Open shamsasari opened 4 years ago
Thanks for reporting this. You are right. We need to update the check in sgx_get_key() API. Will fix it soon.
As the fix is not included in the latest release, a PR https://github.com/intel/linux-sgx/pull/590 is created to fix this.
sgx_get_key
returnsSGX_ERROR_INVALID_PARAMETER
if theSGX_KEYPOLICY_NOISVPRODID
bit is set in thekey_policy
field.From looking at the code it seems to me the bug is in this line: https://github.com/intel/linux-sgx/blob/4589daddd58bec7367a6a9de3fe301e6de17671a/sdk/selib/sgx_get_key.cpp#L93
SGX_KEYPOLICY_NOISVPRODID
is missing in the check and so it's treated as a reserved bit.Incidentally,
sgx_seal_data_ex
does includeSGX_KEYPOLICY_NOISVPRODID
in its check: https://github.com/intel/linux-sgx/blob/4589daddd58bec7367a6a9de3fe301e6de17671a/sdk/tseal/tSeal.cpp#L96