Vol. 3D 41-37
SGX INSTRUCTION REFERENCES
(TMP_SIG.EXPONENT ≠ 00000003h) or (Reserved space is not 0’s) )
THEN
RFLAGS.ZF 1;
RAX SGX_INVALID_SIG_STRUCT;
GOTO EXIT;
FI;
(* Open “Event Window” Check for Interrupts. Verify signature using embedded public key, q1, and q2. Save upper 352 bytes of the
PKCS1.5 encoded message into the TMP_SIG_PADDING*)
IF (interrupt was pending) {
RFLAG.ZF 1;
RAX SGX_UNMASKED_EVENT;
GOTO EXIT;
FI
IF (signature failed to verify) {
RFLAG.ZF 1;
RAX SGX_INVALID_SIGNATURE;
GOTO EXIT;
FI;
(*Close “Event Window” *)
(* make sure no other Intel SGX instruction is modifying SECS*)
IF (Other instructions modifying SECS)
THEN #GP(0); FI;
IF ( (EPCM(DS:RCX). VALID = 0) or (EPCM(DS:RCX).PT ≠ PT_SECS) )
THEN #PF(DS:RCX); FI;
(* make sure no other instruction is accessing MRENCLAVE or ATTRIBUETS.INIT *)
IF ( (Other instruction modifying MRENCLAVE) or (Other instructions modifying the SECS’s Initialized state))
THEN #GP(0); FI;
(* Calculate finalized version of MRENCLAVE *)
(* SHA256 algorithm requires one last update that compresses the length of the hashed message into the output SHA256 digest *)
TMP_ENCLAVE SHA256FINAL( (DS:RCX).MRENCLAVE, enclave’s MRENCLAVE update count *512);
(* Verify MRENCLAVE from SIGSTRUCT *)
IF (TMP_SIG.ENCLAVEHASH ≠ TMP_MRENCLAVE)
RFLAG.ZF 1;
RAX SGX_INVALID_MEASUREMENT;
GOTO EXIT;
FI;
TMP_MRSIGNER SHA256(TMP_SIG.MODULUS)
(* if controlled ATTRIBUTES are set, SIGSTRUCT must be signed using an authorized key *)
CONTROLLED_ATTRIBUTES 0000000000000020H;
IF ( ( (DS:RCX.ATTRIBUTES & CONTROLLED_ATTRIBUTES) ≠ 0) and (TMP_MRSIGNER ≠ IA32_SGXLEPUBKEYHASH) )
RFLAG.ZF 1;
RAX SGX_INVALID_ATTRIBUTE;
GOTO EXIT;
FI;
(* Verify SIGSTRUCT.ATTRIBUTE requirements are met *)