Vol. 3D 41-37

SGX INSTRUCTION REFERENCES

(TMP_SIG.EXPONENT   ≠ 00000003h) or (Reserved space is not 0’s) )
THEN 

RFLAGS.ZF  1;
RAX  SGX_INVALID_SIG_STRUCT;
GOTO EXIT;

FI;

(* Open “Event Window” Check for Interrupts. Verify signature using embedded public key, q1, and q2. Save upper 352 bytes of the 

PKCS1.5 encoded message into the TMP_SIG_PADDING*)
IF (interrupt was pending) {

RFLAG.ZF  1;
RAX  SGX_UNMASKED_EVENT;
GOTO EXIT;

FI
IF (signature failed to verify) {

RFLAG.ZF  1;
RAX  SGX_INVALID_SIGNATURE;
GOTO EXIT;

FI;
(*Close “Event Window” *)

(* make sure no other Intel SGX instruction is modifying SECS*)
IF (Other instructions modifying SECS) 

THEN #GP(0); FI;

IF ( (EPCM(DS:RCX). VALID = 0) or (EPCM(DS:RCX).PT ≠ PT_SECS) )

THEN #PF(DS:RCX); FI;

(* make sure no other instruction is accessing MRENCLAVE or ATTRIBUETS.INIT *) 
IF ( (Other instruction modifying MRENCLAVE) or (Other instructions modifying the SECS’s Initialized state)) 

THEN #GP(0); FI;

(* Calculate finalized version of MRENCLAVE *)
(* SHA256 algorithm requires one last update that compresses the length of the hashed message into the output SHA256 digest *)
TMP_ENCLAVE SHA256FINAL( (DS:RCX).MRENCLAVE, enclave’s MRENCLAVE update count *512);

(* Verify MRENCLAVE from SIGSTRUCT *)
IF (TMP_SIG.ENCLAVEHASH ≠ TMP_MRENCLAVE)

RFLAG.ZF  1;
RAX  SGX_INVALID_MEASUREMENT;
GOTO EXIT;

FI;

TMP_MRSIGNER  SHA256(TMP_SIG.MODULUS)

(* if controlled ATTRIBUTES are set, SIGSTRUCT must be signed using an authorized key *)
CONTROLLED_ATTRIBUTES  0000000000000020H;
IF ( ( (DS:RCX.ATTRIBUTES & CONTROLLED_ATTRIBUTES) ≠ 0) and (TMP_MRSIGNER ≠ IA32_SGXLEPUBKEYHASH) )

RFLAG.ZF  1;
RAX  SGX_INVALID_ATTRIBUTE;
GOTO EXIT;

FI;

(* Verify SIGSTRUCT.ATTRIBUTE requirements are met *)