41-38 Vol. 3D
SGX INSTRUCTION REFERENCES
IF ( (DS:RCX.ATTRIBUTES & TMP_SIG.ATTRIBUTEMASK) ≠ (TMP_SIG.ATTRIBUTE & TMP_SIG.ATTRIBUTEMASK) )
RFLAG.ZF 1;
RAX SGX_INVALID_ATTRIBUTE;
GOTO EXIT;
FI;
( *Verify SIGSTRUCT.MISCSELECT requirements are met *)
IF ( (DS:RCX.MISCSELECT & TMP_SIG.MISCMASK) ≠ (TMP_SIG.MISCSELECT & TMP_SIG.MISCMASK) )
THEN
RFLAGS.ZF 1;
RAX SGX_INVALID_ATTRIBUTE;
GOTO EXIT
FI;
(* if EINITTOKEN.VALID[0] is 0, verify the enclave is signed by an authorized key *)
IF (TMP_TOKEN.VALID[0] = 0)
IF (TMP_MRSIGNER ≠ IA32_SGXLEPUBKEYHASH)
RFLAG.ZF 1;
RAX SGX_INVALID_EINITTOKEN;
GOTO EXIT;
FI;
GOTO COMMIT;
FI;
(* Debug Launch Enclave cannot launch Production Enclaves *)
IF ( (DS:RDX.MASKEDATTRIBUTESLE.DEBUG = 1) and (DS:RCX.ATTRIBUTES.DEBUG = 0) )
RFLAG.ZF 1;
RAX SGX_INVALID_EINITTOKEN;
GOTO EXIT;
FI;
(* Check reserve space in EINIT token includes reserved regions and upper bits in valid field *)
IF (TMP_TOKEN reserved space is not clear)
RFLAG.ZF 1;
RAX SGX_INVALID_EINITTOKEN;
GOTO EXIT;
FI;
(* EINIT token must be ≤ CR_CPUSVN *)
IF (TMP_TOKEN.CPUSVN > CR_CPUSVN)
RFLAG.ZF 1;
RAX SGX_INVALID_CPUSVN;
GOTO EXIT;
FI;
(* Derive Launch key used to calculate EINITTOKEN.MAC *)
HARDCODED_PKCS1_5_PADDING[15:0] 0100H;
HARDCODED_PKCS1_5_PADDING[2655:16] SignExtend330Byte(-1); // 330 bytes of 0FFH
HARDCODED_PKCS1_5_PADDING[2815:2656] 2004000501020403650148866009060D30313000H;
TMP_KEYDEPENDENCIES.KEYNAME EINITTOKEN_KEY;
TMP_KEYDEPENDENCIES.ISVPRODID TMP_TOKEN.ISVPRODIDLE;
TMP_KEYDEPENDENCIES.ISVSVN TMP_TOKEN.ISVSVN;
TMP_KEYDEPENDENCIES.OWNEREPOCH CSR_SGXOWNEREPOCH;