Update based on feedback

gilanghamidy · gilanghamidy · commit da8a7409aefb · 2026-04-08T13:00:11.000+02:00
diff --git a/intel-sgx/sgx-isa/src/arch.rs b/intel-sgx/sgx-isa/src/arch.rs
@@ -5,79 +5,96 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 use super::Enclu;
 use core::arch::asm;
-use core::mem::MaybeUninit;
 
-/// Wrapper struct to force 16-byte alignment.
-#[repr(align(16))]
-pub struct Align16<T>(pub T);
+/// Group all functions and types that is already upstreamed in the sgxstd
+#[cfg(all(target_env = "sgx", not(feature = "sgxstd")))]
+mod upstream {
+    use super::*;
+    use core::mem::MaybeUninit;
 
-/// Wrapper struct to force 128-byte alignment.
-#[repr(align(128))]
-pub struct Align128<T>(pub T);
+    /// Wrapper struct to force 16-byte alignment.
+    #[repr(align(16))]
+    pub struct Align16<T>(pub T);
 
-/// Wrapper struct to force 256-byte alignment.
-#[repr(align(256))]
-pub struct Align256<T>(pub T);
+    /// Wrapper struct to force 128-byte alignment.
+    #[repr(align(128))]
+    pub struct Align128<T>(pub T);
 
-/// Wrapper struct to force 512-byte alignment.
-#[repr(align(512))]
-pub struct Align512<T>(pub T);
+    /// Wrapper struct to force 512-byte alignment.
+    #[repr(align(512))]
+    pub struct Align512<T>(pub T);
 
-/// Call the `EGETKEY` instruction to obtain a 128-bit secret key.
-pub fn egetkey(request: &Align512<[u8; 512]>) -> Result<Align16<[u8; 16]>, u32> {
-    unsafe {
-        let mut out = MaybeUninit::uninit();
-        let error;
+    /// Call the `EGETKEY` instruction to obtain a 128-bit secret key.
+    pub fn egetkey(request: &Align512<[u8; 512]>) -> Result<Align16<[u8; 16]>, u32> {
+        unsafe {
+            let mut out = MaybeUninit::uninit();
+            let error;
 
-        asm!(
-            // rbx is reserved by LLVM
-            "xchg %rbx, {0}",
-            "enclu",
-            "mov {0}, %rbx",
-            inout(reg) request => _,
-            inlateout("eax") Enclu::EGetkey as u32 => error,
-            in("rcx") out.as_mut_ptr(),
-            options(att_syntax, nostack),
-        );
+            asm!(
+                // rbx is reserved by LLVM
+                "xchg %rbx, {0}",
+                "enclu",
+                "mov {0}, %rbx",
+                inout(reg) request => _,
+                inlateout("eax") Enclu::EGetkey as u32 => error,
+                in("rcx") out.as_mut_ptr(),
+                options(att_syntax, nostack),
+            );
 
-        match error {
-            0 => Ok(out.assume_init()),
-            err => Err(err),
+            match error {
+                0 => Ok(out.assume_init()),
+                err => Err(err),
+            }
         }
     }
-}
 
-/// Call the `EREPORT` instruction.
-///
-/// This creates a cryptographic report describing the contents of the current
-/// enclave. The report may be verified by the enclave described in
-/// `targetinfo`.
-pub fn ereport(
-    targetinfo: &Align512<[u8; 512]>,
-    reportdata: &Align128<[u8; 64]>,
-) -> Align512<[u8; 432]> {
-    unsafe {
-        let mut report = MaybeUninit::uninit();
+    /// Call the `EREPORT` instruction.
+    ///
+    /// This creates a cryptographic report describing the contents of the current
+    /// enclave. The report may be verified by the enclave described in
+    /// `targetinfo`.
+    pub fn ereport(
+        targetinfo: &Align512<[u8; 512]>,
+        reportdata: &Align128<[u8; 64]>,
+    ) -> Align512<[u8; 432]> {
+        unsafe {
+            let mut report = MaybeUninit::uninit();
 
-        asm!(
-            // rbx is reserved by LLVM
-            "xchg %rbx, {0}",
-            "enclu",
-            "mov {0}, %rbx",
-            inout(reg) targetinfo => _,
-            in("eax") Enclu::EReport as u32,
-            in("rcx") reportdata,
-            in("rdx") report.as_mut_ptr(),
-            options(att_syntax, preserves_flags, nostack),
-        );
+            asm!(
+                // rbx is reserved by LLVM
+                "xchg %rbx, {0}",
+                "enclu",
+                "mov {0}, %rbx",
+                inout(reg) targetinfo => _,
+                in("eax") Enclu::EReport as u32,
+                in("rcx") reportdata,
+                in("rdx") report.as_mut_ptr(),
+                options(att_syntax, preserves_flags, nostack),
+            );
 
-        report.assume_init()
+            report.assume_init()
+        }
     }
 }
 
+// Export the function in the `upstream` group if not using `sgxstd`
+#[cfg(all(target_env = "sgx", not(feature = "sgxstd")))]
+pub use self::upstream::*;
+
+// Export function in the `fortanix_sgx::arch` namespace if using `sgxstd`
+#[cfg(all(target_env = "sgx", feature = "sgxstd"))]
+pub use std::os::fortanix_sgx::arch::*;
+
+// Functions and types below is not yet upstreamed and will be added to the
+// upstream in the future.
+
+/// Wrapper struct to force 256-byte alignment.
+#[repr(align(256))]
+pub struct Align256<T>(pub T);
+
 /// Call the `EVERIFYREPORT2` instruction to verify a REPORT MAC struct.
 /// The concrete type is [`crate::ReportMac`].
-pub fn everifyreport2(tdx_report_mac: &Align256<[u8; 256]>) -> Result<(), u32> {
+pub fn everifyreport2(report_mac: &Align256<[u8; 256]>) -> Result<(), u32> {
     unsafe {
         let error: u32;
         asm!(
@@ -87,7 +104,7 @@ pub fn everifyreport2(tdx_report_mac: &Align256<[u8; 256]>) -> Result<(), u32> {
             "jz 1f",
             "xor %eax, %eax",
             "1:",
-            inout(reg) tdx_report_mac => _,
+            inout(reg) report_mac => _,
             inlateout("eax") Enclu::EVerifyReport2 as u32 => error,
             options(att_syntax, nostack),
         );
diff --git a/intel-sgx/sgx-isa/src/large_array_impl.rs b/intel-sgx/sgx-isa/src/large_array_impl.rs
@@ -289,16 +289,16 @@ impl ::core::fmt::Debug for Keyrequest {
     }
 }
 
-impl ::core::fmt::Debug for ReportMac {
+impl ::core::fmt::Debug for ReportMacStruct {
     fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result {
         f.debug_struct("ReportMac")
             .field("report_type", &self.report_type)
-            .field("reserved1", &self.reserved1)
+            .field("reserved1", &self._reserved1)
             .field("cpu_svn", &self.cpu_svn)
             .field("tee_tcb_info_hash", &self.tee_tcb_info_hash)
             .field("tee_info_hash", &self.tee_info_hash)
             .field("report_data", &self.report_data)
-            .field("reserved2", &self.reserved2)
+            .field("reserved2", &self._reserved2)
             .field("mac", &self.mac)
             .finish()
     }
diff --git a/intel-sgx/sgx-isa/src/lib.rs b/intel-sgx/sgx-isa/src/lib.rs
@@ -28,23 +28,9 @@ extern crate serde;
 #[cfg(feature = "serde")]
 use serde::{Serialize, Deserialize};
 
-#[cfg(all(target_env = "sgx", feature = "sgxstd"))]
-use std::os::fortanix_sgx::arch;
-
-#[cfg(all(target_env = "sgx", not(feature = "sgxstd")))]
+#[cfg(target_env = "sgx")]
 mod arch;
 
-// Compatibility layer before the `EVERIFYREPORT2` is upstreamed
-#[cfg(all(target_env = "sgx", feature = "sgxstd"))]
-#[path ="arch.rs"]
-mod non_std_arch;
-
-#[cfg(all(target_env = "sgx", feature = "sgxstd"))]
-use non_std_arch::{Align256, everifyreport2};
-
-#[cfg(all(target_env = "sgx", not(feature = "sgxstd")))]
-use arch::{Align256, everifyreport2};
-
 use core::{convert::TryFrom, num::TryFromIntError, slice};
 
 #[cfg(feature = "serde")]
@@ -235,7 +221,9 @@ macro_rules! struct_def {
     (@align bytes 128 name $name:ident) => {
         struct_def!(@align type Align128 name $name);
     };
-
+    (@align bytes 256 name $name:ident) => {
+        struct_def!(@align type Align256 name $name);
+    };
     (@align bytes 512 name $name:ident) => {
         struct_def!(@align type Align512 name $name);
     };
@@ -875,46 +863,39 @@ struct_def! {
 #[repr(C, align(256))]
 #[cfg_attr(
     feature = "large_array_derive",
-    derive(Clone, Debug, Eq, PartialEq)
+    derive(Clone, Debug, Default, Eq, PartialEq)
 )]
-pub struct ReportMac {
+pub struct ReportMacStruct {
     /// (  0) TEE Report type
     pub report_type: TeeReportType,
     /// (  4) Reserved, must be zero
-    pub reserved1: [u8; REPORT_MAC_STRUCT_RESERVED1_BYTES],
+    pub _reserved1: [u8; REPORT_MAC_STRUCT_RESERVED1_BYTES],
     /// ( 16) Security Version of the CPU
-    pub cpu_svn: [u8; CPU_SVN_SIZE],
+    pub cpusvn: [u8; CPU_SVN_SIZE],
     /// ( 32) SHA384 of TEE_TCB_INFO for TEEs
     pub tee_tcb_info_hash: Sha384Hash,
     /// ( 80) SHA384 of TEE_INFO
     pub tee_info_hash: Sha384Hash,
     /// (128) Data provided by the user
     pub report_data: [u8; REPORT_DATA_SIZE],
     /// (192) Reserved, must be zero
-    pub reserved2: [u8; REPORT_MAC_STRUCT_RESERVED2_BYTES],
+    pub _reserved2: [u8; REPORT_MAC_STRUCT_RESERVED2_BYTES],
     /// (224) The Message Authentication Code over this structure
     pub mac: [u8; TEE_MAC_SIZE],
 }
 }
 
-impl ReportMac {
+impl ReportMacStruct {
     pub const UNPADDED_SIZE: usize = 256;
 
     #[cfg(target_env = "sgx")]
     pub fn verify(&self) -> Result<(), ErrorCode> {
-        everifyreport2(self.as_ref())
+        arch::everifyreport2(self.as_ref())
             // Same as `egetkey` reasoning: unwrap is okay here
             .map_err(|e| ErrorCode::try_from(e).unwrap())
     }
 }
 
-#[cfg(target_env = "sgx")]
-impl AsRef<Align256<[u8; ReportMac::UNPADDED_SIZE]>> for ReportMac {
-    fn as_ref(&self) -> &Align256<[u8; Self::UNPADDED_SIZE]> {
-        unsafe { &*(self as *const _ as *const _) }
-    }
-}
-
 #[test]
 fn test_eq() {
     let mut a = Keyrequest::default();
diff --git a/intel-sgx/sgx-isa/src/tdx.rs b/intel-sgx/sgx-isa/src/tdx.rs
@@ -12,7 +12,10 @@ use crate::arch;
 #[cfg(all(target_env = "sgx", feature = "sgxstd"))]
 use std::os::fortanix_sgx::arch;
 
-use crate::{slice, struct_def, ErrorCode, ReportMac, Sha384Hash};
+use crate::{slice, struct_def, ReportMacStruct, Sha384Hash};
+
+#[cfg(target_env = "sgx")]
+use crate::ErrorCode;
 
 /// SGX Legacy Report Type
 pub const SGX_LEGACY_REPORT_TYPE: usize = 0x0;
@@ -26,7 +29,7 @@ pub const TEE_REPORT2_VERSION: usize = 0x0;
 pub const TEE_REPORT2_VERSION_SERVICETD: usize = 0x1;
 
 // Ensure new type name is backward compatibe
-pub type TdxReportMac = super::ReportMac;
+pub type TdxReportMac = super::ReportMacStruct;
 
 /// Size of a TDX report in bytes.
 pub const TDX_REPORT_SIZE: usize = 1024;
@@ -168,7 +171,7 @@ struct_def! {
     )]
     pub struct TdxReportV1 {
         /// (  0) Report mac struct for SGX report type 2
-        pub report_mac: ReportMac,
+        pub report_mac: ReportMacStruct,
         /// (256) Struct contains details about extra TCB elements not found in CPUSVN
         pub tee_tcb_info: TeeTcbInfo,
         /// (495) Reserved, must be zero

Original file line number	Diff line number	Diff line change
`@@ -289,16 +289,16 @@ impl ::core::fmt::Debug for Keyrequest {`
`289`	`289`	`}`
`290`	`290`	`}`
`291`	`291`
`292`		`-impl ::core::fmt::Debug for ReportMac {`
	`292`	`+impl ::core::fmt::Debug for ReportMacStruct {`
`293`	`293`	`fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result {`
`294`	`294`	`f.debug_struct("ReportMac")`
`295`	`295`	`.field("report_type", &self.report_type)`
`296`		`- .field("reserved1", &self.reserved1)`
	`296`	`+ .field("reserved1", &self._reserved1)`
`297`	`297`	`.field("cpu_svn", &self.cpu_svn)`
`298`	`298`	`.field("tee_tcb_info_hash", &self.tee_tcb_info_hash)`
`299`	`299`	`.field("tee_info_hash", &self.tee_info_hash)`
`300`	`300`	`.field("report_data", &self.report_data)`
`301`		`- .field("reserved2", &self.reserved2)`
	`301`	`+ .field("reserved2", &self._reserved2)`
`302`	`302`	`.field("mac", &self.mac)`
`303`	`303`	`.finish()`
`304`	`304`	`}`