Support KSS on simulation mode (#885)

* Support KSS on simulation mode

Signed-off-by: volcano0dr <volcano_dr@163.com>

Author: volcano0dr

sdk/simulation/tinst/deriv.h

@@ -47,36 +47,48 @@ typedef uint8_t se_owner_epoch_t[OWNEREPOCH_SIZE];
 
 /* Derive data for seal key */
 typedef struct {
-    uint16_t          key_name;        /* should always be 'SGX_KEYSELECT_SEAL' */
-    sgx_attributes_t  tmp_attr;
-    sgx_attributes_t  attribute_mask;  /* attribute mask from KEYREQUEST */
-    se_owner_epoch_t  csr_owner_epoch;
-    sgx_cpu_svn_t     cpu_svn;         /* CPUSVN from KEYREQUEST */
-    sgx_isv_svn_t     isv_svn;         /* ISVSVN from KEYREQUEST */
-    sgx_prod_id_t     isv_prod_id;     /* ISV PRODID from SECS   */
-    sgx_measurement_t mrenclave;
-    sgx_measurement_t mrsigner;
-    sgx_key_id_t      key_id;          /* KEYID from KEYREQUEST  */
+    uint16_t             key_name;        /* should always be 'SGX_KEYSELECT_SEAL' */
+    uint16_t             key_policy;      /* Key policy from KEYREQUEST */
+    sgx_attributes_t     tmp_attr;
+    sgx_attributes_t     attribute_mask;  /* attribute mask from KEYREQUEST */
+    sgx_misc_select_t    tmp_misc;
+    sgx_misc_select_t    misc_mask;       /* MiscSelect mask form KEYREQUEST */
+    se_owner_epoch_t     csr_owner_epoch;
+    sgx_cpu_svn_t        cpu_svn;         /* CPUSVN from KEYREQUEST */
+    sgx_isv_svn_t        isv_svn;         /* ISVSVN from KEYREQUEST */
+    sgx_prod_id_t        isv_prod_id;     /* ISV PRODID from SECS   */
+    sgx_config_svn_t     config_svn;      /* CONFIGSVN from KEYREQUEST */
+    sgx_config_id_t      config_id;       /* CONFIGID from SECS      */
+    sgx_isvfamily_id_t   isv_family_id;   /* ISV FAMILYID from SECS  */
+    sgx_isvext_prod_id_t isv_ext_prod_id; /* ISV EXTPRODID from SECS */
+    sgx_measurement_t    mrenclave;
+    sgx_measurement_t    mrsigner;
+    sgx_key_id_t         key_id;          /* KEYID from KEYREQUEST  */
 } dd_seal_key_t;
 
 /* Derive data for report key */
 typedef struct {
     uint16_t          key_name;        /* should always be 'SGX_KEYSELECT_REPORT' */
     sgx_attributes_t  attributes;      /* attributes from SECS */
+    sgx_misc_select_t misc_select;     /* MiscSelect from SECS */
     se_owner_epoch_t  csr_owner_epoch;
     sgx_measurement_t mrenclave;
     sgx_cpu_svn_t     cpu_svn;         /* CPUSVN from CPUSVN register */
+    sgx_config_svn_t  config_svn;      /* CONFIGSVN from SECS */
+    sgx_config_id_t   config_id;       /* CONFIGID from SECS  */
     sgx_key_id_t      key_id;          /* KEYID from KEYREQUEST */
 } dd_report_key_t;
 
 /* Derive data for license key */
 typedef struct {
     uint16_t          key_name;        /* should always be 'SGX_KEYSELECT_EINITTOKEN' */
-    sgx_attributes_t  attributes;      /* attributes from SECS */
+    sgx_attributes_t  tmp_attr;
+    sgx_misc_select_t tmp_misc;
     se_owner_epoch_t  csr_owner_epoch;
     sgx_cpu_svn_t     cpu_svn;         /* CPUSVN from KEYREQUEST */
     sgx_isv_svn_t     isv_svn;         /* ISVSVN from KEYREQUEST */
     sgx_prod_id_t     isv_prod_id;     /* ISV PRODID from SECS   */
+    sgx_measurement_t mrsigner;
     sgx_key_id_t      key_id;          /* KEYID from KEYREQUEST  */
 } dd_license_key_t;
 
@@ -85,25 +97,46 @@ typedef struct {
     uint16_t          key_name;        /* should always be 'SGX_KEYSELECT_PROVISION' */
     sgx_attributes_t  tmp_attr;
     sgx_attributes_t  attribute_mask;  /* attribute mask from KEYREQUEST */
+    sgx_misc_select_t tmp_misc;
+    sgx_misc_select_t misc_mask;       /* MiscSelect mask form KEYREQUEST */
     sgx_cpu_svn_t     cpu_svn;         /* CPUSVN from KEYREQUEST */
     sgx_isv_svn_t     isv_svn;         /* ISVSVN from KEYREQUEST */
     sgx_prod_id_t     isv_prod_id;     /* ISV PRODID from SECS   */
     sgx_measurement_t mrsigner;
 } dd_provision_key_t;
 
+/* Derive data for provision seal key */
+typedef struct {
+    uint16_t             key_name;        /* should always be 'SGX_KEYSELECT_SEAL' */
+    uint16_t             key_policy;      /* Key policy from KEYREQUEST */
+    sgx_attributes_t     tmp_attr;
+    sgx_attributes_t     attribute_mask;  /* attribute mask from KEYREQUEST */
+    sgx_misc_select_t    tmp_misc;
+    sgx_misc_select_t    misc_mask;       /* MiscSelect mask form KEYREQUEST */
+    sgx_cpu_svn_t        cpu_svn;         /* CPUSVN from KEYREQUEST */
+    sgx_isv_svn_t        isv_svn;         /* ISVSVN from KEYREQUEST */
+    sgx_prod_id_t        isv_prod_id;     /* ISV PRODID from SECS   */
+    sgx_config_svn_t     config_svn;      /* CONFIGSVN from KEYREQUEST */
+    sgx_config_id_t      config_id;       /* CONFIGID from SECS      */
+    sgx_isvfamily_id_t   isv_family_id;   /* ISV FAMILYID from SECS  */
+    sgx_isvext_prod_id_t isv_ext_prod_id; /* ISV EXTPRODID from SECS */
+    sgx_measurement_t    mrsigner;
+} dd_provision_seal_key_t;
+
 /* The derivation data. */
 typedef struct {
     int size;    /* the size of derivation data */
 
     union {
         /* key_name is the first field of all the following derivation data */
-        uint16_t            key_name;
-        uint8_t             ddbuf[1];
-
-        dd_seal_key_t       ddsk;
-        dd_report_key_t     ddrk;
-        dd_license_key_t    ddlk;
-        dd_provision_key_t  ddpk;
+        uint16_t                key_name;
+        uint8_t                 ddbuf[1];
+
+        dd_seal_key_t           ddsk;
+        dd_report_key_t         ddrk;
+        dd_license_key_t        ddlk;
+        dd_provision_key_t      ddpk;
+        dd_provision_seal_key_t ddpsk;
     };
 } derivation_data_t;
 

sdk/simulation/tinst/rts_sim.h

@@ -59,6 +59,12 @@ const sgx_cpu_svn_t DOWNGRADED_CPUSVN = {
     }
 };
 
+// use secs->reserved4 field to save isv_family_id and isv_ext_prod_id.
+typedef struct _isv_ext_id_t
+{
+    sgx_isvfamily_id_t isv_family_id;      /* ISV assigned Family ID */
+    sgx_isvext_prod_id_t isv_ext_prod_id;  /* ISV assigned Extended Product ID */
+} isv_ext_id_t;
 
 typedef struct _global_data_sim_t
 {

sdk/simulation/tinst/t_instructions.cpp

@@ -87,6 +87,13 @@ static const se_owner_epoch_t SIMU_OWNER_EPOCH_MSR = {
     }                                           \
 } while(0)
 
+#define check_config_svn(kr, secs) do {    \
+    if (kr->config_svn > secs->config_svn) {  \
+        return EGETKEY_INVALID_ISVSVN;  \
+    }                                   \
+} while(0)
+
+#define KEY_POLICY_KSS (SGX_KEYPOLICY_CONFIGID | SGX_KEYPOLICY_ISVFAMILYID | SGX_KEYPOLICY_ISVEXTPRODID)
 
 // The hardware EGETKEY instruction will set ZF on failure.
 //
@@ -112,7 +119,7 @@ static int _EGETKEY(sgx_key_request_t* kr, sgx_key_128bit_t okey)
     GP_ON(!sgx_is_within_enclave(okey, sizeof(sgx_key_128bit_t)));
 
     // check reserved bits are not set
-    GP_ON((kr->key_policy & ~(SGX_KEYPOLICY_MRENCLAVE | SGX_KEYPOLICY_MRSIGNER)) != 0);
+    GP_ON((kr->key_policy & ~(SGX_KEYPOLICY_MRENCLAVE | SGX_KEYPOLICY_MRSIGNER | KEY_POLICY_KSS | SGX_KEYPOLICY_NOISVPRODID)) != 0);
 
     // check to see if reserved space in KEYREQUEST are valid
     const uint8_t* u8ptr = (uint8_t *)(&(kr->reserved1));
@@ -124,7 +131,13 @@ static int _EGETKEY(sgx_key_request_t* kr, sgx_key_128bit_t okey)
         GP_ON(u8ptr[i] != (uint8_t)0);
 
     secs_t*             cur_secs = g_global_data_sim.secs_ptr;
+    isv_ext_id_t*       isv_ext_id = reinterpret_cast<isv_ext_id_t *>(cur_secs->reserved4);
+
+    GP_ON(!(cur_secs->attributes.flags & SGX_FLAGS_KSS) &&
+        ((kr->key_policy & (KEY_POLICY_KSS | SGX_KEYPOLICY_NOISVPRODID)) ||kr->config_svn > 0));
+
     sgx_attributes_t    tmp_attr;
+    sgx_misc_select_t   tmp_misc;
     derivation_data_t   dd;
 
     memset(&dd, 0, sizeof(dd));
@@ -136,6 +149,8 @@ static int _EGETKEY(sgx_key_request_t* kr, sgx_key_128bit_t okey)
     tmp_attr.flags = kr->attribute_mask.flags | SGX_FLAGS_INITTED | SGX_FLAGS_DEBUG;
     tmp_attr.flags &= cur_secs->attributes.flags;
     tmp_attr.xfrm = kr->attribute_mask.xfrm & cur_secs->attributes.xfrm;
+    // Compute MISCSELECT fields to be included in the key.
+    tmp_misc = kr->misc_mask & cur_secs->misc_select;
     // HW supports CPUSVN to be set as 0. 
     // To be consistent with HW behaviour, we replace the cpusvn as DEFAULT_CPUSVN if the input cpusvn is 0.
     if(!memcmp(&kr->cpu_svn, &dd.ddpk.cpu_svn, sizeof(sgx_cpu_svn_t)))
@@ -146,10 +161,12 @@ static int _EGETKEY(sgx_key_request_t* kr, sgx_key_128bit_t okey)
     switch (kr->key_name) {
     case SGX_KEYSELECT_SEAL:
         check_isv_svn(kr, cur_secs);
+        check_config_svn(kr, cur_secs);
         check_cpu_svn(kr);
 
         // assemble derivation data
         dd.size = sizeof(dd_seal_key_t);
+        dd.ddsk.key_policy = kr->key_policy;
         if (kr->key_policy & SGX_KEYPOLICY_MRENCLAVE) {
             memcpy(&dd.ddsk.mrenclave, &cur_secs->mr_enclave, sizeof(sgx_measurement_t));
         }
@@ -158,22 +175,42 @@ static int _EGETKEY(sgx_key_request_t* kr, sgx_key_128bit_t okey)
             memcpy(&dd.ddsk.mrsigner, &cur_secs->mr_signer, sizeof(sgx_measurement_t));
         }
 
+        if (kr->key_policy & SGX_KEYPOLICY_ISVFAMILYID) {
+            memcpy(&dd.ddsk.isv_family_id, &isv_ext_id->isv_family_id, sizeof(sgx_isvfamily_id_t));
+        }
+
+        if (kr->key_policy & SGX_KEYPOLICY_ISVEXTPRODID) {
+            memcpy(&dd.ddsk.isv_ext_prod_id, &isv_ext_id->isv_ext_prod_id, sizeof(sgx_isvext_prod_id_t));
+        }
+
+        if (kr->key_policy & SGX_KEYPOLICY_CONFIGID) {
+            dd.ddsk.config_svn = kr->config_svn;
+            memcpy(&dd.ddsk.config_id, &cur_secs->config_id, sizeof(sgx_config_id_t));
+        }
+
         memcpy(&dd.ddsk.tmp_attr, &tmp_attr, sizeof(sgx_attributes_t));
         memcpy(&dd.ddsk.attribute_mask, &kr->attribute_mask, sizeof(sgx_attributes_t));
+        dd.ddsk.tmp_misc = tmp_misc;
+        dd.ddsk.misc_mask = ~kr->misc_mask;
         memcpy(dd.ddsk.csr_owner_epoch, SIMU_OWNER_EPOCH_MSR, sizeof(se_owner_epoch_t));
         memcpy(&dd.ddsk.cpu_svn,&kr->cpu_svn,sizeof(sgx_cpu_svn_t));
         dd.ddsk.isv_svn = kr->isv_svn;
-        dd.ddsk.isv_prod_id = cur_secs->isv_prod_id;
+        if (!(kr->key_policy & SGX_KEYPOLICY_NOISVPRODID)) {
+             dd.ddsk.isv_prod_id = cur_secs->isv_prod_id;
+        }
         memcpy(&dd.ddsk.key_id, &kr->key_id, sizeof(sgx_key_id_t));
         break;
 
     case SGX_KEYSELECT_REPORT:
         // assemble derivation data
         dd.size = sizeof(dd_report_key_t);
         memcpy(&dd.ddrk.attributes, &cur_secs->attributes, sizeof(sgx_attributes_t));
+        dd.ddrk.misc_select = cur_secs->misc_select;
         memcpy(dd.ddrk.csr_owner_epoch, SIMU_OWNER_EPOCH_MSR, sizeof(se_owner_epoch_t));
         memcpy(&dd.ddrk.cpu_svn,&(g_global_data_sim.cpusvn_sim),sizeof(sgx_cpu_svn_t));
         memcpy(&dd.ddrk.mrenclave, &cur_secs->mr_enclave, sizeof(sgx_measurement_t));
+        dd.ddrk.config_svn = cur_secs->config_svn;
+        memcpy(&dd.ddrk.config_id, &cur_secs->config_id, sizeof(sgx_config_id_t));
         memcpy(&dd.ddrk.key_id, &kr->key_id, sizeof(sgx_key_id_t));
         break;
 
@@ -184,16 +221,17 @@ static int _EGETKEY(sgx_key_request_t* kr, sgx_key_128bit_t okey)
 
         // assemble derivation data
         dd.size = sizeof(dd_license_key_t);
-        memcpy(&dd.ddlk.attributes, &cur_secs->attributes, sizeof(sgx_attributes_t));
+        memcpy(&dd.ddlk.tmp_attr, &tmp_attr, sizeof(sgx_attributes_t));
+        dd.ddlk.tmp_misc = tmp_misc;
         memcpy(dd.ddlk.csr_owner_epoch, SIMU_OWNER_EPOCH_MSR, sizeof(se_owner_epoch_t));
         memcpy(&dd.ddlk.cpu_svn,&kr->cpu_svn,sizeof(sgx_cpu_svn_t));
         dd.ddlk.isv_svn = kr->isv_svn;
         dd.ddlk.isv_prod_id = cur_secs->isv_prod_id;
+        memcpy(&dd.ddlk.mrsigner, &cur_secs->mr_signer, sizeof(sgx_measurement_t));
         memcpy(&dd.ddlk.key_id, &kr->key_id, sizeof(sgx_key_id_t));
         break;
 
-    case SGX_KEYSELECT_PROVISION:       // Pass through. Only key_name differs.
-    case SGX_KEYSELECT_PROVISION_SEAL:
+    case SGX_KEYSELECT_PROVISION:
         check_attr_flag(cur_secs, SGX_FLAGS_PROVISION_KEY);
         check_isv_svn(kr, cur_secs);
         check_cpu_svn(kr);
@@ -202,11 +240,46 @@ static int _EGETKEY(sgx_key_request_t* kr, sgx_key_128bit_t okey)
         dd.size = sizeof(dd_provision_key_t);
         memcpy(&dd.ddpk.tmp_attr, &tmp_attr, sizeof(sgx_attributes_t));
         memcpy(&dd.ddpk.attribute_mask, &kr->attribute_mask, sizeof(sgx_attributes_t));
+        dd.ddpk.tmp_misc = tmp_misc;
+        dd.ddpk.misc_mask = ~kr->misc_mask;
         memcpy(&dd.ddpk.cpu_svn,&kr->cpu_svn,sizeof(sgx_cpu_svn_t));
         dd.ddpk.isv_svn = kr->isv_svn;
         dd.ddpk.isv_prod_id = cur_secs->isv_prod_id;
         memcpy(&dd.ddpk.mrsigner, &cur_secs->mr_signer, sizeof(sgx_measurement_t));
         break;
+    case SGX_KEYSELECT_PROVISION_SEAL:
+        check_attr_flag(cur_secs, SGX_FLAGS_PROVISION_KEY);
+        check_isv_svn(kr, cur_secs);
+        check_config_svn(kr, cur_secs);
+        check_cpu_svn(kr);
+
+        // assemble derivation data
+        dd.size = sizeof(dd_provision_seal_key_t);
+        dd.ddpsk.key_policy = kr->key_policy;
+        if (kr->key_policy & SGX_KEYPOLICY_ISVFAMILYID) {
+            memcpy(&dd.ddpsk.isv_family_id, &isv_ext_id->isv_family_id, sizeof(sgx_isvfamily_id_t));
+        }
+
+        if (kr->key_policy & SGX_KEYPOLICY_ISVEXTPRODID) {
+            memcpy(&dd.ddpsk.isv_ext_prod_id, &isv_ext_id->isv_ext_prod_id, sizeof(sgx_isvext_prod_id_t));
+        }
+
+        if (kr->key_policy & SGX_KEYPOLICY_CONFIGID) {
+            dd.ddpsk.config_svn = kr->config_svn;
+            memcpy(&dd.ddpsk.config_id, &cur_secs->config_id, sizeof(sgx_config_id_t));
+        }
+
+        memcpy(&dd.ddpsk.tmp_attr, &tmp_attr, sizeof(sgx_attributes_t));
+        memcpy(&dd.ddpsk.attribute_mask, &kr->attribute_mask, sizeof(sgx_attributes_t));
+        dd.ddpsk.tmp_misc = tmp_misc;
+        dd.ddpsk.misc_mask = ~kr->misc_mask;
+        memcpy(&dd.ddpsk.cpu_svn,&kr->cpu_svn,sizeof(sgx_cpu_svn_t));
+        dd.ddpsk.isv_svn = kr->isv_svn;
+        if (!(kr->key_policy & SGX_KEYPOLICY_NOISVPRODID)) {
+             dd.ddpsk.isv_prod_id = cur_secs->isv_prod_id;
+        }
+        memcpy(&dd.ddpsk.mrsigner, &cur_secs->mr_signer, sizeof(sgx_measurement_t));
+        break;
 
     default:
         return EGETKEY_INVALID_KEYNAME;
@@ -241,13 +314,19 @@ static void _EREPORT(const sgx_target_info_t* ti, const sgx_report_data_t* rd, s
     GP_ON(!sgx_is_within_enclave(report, sizeof(sgx_report_t)));
 
     secs_t*     cur_secs = g_global_data_sim.secs_ptr;
+    isv_ext_id_t* isv_ext_id = reinterpret_cast<isv_ext_id_t *>(cur_secs->reserved4);
     SE_DECLSPEC_ALIGN(REPORT_ALIGN_SIZE) sgx_report_t tmp_report;
 
     // assemble REPORT Data
     memset(&tmp_report, 0, sizeof(tmp_report));
     memcpy(&tmp_report.body.cpu_svn,&(g_global_data_sim.cpusvn_sim),sizeof(sgx_cpu_svn_t));
+    tmp_report.body.misc_select = cur_secs->misc_select;
     tmp_report.body.isv_prod_id = cur_secs->isv_prod_id;
     tmp_report.body.isv_svn = cur_secs->isv_svn;
+    tmp_report.body.config_svn = cur_secs->config_svn;
+    memcpy(&tmp_report.body.isv_family_id, &isv_ext_id->isv_family_id, sizeof(sgx_isvfamily_id_t));
+    memcpy(&tmp_report.body.isv_ext_prod_id, &isv_ext_id->isv_ext_prod_id, sizeof(sgx_isvext_prod_id_t));
+    memcpy(&tmp_report.body.config_id, &cur_secs->config_id, sizeof(sgx_config_id_t));
     memcpy(&tmp_report.body.attributes, &cur_secs->attributes, sizeof(sgx_attributes_t));
     memcpy(&tmp_report.body.report_data, rd, sizeof(sgx_report_data_t));
     memcpy(&tmp_report.body.mr_enclave, &cur_secs->mr_enclave, sizeof(sgx_measurement_t));
@@ -265,6 +344,9 @@ static void _EREPORT(const sgx_target_info_t* ti, const sgx_report_data_t* rd, s
     memcpy(dd.ddrk.csr_owner_epoch, SIMU_OWNER_EPOCH_MSR, sizeof(se_owner_epoch_t));
     memcpy(&dd.ddrk.cpu_svn,&(g_global_data_sim.cpusvn_sim),sizeof(sgx_cpu_svn_t));
     memcpy(&dd.ddrk.key_id, &tmp_report.key_id, sizeof(sgx_key_id_t));
+    memcpy(&dd.ddrk.config_id, &ti->config_id, sizeof(sgx_config_id_t));
+    dd.ddrk.config_svn = ti->config_svn;
+    dd.ddrk.misc_select = ti->misc_select;
 
     // calculate the derived key
     sgx_key_128bit_t tmp_report_key;

sdk/simulation/uinst/Makefile

@@ -43,6 +43,7 @@ CPPFLAGS += -I$(COMMON_DIR)/inc/         \
             -I$(COMMON_DIR)/inc/internal \
             -I$(SIM_DIR)/assembly/       \
             -I$(SIM_DIR)/assembly/linux  \
+            -I$(SIM_DIR)/tinst/            \
             -I$(LINUX_PSW_DIR)/urts      \
             -I$(LINUX_PSW_DIR)/urts/linux
 

sdk/simulation/uinst/u_instructions.cpp

@@ -52,6 +52,7 @@
 #include "sgxsim.h"
 #include "enclave_mngr.h"
 #include "u_instructions.h"
+#include "rts_sim.h"
 
 #include "crypto_wrapper.h"
 
@@ -277,10 +278,23 @@ uintptr_t _EINIT(secs_t* secs, enclave_css_t *css, token_t *launch)
             return SGX_ERROR_INVALID_ATTRIBUTE;
         }
 
+        isv_ext_id_t* isv_ext_id = reinterpret_cast<isv_ext_id_t *>(this_secs->reserved4);
+        if (!(this_secs->attributes.flags & SGX_FLAGS_KSS))
+        {
+            const uint8_t* u8ptr = (uint8_t *)(&(css->body.isv_family_id));
+            for (unsigned i = 0; i < sizeof(css->body.isv_family_id); ++i)
+                if (u8ptr[i] != (uint8_t)0) return SGX_ERROR_INVALID_SIGNATURE;
+
+            u8ptr = (uint8_t *)(&(css->body.isvext_prod_id));
+            for (unsigned i = 0; i < sizeof(css->body.isvext_prod_id); ++i)
+                if (u8ptr[i] != (uint8_t)0) return SGX_ERROR_INVALID_SIGNATURE;
+        }
+
         mcp_same_size(&this_secs->mr_enclave, &css->body.enclave_hash, sizeof(sgx_measurement_t));
         this_secs->isv_prod_id = css->body.isv_prod_id;
         this_secs->isv_svn = css->body.isv_svn;
-        
+        mcp_same_size(&isv_ext_id->isv_family_id, &css->body.isv_family_id, sizeof(sgx_isvfamily_id_t));
+        mcp_same_size(&isv_ext_id->isv_ext_prod_id, &css->body.isvext_prod_id, sizeof(sgx_isvext_prod_id_t));
         uint8_t signer[SGX_HASH_SIZE] = {0};
         unsigned int signer_len = SGX_HASH_SIZE;
         sgx_status_t ret = sgx_EVP_Digest(EVP_sha256(), css->key.modulus, SE_KEY_SIZE, signer, &signer_len);
@@ -324,6 +338,13 @@ uintptr_t _ECREATE(page_info_t* pi)
     // Enclave size must be at least 2 pages and a power of 2.
     GP_ON(!is_power_of_two((size_t)secs->size));
     GP_ON(secs->size < (SE_PAGE_SIZE << 1));
+    if(!(secs->attributes.flags & SGX_FLAGS_KSS))
+    {
+        GP_ON(secs->config_svn != 0);
+        const uint8_t* u8ptr = (uint8_t *)(&(secs->config_id));
+        for (unsigned i = 0; i < sizeof(secs->config_id); ++i)
+            GP_ON(u8ptr[i] != (uint8_t)0);
+    }
 
     CEnclaveSim* ce = new CEnclaveSim(secs);
     void*   addr;