limit;
216 u32 gs_limit;
217 u8 reserved[SGX_TCS_RESERVED_SIZE];
218} __packed;
219
220/**
221 * struct sgx_pageinfo - an enclave page descriptor
222 * @addr: address of the enclave page
223 * @contents: pointer to the page contents
224 * @metadata: pointer either to a SECINFO or PCMD instance
225 * @secs: address of the SECS page
226 */
227struct sgx_pageinfo {
228 u64 addr;
229 u64 contents;
230 u64 metadata;
231 u64 secs;
232} __packed __aligned(32);
233
234
235/**
236 * enum sgx_page_type - bits in the SECINFO flags defining the page type
237 * %SGX_PAGE_TYPE_SECS: a SECS page
238 * %SGX_PAGE_TYPE_TCS: a TCS page
239 * %SGX_PAGE_TYPE_REG: a regular page
240 * %SGX_PAGE_TYPE_VA: a VA page
241 * %SGX_PAGE_TYPE_TRIM: a page in trimmed state
242 *
243 * Make sure when making changes to this enum that its values can still fit
244 * in the bitfield within &struct sgx_encl_page
245 */
246enum sgx_page_type {
247 SGX_PAGE_TYPE_SECS,
248 SGX_PAGE_TYPE_TCS,
249 SGX_PAGE_TYPE_REG,
250 SGX_PAGE_TYPE_VA,
251 SGX_PAGE_TYPE_TRIM,
252};
253
254#define SGX_NR_PAGE_TYPES 5
255#define SGX_PAGE_TYPE_MASK GENMASK(7, 0)
256
257/**
258 * enum sgx_secinfo_flags - the flags field in &struct sgx_secinfo
259 * %SGX_SECINFO_R: allow read
260 * %SGX_SECINFO_W: allow write
261 * %SGX_SECINFO_X: allow execution
262 * %SGX_SECINFO_SECS: a SECS page
263 * %SGX_SECINFO_TCS: a TCS page
264 * %SGX_SECINFO_REG: a regular page
265 * %SGX_SECINFO_VA: a VA page
266 * %SGX_SECINFO_TRIM: a page in trimmed state
267 */
268enum sgx_secinfo_flags {
269 SGX_SECINFO_R = BIT(0),
270 SGX_SECINFO_W = BIT(1),
271 SGX_SECINFO_X = BIT(2),
272 SGX_SECINFO_SECS = (SGX_PAGE_TYPE_SECS << 8),
273 SGX_SECINFO_TCS = (SGX_PAGE_TYPE_TCS << 8),
274 SGX_SECINFO_REG = (SGX_PAGE_TYPE_REG << 8),
275 SGX_SECINFO_VA = (SGX_PAGE_TYPE_VA << 8),
276 SGX_SECINFO_TRIM = (SGX_PAGE_TYPE_TRIM << 8),
277};
278
279#define SGX_SECINFO_PERMISSION_MASK GENMASK_ULL(2, 0)
280#define SGX_SECINFO_PAGE_TYPE_MASK (SGX_PAGE_TYPE_MASK << 8)
281#define SGX_SECINFO_RESERVED_MASK ~(SGX_SECINFO_PERMISSION_MASK | \
282 SGX_SECINFO_PAGE_TYPE_MASK)
283
284/**
285 * struct sgx_secinfo - describes attributes of an EPC page
286 * @flags: permissions and type
287 *
288 * Used together with ENCLS leaves that add or modify an EPC page to an
289 * enclave to define page permissions and type.
290 */
291struct sgx_secinfo {
292 u64 flags;
293 u8 reserved[56];
294} __packed __aligned(64);
295
296#define SGX_PCMD_RESERVED_SIZE 40
297
298/**
299 * struct sgx_pcmd - Paging Crypto Metadata (PCMD)
300 * @enclave_id: enclave identifier
301 * @mac: MAC over PCMD, page contents and isvsvn
302 *
303 * PCMD is stored for every swapped page to the regular memory. When ELDU loads
304 * the page back it recalculates the MAC by using a isvsvn number stored in a
305 * VA page. Together these two structures bring integrity and rollback
306 * protection.
307 */
308struct sgx_pcmd {
309 struct sgx_secinfo secinfo;
310 u64 enclave_id;
311 u8 reserved[SGX_PCMD_RESERVED_SIZE];
312 u8 mac[16];
313} __packed __aligned(128);
314
315#define SGX_SIGSTRUCT_RESERVED1_SIZE 84
316#define SGX_SIGSTRUCT_RESERVED2_SIZE 20
317#define SGX_SIGSTRUCT_RESERVED3_SIZE 32
318#define SGX_SIGSTRUCT_RESERVED4_SIZE 12
319
320/**
321 * struct sgx_sigstruct_header - defines author of the enclave
322 * @header1: constant byte string
323 * @vendor: must be either 0x0000 or 0x8086
324 * @date: YYYYMMDD in BCD
325 * @header2: constant byte string
326 * @swdefined: software defined value
327 */
328struct sgx_sigstruct_header {
329 u64 header1[2];
330 u32 vendor;
331 u32 date;
332 u64 header2[2];
333 u32 swdefined;
334 u8 reserved1[84];
335} __packed;
336
337/**
338 * struct sgx_sigstruct_body - defines contents of the enclave
339 * @miscselect: additional information stored to an SSA frame
340 * @misc_mask: required miscselect in SECS
341 * @attributes: attributes for enclave
342 * @xfrm: XSave-Feature Request Mask (subset of XCR0)
343 * @attributes_mask: required attributes in SECS
344 * @xfrm_mask: required XFRM in SECS
345 * @mrenclave: SHA256-hash of the enclave contents
346 * @isvprodid: a user-defined value that is used in key derivation
347 * @isvsvn: a user-defined value that is used in key derivation
348 */
349struct sgx_sigstruct_body {
350 u32 miscselect;
351 u32 misc_mask;
352 u8 reserved2[20];
353 u64 attributes;
354 u64 xfrm;
355 u64 attributes_mask;
356 u64 xfrm_mask;
357 u8 mrenclave[32];
358 u8 reserved3[32];
359 u16 isvprodid;
360 u16 isvsvn;
361} __packed;
362
363/**
364 * struct sgx_sigstruct - an enclave signature
365 * @header: defines author of the enclave
366 * @modulus: the modulus of the public key
367 * @exponent: the exponent of the public key
368 * @signature: the signature calculated over the fields except modulus,
369 * @body: defines contents of the enclave
370 * @q1: a value used in RSA signature verification
371 * @q2: a value used in RSA signature verification
372 *
373 * Header and body are the parts that are actual signed. The remaining fields
374 * define the signature of the enclave.
375 */
376struct sgx_sigstruct {
377 struct sgx_sigstruct_header header;
378 u8 modulus[SGX_MODULUS_SIZE];
379 u32 exponent;
380 u8 signature[SGX_MODULUS_SIZE];
381 struct sgx_sigstruct_body body;
382 u8 reserved4[12];
383 u8 q1[SGX_MODULUS_SIZE];
384 u8 q2[SGX_MODULUS_SIZE];
385} __packed;
386
387#define SGX_LAUNCH_TOKEN_SIZE 304
388
389/*
390 * Do not put any hardware-defined SGX structure representations below this
391 * comment!
392 */
393
394#ifdef CONFIG_X86_SGX_KVM
395int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs,
396 int *trapnr);
397int sgx_virt_einit(void __user *sigstruct, void __user *token,
398 void __user *secs, u64 *lepubkeyhash, int *trapnr);
399#endif
400
401int sgx_set_attribute(unsigned long *allowed_attributes,
402 unsigned int attribute_fd);
403
404#endif /* _ASM_X86_SGX_H */