background image

38-12 Vol. 3D

ENCLAVE ACCESS CONTROL AND DATA STRUCTURES

38.11.2  PAGE_TYPE Field Definition

The SECINFO flags and EPC flags contain bits indicating the type of page. 

38.12  PAGING CRYPTO METADATA (PCMD)

The PCMD structure is used to keep track of crypto meta-data associated with a paged-out page. Combined with 
PAGEINFO, it provides enough information for the processor to verify, decrypt, and reload a paged-out EPC page. 
The size of the PCMD structure (128 bytes) is architectural. 
EWB calculates the Message Authentication Code (MAC) value and writes out the PCMD. ELDB/U reads the fields 
and checks the MAC.
The format of PCMD is as follows:

38.13  ENCLAVE SIGNATURE STRUCTURE (SIGSTRUCT)

SIGSTRUCT is a structure created and signed by the enclave developer that contains information about the 
enclave. SIGSTRUCT is processed by the EINIT leaf function to verify that the enclave was properly built.
SIGSTRUCT includes ENCLAVEHASH as SHA256 digest, as defined in FIPS PUB 180-4. The digests are byte strings 
of length 32. Each of the 8 HASH dwords is stored in little-endian order.
SIGSTRUCT includes four 3072-bit integers (MODULUS, SIGNATURE, Q1, Q2). Each such integer is represented as 
a byte strings of length 384, with the most significant byte at the position “offset + 383”, and the least significant 
byte at position “offset”.
The (3072-bit integer) SIGNATURE should be an RSA signature, where: a) the RSA modulus (MODULUS) is a 3072-
bit integer; b) the public exponent is set to 3; c) the signing procedure uses the EMSA-PKCS1-v1.5 format with DER 
encoding of the “DigestInfo” value as specified in of PKCS#1 v2.1/RFC 3447.
The 3072-bit integers Q1 and Q2 are defined by:
q1 = floor(Signature^2 / Modulus);
q2 = floor((Signature^3 - q1 * Signature * Modulus) / Modulus);
SIGSTRUCT must be page aligned

Table 38-17.  Supported PAGE_TYPE

TYPE

Value

Description

PT_SECS

0

Page is an SECS.

PT_TCS

1

Page is a TCS.

PT_REG

2

Page is a regular page.

PT_VA

3

Page is a Version Array.

PT_TRIM

4

Page is in trimmed state.

All other

Reserved.

Table 38-18.  Layout of PCMD Data Structure

Field

OFFSET (Bytes) Size (Bytes)

Description

SECINFO

0

64

Flags describing the state of the enclave page; R/W by software.

ENCLAVEID

64

8

Enclave Identifier used to establish a cryptographic binding between paged-out 

page and the enclave.

RESERVED

72

40

Must be zero.

MAC

112

16

Message Authentication Code

 for the page, page meta-data and reserved 

field.