Vol. 3D 41-39

SGX INSTRUCTION REFERENCES

TMP_KEYDEPENDENCIES.ATTRIBUTES  TMP_TOKEN.MASKEDATTRIBUTESLE;
TMP_KEYDEPENDENCIES.ATTRIBUTESMASK  0;
TMP_KEYDEPENDENCIES.MRENCLAVE  0;
TMP_KEYDEPENDENCIES.MRSIGNER  IA32_SGXLEPUBKEYHASH;
TMP_KEYDEPENDENCIES.KEYID  TMP_TOKEN.KEYID;
TMP_KEYDEPENDENCIES.SEAL_KEY_FUSES  CR_SEAL_FUSES;
TMP_KEYDEPENDENCIES.CPUSVN  TMP_TOKEN.CPUSVN;
TMP_KEYDEPENDENCIES.MISCSELECT  TMP_TOKEN.MASKEDMISCSELECTLE;
TMP_KEYDEPENDENCIES.MISCMASK  0;
TMP_KEYDEPENDENCIES.PADDING  HARDCODED_PKCS1_5_PADDING;

(* Calculate the derived key*) 
TMP_EINITTOKENKEY  derivekey(TMP_KEYDEPENDENCIES);

(* Verify EINITTOKEN was generated using this CPU's Launch key and that it has not been modified since issuing by the Launch 

Enclave. Only 192 bytes of EINITOKEN are CMACed *)
IF (TMP_TOKEN.MAC ≠ CMAC(TMP_EINITTOKENKEY, TMP_TOKEN[1535:0] ) )

RFLAG.ZF  1;
RAX  SGX_INVALID_EINIT_TOKEN;
GOTO EXIT;

FI;

(* Verify EINITTOKEN (RDX) is for this enclave *)
IF (TMP_TOKEN.MRENCLAVE ≠ TMP_MRENCLAVE) or (TMP_TOKEN.MRSIGNER ≠ TMP_MRSIGNER) )

RFLAG.ZF  1;
RAX  SGX_INVALID_MEASUREMENT;
GOTO EXIT;

FI;

(* Verify ATTRIBUTES in EINITTOKEN are the same as the enclave’s *)
IF (TMP_TOKEN.ATTRIBUTES ≠ DS:RCX.ATTRIBUTES)

RFLAG.ZF  1;
RAX  SGX_INVALID_EINIT_ATTRIBUTE;
GOTO EXIT;

FI;

COMMIT:
(* Commit changes to the SECS; Set ISVPRODID, ISVSVN, MRSIGNER, INIT ATTRIBUTE fields in SECS (RCX) *) 
DS:RCX.MRENCLAVE  TMP_MRENCLAVE;
(* MRSIGNER stores a SHA256 in little endian implemented natively on x86 *) 
DS:RCX.MRSIGNER  TMP_MRSIGNER;
DS:RCX.ISVPRODID  TMP_SIG.ISVPRODID;
DS:RCX.ISVSVN  TMP_SIG.ISVSVN;
DS:RCX.PADDING  TMP_SIG_PADDING;

(* Mark the SECS as initialized *)
Update DS:RCX to initialized;

(* Set RAX and ZF for success*) 

RFLAG.ZF  0;
RAX  0;

EXIT:
RFLAGS.CF,PF,AF,OF,SF  0;