Vol. 3D 38-13
ENCLAVE ACCESS CONTROL AND DATA STRUCTURES
In column 5 of Table 38-19, ‘Y’ indicates that this field should be included in the signature generated by the devel-
oper.
38.14 EINIT TOKEN STRUCTURE (EINITTOKEN)
The EINIT token is used by EINIT to verify that the enclave is permitted to launch. EINIT token is generated by an
enclave in possession of the EINITTOKEN key (the Launch Enclave).
EINIT token must be 512-Byte aligned.
Table 38-19. Layout of Enclave Signature Structure (SIGSTRUCT)
Field
OFFSET (Bytes)
Size (Bytes)
Description
Signed
HEADER
0
16
Must be byte stream
06000000E10000000000010000000000H
Y
VENDOR
16
4
Intel Enclave: 00008086H
Non-Intel Enclave: 00000000H
Y
DATE
20
4
Build date is yyyymmdd in hex:
yyyy=4 digit year, mm=1-12, dd=1-31
Y
HEADER2
24
16
Must be byte stream
01010000600000006000000001000000H
Y
SWDEFINED
40
4
Available for software use.
Y
RESERVED
44
84
Must be zero.
Y
MODULUS
128
384
Module Public Key (keylength=3072 bits).
N
EXPONENT
512
4
RSA Exponent = 3.
N
SIGNATURE
516
384
Signature over Header and Body.
N
MISCSELECT*
900
4
Bit vector specifying Extended SSA frame feature set to be
used.
Y
MISCMASK*
904
4
Bit vector mask of MISCSELECT to enforce.
Y
RESERVED
908
20
Must be zero.
Y
ATTRIBUTES
928
16
Enclave Attributes that must be set.
Y
ATTRIBUTEMASK 944
16
Mask of Attributes to enforce.
Y
ENCLAVEHASH
960
32
MRENCLAVE of enclave this structure applies to.
Y
RESERVED
992
32
Must be zero.
Y
ISVPRODID
1024
2
ISV assigned Product ID.
Y
ISVSVN
1026
2
ISV assigned SVN (security version number).
Y
RESERVED
1028
12
Must be zero.
N
Q1
1040
384
Q1 value for RSA Signature Verification.
N
Q2
1424
384
Q2 value for RSA Signature Verification.
N
* If CPUID.(EAX=12H, ECX=0):EBX[31:0] = 0, MISCSELECT must be 0.
If CPUID.(EAX=12H, ECX=0):EBX[31:0] !=0, enclave writers must specify MISCSELECT such that each cleared
bit in MISCMASK must also specify the corresponding bit as 0 in MISCSELECT.