Vol. 3D 41-13
SGX INSTRUCTION REFERENCES
(* Check the EPC page for concurrency *)
IF (EPC page in use)
THEN #GP(0); FI;
IF (EPCM(DS:RCX).VALID ≠ 0)
THEN #PF(DS:RCX); FI;
(* Check the SECS for concurrency *)
IF (SECS is not available for EADD)
THEN #GP(0); FI;
IF (EPCM(DS:TMP_SECS).VALID = 0 or EPCM(DS:TMP_SECS).PT ≠ PT_SECS)
THEN #PF(DS:TMP_SECS); FI;
(* Copy 4KBytes from source page to EPC page*)
DS:RCX[32767:0] DS:TMP_SRCPGE[32767:0];
CASE (SCRATCH_SECINFO.FLAGS.PT)
{
PT_TCS:
IF (DS:RCX.RESERVED ≠ 0) #GP(0); FI;
IF ( (DS:TMP_SECS.ATTIBUTES.MODE64BIT = 0) and
((DS:TCS.FSLIMIT & 0FFFH ≠ 0FFFH) or (DS:TCS.GSLIMIT & 0FFFH ≠ 0FFFH) )) #GP(0); FI;
BREAK;
PT_REG:
IF (SCRATCH_SECINFO.FLAGS.W = 1 and SCRATCH_SECINFO.FLAGS.R = 0) #GP(0); FI;
BREAK;
ESAC;
(* Check the enclave offset is within the enclave linear address space *)
IF (TMP_LINADDR < DS:TMP_SECS.BASEADDR or TMP_LINADDR
≥
DS:TMP_SECS.BASEADDR + DS:TMP_SECS.SIZE)
THEN #GP(0); FI;
(* Check concurrency of measurement resource*)
IF (Measurement being updated)
THEN #GP(0); FI;
(* Check if the enclave to which the page will be added is already in Initialized state *)
IF (DS:TMP_SECS already initialized)
THEN #GP(0); FI;
(* For TCS pages, force EPCM.rwx bits to 0 and no debug access *)
IF (SCRATCH_SECINFO.FLAGS.PT = PT_TCS)
THEN
SCRATCH_SECINFO.FLAGS.R 0;
SCRATCH_SECINFO.FLAGS.W 0;
SCRATCH_SECINFO.FLAGS.X 0;
(DS:RCX).FLAGS.DBGOPTIN 0; // force TCS.FLAGS.DBGOPTIN off
DS:RCX.CSSA 0;
DS:RCX.AEP 0;
DS:RCX.STATE 0;
FI;
(* Add enclave offset and security attributes to MRENCLAVE *)