sgx-isa 0.5.0

Constants and structures related to the Intel SGX ISA extension. These definitions correspond to those found in the Intel Software Developers Manual (SDM), volume 3.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237

/* Copyright (c) Fortanix, Inc.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
***/

//! Constants and structures related to the Intel TDX.

#[cfg(all(target_env = "sgx", not(feature = "sgxstd")))]
use crate::arch;
#[cfg(all(target_env = "sgx", feature = "sgxstd"))]
use std::os::fortanix_sgx::arch;

use crate::{enum_def, slice, struct_def, ReportMacStruct, Sha384Hash};

#[cfg(target_env = "sgx")]
use crate::ErrorCode;

// All variants of REPORTTYPE.VERSION that is valid for TDX report
enum_def! {
#[derive(Clone, Copy, Debug, PartialEq, Eq)]
#[repr(u8)]
pub enum TdxReportTypeVersion {
    NoBound       = 0x00,
    ServTdUsed    = 0x01,
    ConfigSvnUsed = 0x02,
}
}

/// Size of a TDX report in bytes.
pub const TDX_REPORT_SIZE: usize = 1024;
pub const TEE_TCB_INFO_SIZE: usize = 239;
pub const TDX_REPORT_RESERVED_SIZE: usize = 17;
pub const TEE_INFO_SIZE: usize = 512;
pub const TDINFO_BASE_SIZE: usize = 448;
pub const TDINFO_EXTENSION_V1_SIZE: usize = 64;
pub const TDINFO_V1_SIZE: usize = TDINFO_BASE_SIZE + TDINFO_EXTENSION_V1_SIZE;
pub const TEE_TCB_INFO_VALID_SIZE: usize = 8;
pub const TEE_TCB_INFO_TEE_TCB_SVN_SIZE: usize = 16;
pub const TEE_TCB_INFO_MR_SIZE: usize = 48;
pub const TEE_TCB_INFO_ATTRIBUTES_SIZE: usize = 8;
pub const TEE_TCB_INFO_RESERVED_SIZE: usize = 95;

struct_def! {
    /// Rust definition of `TEE_TCB_INFO` from `TDREPORT_STRUCT`.
    ///
    /// Ref: Intel® Trust Domain CPU Architectural Extensions, Table 2-3
    /// Version: 343754-002US, MAY 2021
    /// Link: <https://cdrdv2.intel.com/v1/dl/getContent/733582>
    #[repr(C)]
    #[cfg_attr(
        feature = "large_array_derive",
        derive(Clone, Debug, Eq, PartialEq)
    )]
    pub struct TeeTcbInfo {
        /// (  0) Indicates TEE_TCB_INFO fields which are valid
        /// - 1 in the i-th significant bit reflects that the 8 bytes starting at
        /// offset (8 * i) are valid.
        /// -  0 in the i-th significant bit reflects that either 8 bytes starting at
        /// offset (8 * i) is not populated or reserved, and is set to zero.
        pub valid: [u8; TEE_TCB_INFO_VALID_SIZE],
        /// (  8) TEE_TCB_SVN of the TDX Module that created the TD on the current platform.
        /// - TD Migration: For a TD which has been migrated, this is the
        ///   TEE_TCB_SVN of the TDX Module on the destination platform, at the
        ///   time of destination TD creation (TDH.MNG.CREATE), before import
        pub tee_tcb_svn: [u8; TEE_TCB_INFO_TEE_TCB_SVN_SIZE],
        /// ( 24) The measurement of the TDX Module that created the TD on the current platform.
        /// - TD Migration: For a TD which has been migrated, this is the
        ///   measurement of the TDX Module on the destination platform, at the
        ///   time of destination TD creation (TDH.MNG.CREATE), before import.
        pub mrseam: [u8; TEE_TCB_INFO_MR_SIZE],
        /// ( 72) Measurement of TDX module signer if valid, set to all 0’s.
        pub mrsigner_seam: [u8; TEE_TCB_INFO_MR_SIZE],
        /// (120) Additional configuration ATTRIBUTES if valid, set to all 0’s.
        pub attributes: [u8; TEE_TCB_INFO_ATTRIBUTES_SIZE],
        /// (128) TEE_TCB_SVN of the current TDX Module on the current platform.
        /// - TD Migration: For a TD which has been migrated, this is the
        ///   measurement of the current TDX Module on the destination platform,
        ///   at the time TDREPORT_STRUCT is generated by TDG.MR.REPORT.
        /// - Note: TEE_TCB_SVN2 may be different that TEE_TCB_SVN, due to TD-preserving TDX Module
        ///   updates.
        pub tee_tcb_svn2: [u8; TEE_TCB_INFO_TEE_TCB_SVN_SIZE],
        /// (144) Reserved, must be zero
        pub reserved: [u8; TEE_TCB_INFO_RESERVED_SIZE],
    }
}

impl TeeTcbInfo {
    pub const UNPADDED_SIZE: usize = TEE_TCB_INFO_SIZE;
}

struct_def! {
    /// Rust definition of `TDINFO_BASE` used by `TDINFO_STRUCT`.
    ///
    /// Ref: Intel TDX Module Application Binary Interface (ABI) Reference, table 3.50.
    /// Version: Sep 2025, 348551-007US
    /// Link: <https://cdrdv2.intel.com/v1/dl/getContent/733579>
    #[repr(C)]
    #[cfg_attr(
        feature = "large_array_derive",
        derive(Clone, Debug, Eq, PartialEq)
    )]
    pub struct TdInfoBase {
        /// (  0) TD’s ATTRIBUTES
        pub attributes: [u8; 8],
        /// (  8) TD’s XFAM
        pub xfam: [u8; 8],
        /// ( 16) Measurement of the initial contents of the TD: SHA384 hash
        pub mr_td: Sha384Hash,
        /// ( 64) Software-defined ID for non-owner-defined configuration of the
        /// guest TD – e.g., run-time or OS configuration
        pub mr_config_id: Sha384Hash,
        /// (112) Software-defined ID for the guest TD’s owner
        pub mr_owner: Sha384Hash,
        /// (160) Software-defined ID for owner-defined configuration of the
        /// guest TD – e.g., specific to the workload rather than the run-time
        /// or OS
        pub mr_owner_config: Sha384Hash,
        /// (208) Array of 4 run-time extendable measurement registers
        pub rtmr: [Sha384Hash; 4],
        /// (400) Reserved extension for REPORTTYPE.VERSION 0 or 1
        pub servtd_hash: Sha384Hash,
    }
}

impl TdInfoBase {
    pub const UNPADDED_SIZE: usize = TDINFO_BASE_SIZE;
}

struct_def! {
    /// Rust definition of `TDINFO_STRUCT` for REPORTTYPE.VERSION 0 or 1.
    ///
    /// Ref: Intel TDX Module Application Binary Interface (ABI) Reference, table 3.49.
    /// Version: Sep 2025, 348551-007US
    /// Link: <https://cdrdv2.intel.com/v1/dl/getContent/733579>
    #[repr(C, align(512))]
    #[cfg_attr(
        feature = "large_array_derive",
        derive(Clone, Debug, Eq, PartialEq)
    )]
    pub struct TdInfoV1 {
        /// (  0) Base TDINFO fields
        pub base: TdInfoBase,
        /// (448) Reserved extension for REPORTTYPE.VERSION 0 or 1
        pub extension: [u8; TDINFO_EXTENSION_V1_SIZE],
    }
}

impl TdInfoV1 {
    pub const UNPADDED_SIZE: usize = TDINFO_V1_SIZE;
}

// TODO(RTE-805): Add support for TDINFO_STRUCT with size 768 bytes
struct_def! {
    /// Rust definition of `TDREPORT_STRUCT` from the output of the `TDG.MR.REPORT` function.
    /// Total size of this variant is __1024__ bytes with `report_mac.report_type.version` equals __0 or 1__.
    ///
    /// Note: `TDG.MR.REPORT` is one variant of syscall `TDCALL`.
    ///
    /// Ref: Intel TDX Module Application Binary Interface (ABI) Reference, table 3.45.
    /// Version: Sep 2025, 348551-007US
    /// Link: <https://cdrdv2.intel.com/v1/dl/getContent/733579>
    #[repr(C, align(1024))]
    #[cfg_attr(
        feature = "large_array_derive",
        derive(Clone, Debug, Eq, PartialEq)
    )]
    pub struct TdxReportV1 {
        /// (  0) Report mac struct for SGX report type 2
        pub report_mac: ReportMacStruct,
        /// (256) Struct contains details about extra TCB elements not found in CPUSVN
        pub tee_tcb_info: TeeTcbInfo,
        /// (495) Reserved, must be zero
        pub reserved: [u8; TDX_REPORT_RESERVED_SIZE],
        /// (512) Structure containing the TD’s attestable properties.
        pub td_info: TdInfoV1,
    }
}

impl TdxReportV1 {
    pub const UNPADDED_SIZE: usize = 1024;
}

#[cfg(not(feature = "large_array_derive"))]
mod debug_impl {
    use super::*;
    use core::fmt::{Debug, Formatter, Result};

    impl Debug for TdxReportV1 {
        fn fmt(&self, f: &mut Formatter<'_>) -> Result {
            f.debug_struct("TdxReport")
                .field("report_mac", &self.report_mac)
                .field("tee_tcb_info", &self.tee_tcb_info)
                .field("reserved", &self.reserved)
                .field("tee_info", &self.td_info)
                .finish()
        }
    }

    impl Debug for TeeTcbInfo {
        fn fmt(&self, f: &mut Formatter<'_>) -> Result {
            f.debug_struct("TeeTcbInfo")
                .field("valid", &self.valid)
                .field("tee_tcb_svn", &self.tee_tcb_svn)
                .field("mrseam", &self.mrseam)
                .field("mrsigner_seam", &self.mrsigner_seam)
                .field("attributes", &self.attributes)
                .field("reserved", &self.reserved)
                .finish()
        }
    }

    impl Debug for TdInfoV1 {
        fn fmt(&self, f: &mut Formatter<'_>) -> Result {
            f.debug_struct("TdInfoV1")
                .field("base", &self.base)
                .field("extension", &self.extension)
                .finish()
        }
    }

    impl Debug for TdInfoBase {
        fn fmt(&self, f: &mut Formatter<'_>) -> Result {
            f.debug_struct("TdInfoBase")
                .field("attributes", &self.attributes)
                .field("xfam", &self.xfam)
                .field("mr_td", &self.mr_td)
                .field("mr_config_id", &self.mr_config_id)
                .field("mr_owner", &self.mr_owner)
                .field("mr_owner_config", &self.mr_owner_config)
                .field("rtmr", &self.rtmr)
                .field("servtd_hash", &self.servtd_hash)
                .finish()
        }
    }
}