Vol. 3D 41-39
SGX INSTRUCTION REFERENCES
TMP_KEYDEPENDENCIES.ATTRIBUTES TMP_TOKEN.MASKEDATTRIBUTESLE;
TMP_KEYDEPENDENCIES.ATTRIBUTESMASK 0;
TMP_KEYDEPENDENCIES.MRENCLAVE 0;
TMP_KEYDEPENDENCIES.MRSIGNER IA32_SGXLEPUBKEYHASH;
TMP_KEYDEPENDENCIES.KEYID TMP_TOKEN.KEYID;
TMP_KEYDEPENDENCIES.SEAL_KEY_FUSES CR_SEAL_FUSES;
TMP_KEYDEPENDENCIES.CPUSVN TMP_TOKEN.CPUSVN;
TMP_KEYDEPENDENCIES.MISCSELECT TMP_TOKEN.MASKEDMISCSELECTLE;
TMP_KEYDEPENDENCIES.MISCMASK 0;
TMP_KEYDEPENDENCIES.PADDING HARDCODED_PKCS1_5_PADDING;
(* Calculate the derived key*)
TMP_EINITTOKENKEY derivekey(TMP_KEYDEPENDENCIES);
(* Verify EINITTOKEN was generated using this CPU's Launch key and that it has not been modified since issuing by the Launch
Enclave. Only 192 bytes of EINITOKEN are CMACed *)
IF (TMP_TOKEN.MAC ≠ CMAC(TMP_EINITTOKENKEY, TMP_TOKEN[1535:0] ) )
RFLAG.ZF 1;
RAX SGX_INVALID_EINIT_TOKEN;
GOTO EXIT;
FI;
(* Verify EINITTOKEN (RDX) is for this enclave *)
IF (TMP_TOKEN.MRENCLAVE ≠ TMP_MRENCLAVE) or (TMP_TOKEN.MRSIGNER ≠ TMP_MRSIGNER) )
RFLAG.ZF 1;
RAX SGX_INVALID_MEASUREMENT;
GOTO EXIT;
FI;
(* Verify ATTRIBUTES in EINITTOKEN are the same as the enclave’s *)
IF (TMP_TOKEN.ATTRIBUTES ≠ DS:RCX.ATTRIBUTES)
RFLAG.ZF 1;
RAX SGX_INVALID_EINIT_ATTRIBUTE;
GOTO EXIT;
FI;
COMMIT:
(* Commit changes to the SECS; Set ISVPRODID, ISVSVN, MRSIGNER, INIT ATTRIBUTE fields in SECS (RCX) *)
DS:RCX.MRENCLAVE TMP_MRENCLAVE;
(* MRSIGNER stores a SHA256 in little endian implemented natively on x86 *)
DS:RCX.MRSIGNER TMP_MRSIGNER;
DS:RCX.ISVPRODID TMP_SIG.ISVPRODID;
DS:RCX.ISVSVN TMP_SIG.ISVSVN;
DS:RCX.PADDING TMP_SIG_PADDING;
(* Mark the SECS as initialized *)
Update DS:RCX to initialized;
(* Set RAX and ZF for success*)
RFLAG.ZF 0;
RAX 0;
EXIT:
RFLAGS.CF,PF,AF,OF,SF 0;