Skip to content

Commit 4a52d19

Browse files
lzha101lzha101
authored
Update KSS bits check in sgx_get_key() (#590)
Signed-off-by: Zhang Lili Z <lili.z.zhang@intel.com>
1 parent 7e15354 commit 4a52d19

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

sdk/selib/sgx_get_key.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ sgx_status_t sgx_get_key(const sgx_key_request_t *key_request, sgx_key_128bit_t
9090
goto CLEANUP;
9191
}
9292
// check key_request->key_policy reserved bits
93-
if(key_request->key_policy & ~(SGX_KEYPOLICY_MRENCLAVE | SGX_KEYPOLICY_MRSIGNER | (KEY_POLICY_KSS)))
93+
if(key_request->key_policy & ~(SGX_KEYPOLICY_MRENCLAVE | SGX_KEYPOLICY_MRSIGNER | (KEY_POLICY_KSS) | SGX_KEYPOLICY_NOISVPRODID))
9494
{
9595
err = SGX_ERROR_INVALID_PARAMETER;
9696
goto CLEANUP;
@@ -99,7 +99,7 @@ sgx_status_t sgx_get_key(const sgx_key_request_t *key_request, sgx_key_128bit_t
9999
// check if KSS flag is disabled but KSS related policy or config_svn is set
100100
report = sgx_self_report();
101101
if (!(report->body.attributes.flags & SGX_FLAGS_KSS) &&
102-
((key_request->key_policy & KEY_POLICY_KSS) || key_request->config_svn > 0))
102+
((key_request->key_policy & (KEY_POLICY_KSS | SGX_KEYPOLICY_NOISVPRODID)) || key_request->config_svn > 0))
103103
{
104104
err = SGX_ERROR_INVALID_PARAMETER;
105105
goto CLEANUP;

0 commit comments

Comments
 (0)