1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /** 3 * Copyright(c) 2016-20 Intel Corporation. 4 * 5 * Intel Software Guard Extensions (SGX) support. 6 */ 7 #ifndef _ASM_X86_SGX_H 8 #define _ASM_X86_SGX_H 9 10 #include <linux/bits.h> 11 #include <linux/types.h> 12 13 /* 14 * This file contains both data structures defined by SGX architecture and Linux 15 * defined software data structures and functions. The two should not be mixed 16 * together for better readability. The architectural definitions come first. 17 */ 18 19 /* The SGX specific CPUID function. */ 20 #define SGX_CPUID 0x12 21 /* EPC enumeration. */ 22 #define SGX_CPUID_EPC 2 23 /* An invalid EPC section, i.e. the end marker. */ 24 #define SGX_CPUID_EPC_INVALID 0x0 25 /* A valid EPC section. */ 26 #define SGX_CPUID_EPC_SECTION 0x1 27 /* The bitmask for the EPC section type. */ 28 #define SGX_CPUID_EPC_MASK GENMASK(3, 0) 29 30 enum sgx_encls_function { 31 ECREATE = 0x00, 32 EADD = 0x01, 33 EINIT = 0x02, 34 EREMOVE = 0x03, 35 EDGBRD = 0x04, 36 EDGBWR = 0x05, 37 EEXTEND = 0x06, 38 ELDU = 0x08, 39 EBLOCK = 0x09, 40 EPA = 0x0A, 41 EWB = 0x0B, 42 ETRACK = 0x0C, 43 EAUG = 0x0D, 44 EMODPR = 0x0E, 45 EMODT = 0x0F, 46 }; 47 48 /** 49 * SGX_ENCLS_FAULT_FLAG - flag signifying an ENCLS return code is a trapnr 50 * 51 * ENCLS has its own (positive value) error codes and also generates 52 * ENCLS specific #GP and #PF faults. And the ENCLS values get munged 53 * with system error codes as everything percolates back up the stack. 54 * Unfortunately (for us), we need to precisely identify each unique 55 * error code, e.g. the action taken if EWB fails varies based on the 56 * type of fault and on the exact SGX error code, i.e. we can't simply 57 * convert all faults to -EFAULT. 58 * 59 * To make all three error types coexist, we set bit 30 to identify an 60 * ENCLS fault. Bit 31 (technically bits N:31) is used to differentiate 61 * between positive (faults and SGX error codes) and negative (system 62 * error codes) values. 63 */ 64 #define SGX_ENCLS_FAULT_FLAG 0x40000000 65 66 /** 67 * enum sgx_return_code - The return code type for ENCLS, ENCLU and ENCLV 68 * %SGX_NOT_TRACKED: Previous ETRACK's shootdown sequence has not 69 * been completed yet. 70 * %SGX_CHILD_PRESENT SECS has child pages present in the EPC. 71 * %SGX_INVALID_EINITTOKEN: EINITTOKEN is invalid and enclave signer's 72 * public key does not match IA32_SGXLEPUBKEYHASH. 73 * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received 74 */ 75 enum sgx_return_code { 76 SGX_NOT_TRACKED = 11, 77 SGX_CHILD_PRESENT = 13, 78 SGX_INVALID_EINITTOKEN = 16, 79 SGX_UNMASKED_EVENT = 128, 80 }; 81 82 /* The modulus size for 3072-bit RSA keys. */ 83 #define SGX_MODULUS_SIZE 384 84 85 /** 86 * enum sgx_miscselect - additional information to an SSA frame 87 * %SGX_MISC_EXINFO: Report #PF or #GP to the SSA frame. 88 * 89 * Save State Area (SSA) is a stack inside the enclave used to store processor 90 * state when an exception or interrupt occurs. This enum defines additional 91 * information stored to an SSA frame. 92 */ 93 enum sgx_miscselect { 94 SGX_MISC_EXINFO = BIT(0), 95 }; 96 97 #define SGX_MISC_RESERVED_MASK GENMASK_ULL(63, 1) 98 99 #define SGX_SSA_GPRS_SIZE 184 100 #define SGX_SSA_MISC_EXINFO_SIZE 16 101 102 /** 103 * enum sgx_attributes - the attributes field in &struct sgx_secs 104 * %SGX_ATTR_INIT: Enclave can be entered (is initialized). 105 * %SGX_ATTR_DEBUG: Allow ENCLS(EDBGRD) and ENCLS(EDBGWR). 106 * %SGX_ATTR_MODE64BIT: Tell that this a 64-bit enclave. 107 * %SGX_ATTR_PROVISIONKEY: Allow to use provisioning keys for remote 108 * attestation. 109 * %SGX_ATTR_KSS: Allow to use key separation and sharing (KSS). 110 * %SGX_ATTR_EINITTOKENKEY: Allow to use token signing key that is used to 111 * sign cryptographic tokens that can be passed to 112 * EINIT as an authorization to run an enclave. 113 */ 114 enum sgx_attribute { 115 SGX_ATTR_INIT = BIT(0), 116 SGX_ATTR_DEBUG = BIT(1), 117 SGX_ATTR_MODE64BIT = BIT(2), 118 SGX_ATTR_PROVISIONKEY = BIT(4), 119 SGX_ATTR_EINITTOKENKEY = BIT(5), 120 SGX_ATTR_KSS = BIT(7), 121 }; 122 123 #define SGX_ATTR_RESERVED_MASK (BIT_ULL(3) | BIT_ULL(6) | GENMASK_ULL(63, 8)) 124 125 /** 126 * struct sgx_secs - SGX Enclave Control Structure (SECS) 127 * @size: size of the address space 128 * @base: base address of the address space 129 * @ssa_frame_size: size of an SSA frame 130 * @miscselect: additional information stored to an SSA frame 131 * @attributes: attributes for enclave 132 * @xfrm: XSave-Feature Request Mask (subset of XCR0) 133 * @mrenclave: SHA256-hash of the enclave contents 134 * @mrsigner: SHA256-hash of the public key used to sign the SIGSTRUCT 135 * @config_id: a user-defined value that is used in key derivation 136 * @isv_prod_id: a user-defined value that is used in key derivation 137 * @isv_svn: a user-defined value that is used in key derivation 138 * @config_svn: a user-defined value that is used in key derivation 139 * 140 * SGX Enclave Control Structure (SECS) is a special enclave page that is not 141 * visible in the address space. In fact, this structure defines the address 142 * range and other global attributes for the enclave and it is the first EPC 143 * page created for any enclave. It is moved from a temporary buffer to an EPC 144 * by the means of ENCLS[ECREATE] function. 145 */ 146 struct sgx_secs { 147 u64 size; 148 u64 base; 149 u32 ssa_frame_size; 150 u32 miscselect; 151 u8 reserved1[24]; 152 u64 attributes; 153 u64 xfrm; 154 u32 mrenclave[8]; 155 u8 reserved2[32]; 156 u32 mrsigner[8]; 157 u8 reserved3[32]; 158 u32 config_id[16]; 159 u16 isv_prod_id; 160 u16 isv_svn; 161 u16 config_svn; 162 u8 reserved4[3834]; 163 } __packed; 164 165 /** 166 * enum sgx_tcs_flags - execution flags for TCS 167 * %SGX_TCS_DBGOPTIN: If enabled allows single-stepping and breakpoints 168 * inside an enclave. It is cleared by EADD but can 169 * be set later with EDBGWR. 170 */ 171 enum sgx_tcs_flags { 172 SGX_TCS_DBGOPTIN = 0x01, 173 }; 174 175 #define SGX_TCS_RESERVED_MASK GENMASK_ULL(63, 1) 176 #define SGX_TCS_RESERVED_SIZE 4024 177 178 /** 179 * struct sgx_tcs - Thread Control Structure (TCS) 180 * @state: used to mark an entered TCS 181 * @flags: execution flags (cleared by EADD) 182 * @ssa_offset: SSA stack offset relative to the enclave base 183 * @ssa_index: the current SSA frame index (cleard by EADD) 184 * @nr_ssa_frames: the number of frame in the SSA stack 185 * @entry_offset: entry point offset relative to the enclave base 186 * @exit_addr: address outside the enclave to exit on an exception or 187 * interrupt 188 * @fs_offset: offset relative to the enclave base to become FS 189 * segment inside the enclave 190 * @gs_offset: offset relative to the enclave base to become GS 191 * segment inside the enclave 192 * @fs_limit: size to become a new FS-limit (only 32-bit enclaves) 193 * @gs_limit: size to become a new GS-limit (only 32-bit enclaves) 194 * 195 * Thread Control Structure (TCS) is an enclave page visible in its address 196 * space that defines an entry point inside the enclave. A thread enters inside 197 * an enclave by supplying address of TCS to ENCLU(EENTER). A TCS can be entered 198 * by only one thread at a time. 199 */ 200 struct sgx_tcs { 201 u64 state; 202 u64 flags; 203 u64 ssa_offset; 204 u32 ssa_index; 205 u32 nr_ssa_frames; 206 u64 entry_offset; 207 u64 exit_addr; 208 u64 fs_offset; 209 u64 gs_offset; 210 u32 fs_limit; 211 u32 gs_limit; 212 u8 reserved[SGX_TCS_RESERVED_SIZE]; 213 } __packed; 214 215 /** 216 * struct sgx_pageinfo - an enclave page descriptor 217 * @addr: address of the enclave page 218 * @contents: pointer to the page contents 219 * @metadata: pointer either to a SECINFO or PCMD instance 220 * @secs: address of the SECS page 221 */ 222 struct sgx_pageinfo { 223 u64 addr; 224 u64 contents; 225 u64 metadata; 226 u64 secs; 227 } __packed __aligned(32); 228 229 230 /** 231 * enum sgx_page_type - bits in the SECINFO flags defining the page type 232 * %SGX_PAGE_TYPE_SECS: a SECS page 233 * %SGX_PAGE_TYPE_TCS: a TCS page 234 * %SGX_PAGE_TYPE_REG: a regular page 235 * %SGX_PAGE_TYPE_VA: a VA page 236 * %SGX_PAGE_TYPE_TRIM: a page in trimmed state 237 */ 238 enum sgx_page_type { 239 SGX_PAGE_TYPE_SECS, 240 SGX_PAGE_TYPE_TCS, 241 SGX_PAGE_TYPE_REG, 242 SGX_PAGE_TYPE_VA, 243 SGX_PAGE_TYPE_TRIM, 244 }; 245 246 #define SGX_NR_PAGE_TYPES 5 247 #define SGX_PAGE_TYPE_MASK GENMASK(7, 0) 248 249 /** 250 * enum sgx_secinfo_flags - the flags field in &struct sgx_secinfo 251 * %SGX_SECINFO_R: allow read 252 * %SGX_SECINFO_W: allow write 253 * %SGX_SECINFO_X: allow execution 254 * %SGX_SECINFO_SECS: a SECS page 255 * %SGX_SECINFO_TCS: a TCS page 256 * %SGX_SECINFO_REG: a regular page 257 * %SGX_SECINFO_VA: a VA page 258 * %SGX_SECINFO_TRIM: a page in trimmed state 259 */ 260 enum sgx_secinfo_flags { 261 SGX_SECINFO_R = BIT(0), 262 SGX_SECINFO_W = BIT(1), 263 SGX_SECINFO_X = BIT(2), 264 SGX_SECINFO_SECS = (SGX_PAGE_TYPE_SECS << 8), 265 SGX_SECINFO_TCS = (SGX_PAGE_TYPE_TCS << 8), 266 SGX_SECINFO_REG = (SGX_PAGE_TYPE_REG << 8), 267 SGX_SECINFO_VA = (SGX_PAGE_TYPE_VA << 8), 268 SGX_SECINFO_TRIM = (SGX_PAGE_TYPE_TRIM << 8), 269 }; 270 271 #define SGX_SECINFO_PERMISSION_MASK GENMASK_ULL(2, 0) 272 #define SGX_SECINFO_PAGE_TYPE_MASK (SGX_PAGE_TYPE_MASK << 8) 273 #define SGX_SECINFO_RESERVED_MASK ~(SGX_SECINFO_PERMISSION_MASK | \ 274 SGX_SECINFO_PAGE_TYPE_MASK) 275 276 /** 277 * struct sgx_secinfo - describes attributes of an EPC page 278 * @flags: permissions and type 279 * 280 * Used together with ENCLS leaves that add or modify an EPC page to an 281 * enclave to define page permissions and type. 282 */ 283 struct sgx_secinfo { 284 u64 flags; 285 u8 reserved[56]; 286 } __packed __aligned(64); 287 288 #define SGX_PCMD_RESERVED_SIZE 40 289 290 /** 291 * struct sgx_pcmd - Paging Crypto Metadata (PCMD) 292 * @enclave_id: enclave identifier 293 * @mac: MAC over PCMD, page contents and isvsvn 294 * 295 * PCMD is stored for every swapped page to the regular memory. When ELDU loads 296 * the page back it recalculates the MAC by using a isvsvn number stored in a 297 * VA page. Together these two structures bring integrity and rollback 298 * protection. 299 */ 300 struct sgx_pcmd { 301 struct sgx_secinfo secinfo; 302 u64 enclave_id; 303 u8 reserved[SGX_PCMD_RESERVED_SIZE]; 304 u8 mac[16]; 305 } __packed __aligned(128); 306 307 #define SGX_SIGSTRUCT_RESERVED1_SIZE 84 308 #define SGX_SIGSTRUCT_RESERVED2_SIZE 20 309 #define SGX_SIGSTRUCT_RESERVED3_SIZE 32 310 #define SGX_SIGSTRUCT_RESERVED4_SIZE 12 311 312 /** 313 * struct sgx_sigstruct_header - defines author of the enclave 314 * @header1: constant byte string 315 * @vendor: must be either 0x0000 or 0x8086 316 * @date: YYYYMMDD in BCD 317 * @header2: constant byte string 318 * @swdefined: software defined value 319 */ 320 struct sgx_sigstruct_header { 321 u64 header1[2]; 322 u32 vendor; 323 u32 date; 324 u64 header2[2]; 325 u32 swdefined; 326 u8 reserved1[84]; 327 } __packed; 328 329 /** 330 * struct sgx_sigstruct_body - defines contents of the enclave 331 * @miscselect: additional information stored to an SSA frame 332 * @misc_mask: required miscselect in SECS 333 * @attributes: attributes for enclave 334 * @xfrm: XSave-Feature Request Mask (subset of XCR0) 335 * @attributes_mask: required attributes in SECS 336 * @xfrm_mask: required XFRM in SECS 337 * @mrenclave: SHA256-hash of the enclave contents 338 * @isvprodid: a user-defined value that is used in key derivation 339 * @isvsvn: a user-defined value that is used in key derivation 340 */ 341 struct sgx_sigstruct_body { 342 u32 miscselect; 343 u32 misc_mask; 344 u8 reserved2[20]; 345 u64 attributes; 346 u64 xfrm; 347 u64 attributes_mask; 348 u64 xfrm_mask; 349 u8 mrenclave[32]; 350 u8 reserved3[32]; 351 u16 isvprodid; 352 u16 isvsvn; 353 } __packed; 354 355 /** 356 * struct sgx_sigstruct - an enclave signature 357 * @header: defines author of the enclave 358 * @modulus: the modulus of the public key 359 * @exponent: the exponent of the public key 360 * @signature: the signature calculated over the fields except modulus, 361 * @body: defines contents of the enclave 362 * @q1: a value used in RSA signature verification 363 * @q2: a value used in RSA signature verification 364 * 365 * Header and body are the parts that are actual signed. The remaining fields 366 * define the signature of the enclave. 367 */ 368 struct sgx_sigstruct { 369 struct sgx_sigstruct_header header; 370 u8 modulus[SGX_MODULUS_SIZE]; 371 u32 exponent; 372 u8 signature[SGX_MODULUS_SIZE]; 373 struct sgx_sigstruct_body body; 374 u8 reserved4[12]; 375 u8 q1[SGX_MODULUS_SIZE]; 376 u8 q2[SGX_MODULUS_SIZE]; 377 } __packed; 378 379 #define SGX_LAUNCH_TOKEN_SIZE 304 380 381 /* 382 * Do not put any hardware-defined SGX structure representations below this 383 * comment! 384 */ 385 386 #ifdef CONFIG_X86_SGX_KVM 387 int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs, 388 int *trapnr); 389 int sgx_virt_einit(void __user *sigstruct, void __user *token, 390 void __user *secs, u64 *lepubkeyhash, int *trapnr); 391 #endif 392 393 int sgx_set_attribute(unsigned long *allowed_attributes, 394 unsigned int attribute_fd); 395 396 #endif /* _ASM_X86_SGX_H */ 397