Open AdrianCX opened 4 years ago
The two interfaces GetSupportedAttKeyIDNum
and GetSupportedAttKeyIDs
only return the supported key id associated with installed quoting enclave but don't verify or guarantee that quoting enclave even SGX can work.
That's not a very useful API then.
As per title, ECDSA key ID is returned even when not-supported. This leads to to failure in init_quote_ex if it's used on unsupported hardware. It works if it's used on supported hardware.
Should key be returned in this case? (operation is GetSupportedAttKeyIDs...)
Failure when ECDSA key ID returned by GetSupportedAttKeyIDsResponse is used in InitQuoteRequest (on unsupported hardware):
Where error 4004 is defined in: https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_error.h
Operations are from protobuf: https://github.com/intel/linux-sgx/blob/master/psw/ae/aesm_service/source/core/ipc/messages.proto
Getting data is via: GetSupportedAttKeyIDsRequest / GetSupportedAttKeyIDsResponse. This returns following data:
Structure: sgx_att_key_id_ext_t from: https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_quote.h
Data - identical on both supported and unsupported hardware: